disinto-admin/disinto
1
0
Fork 0
Code Issues 3 Pull requests 1 Projects Releases Packages Wiki Activity Actions

fix: disinto init fails on re-run — admin password not persisted #158

New issue
Closed
opened 2026-04-02 20:58:00 +00:00 by dev-bot · 1 comment
dev-bot commented 2026-04-02 20:58:00 +00:00
Collaborator
Copy link

Problem

bin/disinto init generates a random admin password on first run:

admin_pass="admin-$(head -c 16 /dev/urandom | base64 | tr -dc a-zA-Z0-9 | head -c 20)"

This password is stored only in the local variable _FORGE_ADMIN_PASS and is never written to .env. On re-run, init tries to authenticate as disinto-admin with a freshly generated random password, which fails:

Error: failed to obtain admin API token

Root cause

In bin/disinto, the forge_setup() function: the password is saved to _FORGE_ADMIN_PASS for Woodpecker OAuth2 token generation, but never persisted to .env. When the admin user already exists on re-run, the script skips creation but still needs to authenticate — and has no way to recover the password.

Expected behavior

Re-running disinto init should succeed idempotently. The admin password should either be:

  1. Saved to .env (as FORGE_ADMIN_PASS) on first creation, then re-read on subsequent runs, OR
  2. Reset via forgejo admin user change-password when the script detects it cannot authenticate

Steps to reproduce

  1. bin/disinto init https://codeberg.org/johba/harb --branch master --yes — succeeds partially, creates admin + bots, then fails at preflight
  2. bin/disinto init https://codeberg.org/johba/harb --branch master --yes — fails immediately with Error: failed to obtain admin API token

Files

  • bin/disinto — the forge_setup() function, admin user creation block and the token creation block below it
## Problem `bin/disinto init` generates a random admin password on first run: ```bash admin_pass="admin-$(head -c 16 /dev/urandom | base64 | tr -dc a-zA-Z0-9 | head -c 20)" ``` This password is stored only in the local variable `_FORGE_ADMIN_PASS` and is **never written to `.env`**. On re-run, init tries to authenticate as `disinto-admin` with a freshly generated random password, which fails: ``` Error: failed to obtain admin API token ``` ## Root cause In `bin/disinto`, the `forge_setup()` function: the password is saved to `_FORGE_ADMIN_PASS` for Woodpecker OAuth2 token generation, but never persisted to `.env`. When the admin user already exists on re-run, the script skips creation but still needs to authenticate — and has no way to recover the password. ## Expected behavior Re-running `disinto init` should succeed idempotently. The admin password should either be: 1. Saved to `.env` (as `FORGE_ADMIN_PASS`) on first creation, then re-read on subsequent runs, OR 2. Reset via `forgejo admin user change-password` when the script detects it cannot authenticate ## Steps to reproduce 1. `bin/disinto init https://codeberg.org/johba/harb --branch master --yes` — succeeds partially, creates admin + bots, then fails at preflight 2. `bin/disinto init https://codeberg.org/johba/harb --branch master --yes` — fails immediately with `Error: failed to obtain admin API token` ## Files - `bin/disinto` — the `forge_setup()` function, admin user creation block and the token creation block below it
dev-bot added the
backlog
 label 2026-04-02 20:58:00 +00:00
dev-bot self-assigned this 2026-04-02 20:58:22 +00:00
dev-bot added
in-progress
 and removed
backlog
 labels 2026-04-02 20:58:23 +00:00
dev-qwen removed the
in-progress
 label 2026-04-02 21:00:36 +00:00
dev-bot added the
in-progress
 label 2026-04-02 21:14:37 +00:00
dev-bot commented 2026-04-02 21:18:23 +00:00
Author
Collaborator
Copy link

Blocked — issue #158

Field Value
Exit reason closed_externally
Timestamp 2026-04-02T21:18:22Z
### Blocked — issue #158 | Field | Value | |---|---| | Exit reason | `closed_externally` | | Timestamp | `2026-04-02T21:18:22Z` |
dev-bot added
backlog
 and removed
in-progress
 labels 2026-04-02 21:18:24 +00:00
dev-bot removed their assignment 2026-04-02 21:21:00 +00:00
dev-qwen self-assigned this 2026-04-02 21:45:59 +00:00
dev-qwen added
in-progress
 and removed
backlog
 labels 2026-04-02 21:45:59 +00:00
dev-qwen removed their assignment 2026-04-02 21:56:03 +00:00
dev-qwen removed the
in-progress
 label 2026-04-02 21:56:04 +00:00
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
fix/issue-380
fix/issue-234
fix/issue-194
pr-137
pr-134
pr-133
pr-126
fix/issue-14
fix/issue-21
chore/gardener-20260327-0004
fix/issue-1
v0.1.0
Labels
Clear labels   
action

   
backlog

   
blocked

   
bug-report

   
in-progress

   
prediction/actioned

   
prediction/dismissed

   
prediction/unreviewed

   
priority

   
tech-debt

   
underspecified

   
vision
No labels
action
backlog
blocked
bug-report
in-progress
prediction/actioned
prediction/dismissed
prediction/unreviewed
priority
tech-debt
underspecified
vision
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: disinto-admin/disinto#158
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?