demo@demo.demo and OIDC #367

New Issue

OVERLORD · 2026-02-04T18:48:59+03:00

OVERLORD commented

2026-02-04 18:48:59 +03:00

Originally created by @tedstriker on GitHub (Oct 20, 2023).

Version 1.14.1 running in Docker container.
OIDC is used to log in as admin and also as regular user.

If you omit the environment variables for the default admin account creation demo@demo.demo still is being created.
Furtermore the demo user neither can be deleted nor can its information like its name be edited, despite the comment in the docker-compose.yml says otherwise.
Additional information like phone number and organisation can be though.

      # Can be removed after installation
      #- DEFAULT_ADMIN_EMAIL=demo@demo.demo # Do not remove if you want to prevent this user from being edited/deleted
      #- DEFAULT_ADMIN_PASSWORD=demo
      #- DEFAULT_ADMIN_NAME=Demo Demo
      #- DEFAULT_ADMIN_USERNAME=demo

claim

demo@demo.demo shouldn't exist
demo@demo.demo should be removable at least
it also shouldn't be possible to login as demo@demo.demo if not configured previously

steps to reproduce

Setup a fresh environment with the docker compose file,
- but remove the DEFAULT_ADMIN_* variables
- and add your OIDC provider
remove at least the databases volume from previous test runs, so we can have an entirely new database
Spin up the compose file
log in with an planka admin account using OIDC login.
Check the Users and find demo@demo.demo which cant be removed
Log out with your OIDC admin
Login with demo@demo.demo password demo

workaround

Set the DEFAULT_ADMINenvironment variables with your own values. After that, demo@demo.demo can be removed.

Originally created by @tedstriker on GitHub (Oct 20, 2023). Version 1.14.1 running in Docker container. OIDC is used to log in as admin and also as regular user. If you omit the environment variables for the default admin account creation demo@demo.demo still is being created. Furtermore the demo user neither can be deleted nor can its information like its name be edited, despite the comment in the [docker-compose.yml](https://github.com/plankanban/planka/blob/master/docker-compose.yml) says otherwise. Additional information like phone number and organisation can be though. ``` # Can be removed after installation #- DEFAULT_ADMIN_EMAIL=demo@demo.demo # Do not remove if you want to prevent this user from being edited/deleted #- DEFAULT_ADMIN_PASSWORD=demo #- DEFAULT_ADMIN_NAME=Demo Demo #- DEFAULT_ADMIN_USERNAME=demo ``` ## claim - demo@demo.demo shouldn't exist - demo@demo.demo should be removable at least - it also shouldn't be possible to login as demo@demo.demo if not configured previously ## steps to reproduce 1. Setup a fresh environment with the docker compose file, - but remove the `DEFAULT_ADMIN_*` variables - and add your OIDC provider 2. remove at least the databases volume from previous test runs, so we can have an entirely new database 3. Spin up the compose file 4. log in with an planka admin account using OIDC login. 5. Check the Users and find demo@demo.demo which cant be removed 6. Log out with your OIDC admin 7. Login with `demo@demo.demo` password `demo` ## workaround Set the `DEFAULT_ADMIN`environment variables with your own values. After that, demo@demo.demo can be removed.

OVERLORD added the bug label 2026-02-04 18:48:59 +03:00

OVERLORD closed this issue

2026-02-04 18:49:04 +03:00

OVERLORD commented

2026-02-04 18:49:11 +03:00

@meltyshev commented on GitHub (Oct 20, 2023):

Hi! Thanks for reporting this.
You are right, if these values are not specified in docker-compose.yml, they will still be taken from the .env file. This should definitely be fixed.

@meltyshev commented on GitHub (Oct 20, 2023): Hi! Thanks for reporting this. You are right, if these values are not specified in `docker-compose.yml`, they will still be taken from the `.env` file. This should definitely be fixed.

OVERLORD commented

2026-02-04 18:49:31 +03:00

@meltyshev commented on GitHub (Oct 20, 2023):

Made these variables optional in the .env.sample file. In the new release, an admin account should not be created unless they are specified in docker-compose.yml

@meltyshev commented on GitHub (Oct 20, 2023): Made these variables optional in the `.env.sample` file. In the new release, an admin account should not be created unless they are specified in `docker-compose.yml`

OVERLORD commented

2026-02-04 18:49:40 +03:00

@tedstriker commented on GitHub (Oct 21, 2023):

Thanks for your quick response.
Will the demo account be deletable after this change, when logged in as an OIDC based administrator?
Currently this seems not possible.

@tedstriker commented on GitHub (Oct 21, 2023): Thanks for your quick response. Will the demo account be deletable after this change, when logged in as an OIDC based administrator? Currently this seems not possible.

OVERLORD commented

2026-02-04 18:49:46 +03:00

@meltyshev commented on GitHub (Oct 21, 2023):

After this change it should be possible to delete that account from the users menu in Planka. To do this you have to remove DEFAULT_ADMIN_* variables and then the user specified there previously will become unlocked for editing and deleting. Seems like we need to cover this in the documentation...

@meltyshev commented on GitHub (Oct 21, 2023): After this change it should be possible to delete that account from the users menu in Planka. To do this you have to remove `DEFAULT_ADMIN_*` variables and then the user specified there previously will become unlocked for editing and deleting. Seems like we need to cover this in the documentation...

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/planka#367