fix(auth): set subsonic_password on admin bootstrap
Bootstrap was creating password_hash + api_token but leaving subsonic_password nil, which meant Subsonic clients (Feishin, Symfonium) got ErrTokenNotSupported on t+s auth — the server had no plaintext to hash against. Mirror the bootstrap password into subsonic_password so the admin can sign in to Subsonic clients with the same credential printed on first boot. Plaintext at rest is the cost of Subsonic's legacy auth; matches Navidrome's posture. Also folds in the local dev compose tweaks: dedicated bridge network with postgres unpublished from the host, and a bind-mount aimed at the operator's real library path. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
@@ -63,6 +63,9 @@ func TestBootstrap_Integration(t *testing.T) {
|
||||
if err := bcrypt.CompareHashAndPassword([]byte(user.PasswordHash), []byte("hunter2")); err != nil {
|
||||
t.Errorf("bcrypt compare: %v", err)
|
||||
}
|
||||
if user.SubsonicPassword == nil || *user.SubsonicPassword != "hunter2" {
|
||||
t.Errorf("subsonic_password = %v, want \"hunter2\"", user.SubsonicPassword)
|
||||
}
|
||||
|
||||
byToken, err := q.GetUserByAPIToken(ctx, user.ApiToken)
|
||||
if err != nil {
|
||||
|
||||
Reference in New Issue
Block a user