Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: add environment variable for default admin initial email #6223

Draft
wants to merge 3 commits into
base: main
Choose a base branch
from
Draft

feat: add environment variable for default admin initial email #6223

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
0e21e71
feat: add environment variable for default admin initial email
RogerHYang Jan 31, 2025
321bfb4
forbid deletion of default admin user
RogerHYang Feb 3, 2025
82e456c
Revert "forbid deletion of default admin user"
RogerHYang Feb 3, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 12 additions & 0 deletions src/phoenix/config.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -98,6 +98,12 @@
ENV_PHOENIX_ENABLE_AUTH = "PHOENIX_ENABLE_AUTH"
ENV_PHOENIX_DISABLE_RATE_LIMIT = "PHOENIX_DISABLE_RATE_LIMIT"
ENV_PHOENIX_SECRET = "PHOENIX_SECRET"
ENV_PHOENIX_DEFAULT_ADMIN_INITIAL_EMAIL = "PHOENIX_DEFAULT_ADMIN_INITIAL_EMAIL"
"""
The initial email for the default admin account, which defaults to ‘admin@localhost’ if not
explicitly set. Note that changing this value will have no effect if the default admin
record already exists in the database.
"""
ENV_PHOENIX_DEFAULT_ADMIN_INITIAL_PASSWORD = "PHOENIX_DEFAULT_ADMIN_INITIAL_PASSWORD"
"""
The initial password for the default admin account, which defaults to ‘admin’ if not
Expand Down Expand Up @@ -282,6 +288,12 @@ def get_env_phoenix_secret() -> Optional[str]:
return phoenix_secret


def get_env_default_admin_initial_email() -> str:
from phoenix.auth import DEFAULT_ADMIN_EMAIL

return os.environ.get(ENV_PHOENIX_DEFAULT_ADMIN_INITIAL_EMAIL) or DEFAULT_ADMIN_EMAIL


def get_env_default_admin_initial_password() -> str:
from phoenix.auth import DEFAULT_ADMIN_PASSWORD

Expand Down
9 changes: 6 additions & 3 deletions src/phoenix/db/facilitator.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,14 +12,16 @@
from sqlalchemy.ext.asyncio import AsyncSession

from phoenix.auth import (
DEFAULT_ADMIN_EMAIL,
DEFAULT_ADMIN_USERNAME,
DEFAULT_SECRET_LENGTH,
DEFAULT_SYSTEM_EMAIL,
DEFAULT_SYSTEM_USERNAME,
compute_password_hash,
)
from phoenix.config import get_env_default_admin_initial_password
from phoenix.config import (
get_env_default_admin_initial_email,
get_env_default_admin_initial_password,
)
from phoenix.db import models
from phoenix.db.enums import COLUMN_ENUMS, UserRole
from phoenix.server.types import DbSessionFactory
Expand Down Expand Up @@ -97,14 +99,15 @@ async def _ensure_user_roles(session: AsyncSession) -> None:
admin_role_id := role_ids.get(admin_role)
) is not None:
salt = secrets.token_bytes(DEFAULT_SECRET_LENGTH)
email = get_env_default_admin_initial_email()
password = get_env_default_admin_initial_password()
compute = partial(compute_password_hash, password=password, salt=salt)
loop = asyncio.get_running_loop()
hash_ = await loop.run_in_executor(None, compute)
admin_user = models.User(
user_role_id=admin_role_id,
username=DEFAULT_ADMIN_USERNAME,
email=DEFAULT_ADMIN_EMAIL,
email=email,
password_salt=salt,
password_hash=hash_,
reset_password=True,
Expand Down
Loading