7fe7304392
- IDOR: ownership checks on WO approve/reject/done, charter update/complete/ send-contracts/request-insurance, captain-contract PDF, insurance-rider PDF, delete accounting entry, delete fuel entry, update vessel - auth.py: rate limiting (10 req/15min), explicit is_active check - owner.py: role guard on /owner/dashboard - __init__.py: random SECRET_KEY if unset, absolute SQLite path, parameterized SQL (no f-strings), session cookie HTTPONLY+SameSite, 8h session lifetime, db.session.get() replacing deprecated query.get() - api.py: P&L double-count bug fixed (wo_cost was summed twice), Content- Disposition filename quoted, APP_BASE_URL env var replaces hardcoded localhost:5010, create_management_company validates password length and email uniqueness, dead code removed from sync_all_accounting - create_admin.py: removed password from console output Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
33 lines
1.1 KiB
Python
33 lines
1.1 KiB
Python
from app import create_app, db
|
|
from app.models import User, Company
|
|
from werkzeug.security import generate_password_hash
|
|
|
|
app = create_app()
|
|
with app.app_context():
|
|
# Verificar si ya existe la compañía
|
|
company = Company.query.filter_by(email='admin@fleet.com').first()
|
|
if not company:
|
|
company = Company(name='Al & Al Management LLC', type='management', email='admin@fleet.com')
|
|
db.session.add(company)
|
|
db.session.commit()
|
|
print("Compañía creada")
|
|
else:
|
|
print("Compañía ya existe")
|
|
|
|
# Verificar si ya existe el usuario
|
|
user = User.query.filter_by(email='admin@fleet.com').first()
|
|
if not user:
|
|
user = User(
|
|
name='Administrador',
|
|
email='admin@fleet.com',
|
|
password_hash=generate_password_hash('admin123'),
|
|
company_id=company.id,
|
|
role='admin'
|
|
)
|
|
db.session.add(user)
|
|
db.session.commit()
|
|
print("Usuario admin creado: admin@fleet.com")
|
|
print("⚠️ Cambia la contraseña 'admin123' inmediatamente después del primer login.")
|
|
else:
|
|
print("Usuario admin ya existe: admin@fleet.com")
|