Creating users via hyrax/seed/setup.json currently requires putting
hardcoded credentials into setup.json. Since this is a potential
security issue, we have decided to remove the support for setting
passwords at all through this file. Since User objects don't support a
nil password, we will now simply generate a random 32 byte / 256 bit
"password" (which may contain non-printable characters).
These passwords are not meant to be used/entered anyway, since login for
all users (including admins) is supposed to use either Shibboleth or
ORCID. However, since RDMS/Hyrax requires at least one admin user to
exist at the first startup in order to create the CRC_1280_COLLECTION
and the corresponding crc_1280_manager and crc_1280_member roles,
this commit also adds support for pre-seeding Shibboleth accounts via
hyrax/seed/setup.json.
Note that these users are primarily identified through their uid
attribute, which contains their Pairwise ID obtained from the Shibboleth
IDP, and not their email address. In fact, if the user's name or email
address changes on the IDP, the corresponding values in RDMS's user
database will be updated/replaced automatically with the new values
obtained from the IDP.
Closes #33 (closed)