Skip to content

feat: auto-create root user with generated password on warehouse provision#390

Merged
EDsCODE merged 2 commits intomainfrom
eric/auto-create-root-user-on-provision
Apr 5, 2026
Merged

feat: auto-create root user with generated password on warehouse provision#390
EDsCODE merged 2 commits intomainfrom
eric/auto-create-root-user-on-provision

Conversation

@EDsCODE
Copy link
Copy Markdown
Contributor

@EDsCODE EDsCODE commented Apr 3, 2026
edited
Loading

Summary

  • Auto-create root OrgUser with a generated password when POST /provision is called
  • Password returned in the provision response only (show-once pattern) — only the bcrypt hash is persisted
  • GET /warehouse/status returns connection details (host, port, database, username) when ready — no password
  • POST /reset-password endpoint generates a new password, returns it once, updates the bcrypt hash
  • New GeneratePassword(), CreateOrgUser(), UpdateOrgUserPassword() helpers in configstore
  • GetOrg() added to provisioning store for resolving database name in status response

Security

  • Plaintext password is never stored — only exists in the HTTP response body
  • Only bcrypt hash persisted on OrgUser (same as existing admin-created users)
  • Lost password recovery via reset-password endpoint (same show-once pattern)

Companion PR

Test plan

  • Provision returns username + password in response
  • Status returns connection details without password when ready
  • Reset password returns new password, old password stops working after config poll
  • Existing tests pass

🤖 Generated with Claude Code

EDsCODE added a commit to PostHog/posthog that referenced this pull request Apr 3, 2026
@EDsCODE @claude
feat: add password field to connection details and update types
99f1d5c 
- Update DataWarehouseProvisioningStatus to match duckgres status API
  (flat connection object instead of nested infrastructure details)
- Add DataWarehouseProvisioningConnection type with password field
- ConnectionDetails component shows password with show/hide toggle
- Companion duckgres PR: PostHog/duckgres#390

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@EDsCODE @claude
feat: auto-create root user on provision, show-once password pattern
6f8af65 
Provision endpoint:
- Generates a random password, creates root OrgUser (bcrypt hash only)
- Returns plaintext password in the provision response — never stored

Status endpoint:
- Returns connection details (host, port, database, username) when ready
- No password — it was only available at provision time

Reset password endpoint:
- POST /orgs/:id/reset-password generates a new password, returns it once

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@EDsCODE EDsCODE force-pushed the eric/auto-create-root-user-on-provision branch from db9a5b2 to 6f8af65 Compare April 3, 2026 22:16
@EDsCODE EDsCODE mentioned this pull request Apr 3, 2026
Merged
@EDsCODE EDsCODE merged commit c7d9161 into main Apr 5, 2026
21 checks passed
@EDsCODE EDsCODE deleted the eric/auto-create-root-user-on-provision branch April 5, 2026 23:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@EDsCODE