anti
fdb6507c6f
DECNET_ADMIN_PASSWORD defaulted to the literal "admin" with no guard, so a master that never set it seeded an admin/admin account. Resolve it lazily via __getattr__ -> _require_env (the same pattern as DECNET_JWT_SECRET): unset or a known-bad default (admin/secret/...) is rejected, and <12 chars is rejected outside DECNET_DEVELOPER. Only the master web/api processes that import the DB layer resolve it; workers never do, and the pytest short-circuit keeps the dev loop unaffected. The module attribute stays addressable for the admin-seed monkeypatch.
14 KiB
14 KiB