fix(setup): load .env so a pre-seeded admin password is honored on native installs (#4787)

setup.py read ODYSSEUS_ADMIN_USER / ODYSSEUS_ADMIN_PASSWORD via os.getenv() but never loaded .env, so on native Linux/macOS installs a password pre-seeded in .env (documented in docs/setup.md and .env.example) was silently ignored and a random one generated, breaking the first login. Docker was unaffected because compose passes the vars into the container env. Call load_dotenv(BASE_DIR/.env, encoding="utf-8-sig") at the top of main(), mirroring app.py (utf-8-sig tolerates a Notepad UTF-8 BOM). load_dotenv does not override already-exported OS vars, so the existing precedence is kept. python-dotenv is already a required dependency. Adds a regression test that pre-seeds credentials only in .env (not the shell) and asserts the stored bcrypt hash matches the pre-seeded password. Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-23 21:25:33 -04:00 · 2026-06-23 23:38:05 +05:30
parent e90dbc1012
commit e9136f801a
2 changed files with 56 additions and 0 deletions
@@ -239,6 +239,15 @@ def check_arch():
 def main():
    print("\n=== Odysseus Setup ===\n")

+    # Load .env so pre-seeded ODYSSEUS_ADMIN_USER / ODYSSEUS_ADMIN_PASSWORD (and
+    # other deployment vars) are honored on native installs, not just when they
+    # are exported in the shell. Mirrors app.py: encoding="utf-8-sig" tolerates a
+    # UTF-8 BOM in a Notepad-saved .env. load_dotenv does not override already
+    # exported OS env vars, so the existing precedence is preserved. python-dotenv
+    # is a hard dependency (requirements.txt) and is verified by check_deps below.
+    from dotenv import load_dotenv
+    load_dotenv(os.path.join(BASE_DIR, ".env"), encoding="utf-8-sig")
+
    # Fail fast with a clear message if the CPU architecture is wrong (Apple
    # Silicon under an x86/Rosetta Python) before importing anything native.
    check_arch()
@@ -1,5 +1,6 @@
 import importlib.util
 import json
+import os
 from pathlib import Path


@@ -23,3 +24,49 @@ def test_create_default_admin_normalizes_env_username(tmp_path, monkeypatch):
    data = json.loads(auth_path.read_text(encoding="utf-8"))
    assert "adminuser" in data["users"]
    assert "AdminUser" not in data["users"]
+
+
+def test_main_loads_admin_password_from_env_file(tmp_path, monkeypatch):
+    """Regression: setup.py must honor an admin password pre-seeded in .env on
+    native installs, even when the var is not exported into the shell
+    (docs/setup.md documents this). Previously setup.py never called
+    load_dotenv(), so os.getenv() saw nothing and a random password was
+    generated instead."""
+    import bcrypt
+
+    setup_module = _load_setup_module()
+
+    # Credentials live ONLY in a .env beside setup.py (written with a UTF-8 BOM,
+    # the Notepad-on-Windows case that utf-8-sig must tolerate) — not exported.
+    monkeypatch.delenv("ODYSSEUS_ADMIN_USER", raising=False)
+    monkeypatch.delenv("ODYSSEUS_ADMIN_PASSWORD", raising=False)
+    (tmp_path / ".env").write_text(
+        "ODYSSEUS_ADMIN_USER=presetuser\nODYSSEUS_ADMIN_PASSWORD=fromenvfile12345\n",
+        encoding="utf-8-sig",
+    )
+
+    # Point setup at the temp dir and neutralize main()'s heavy steps.
+    monkeypatch.setattr(setup_module, "BASE_DIR", str(tmp_path))
+    auth_path = tmp_path / "auth.json"
+    monkeypatch.setattr(setup_module, "AUTH_FILE", str(auth_path))
+    monkeypatch.setattr(setup_module, "check_arch", lambda: None)
+    monkeypatch.setattr(setup_module, "create_dirs", lambda: None)
+    monkeypatch.setattr(setup_module, "create_env", lambda: None)
+    monkeypatch.setattr(setup_module, "check_deps", lambda: None)
+    monkeypatch.setattr(setup_module, "init_database", lambda: None)
+    # Force the non-interactive branch so the test never blocks on a prompt.
+    monkeypatch.setenv("ODYSSEUS_SKIP_ADMIN_PROMPT", "1")
+
+    try:
+        setup_module.main()
+    finally:
+        # load_dotenv writes real os.environ entries; undo so sibling tests
+        # don't inherit them.
+        os.environ.pop("ODYSSEUS_ADMIN_USER", None)
+        os.environ.pop("ODYSSEUS_ADMIN_PASSWORD", None)
+
+    data = json.loads(auth_path.read_text(encoding="utf-8"))
+    assert "presetuser" in data["users"], data
+    assert bcrypt.checkpw(
+        b"fromenvfile12345", data["users"]["presetuser"]["password_hash"].encode()
+    ), "admin password from .env was ignored; a random one was generated"