Prompt users to add an admin password if they have not set one with a notification pip and an alert on the app config menu.

[aaclayton]

Originally in GitLab by @markusraab78

Without an Master Access Key set it is possible to enter the setup and audit and delete worlds. Should it therefore not be mandatory to set a master access key during setup as a must not an optional thing? Not all users will be aware of that risk.

[aaclayton]

Originally in GitLab by @anathemamask

While I don't think it's necessary to make it mandatory, it might be advisable to raise a warning with a "Don't show this again" option on installs that don't have an admin key set.

[aaclayton]

made the issue visible to everyone

[aaclayton]

Originally in GitLab by @kakaroto

If this gets added, please make an command line option to disable it because on The Forge, the setup page can only be accessed by the license owner (based on forge user authentication).

[aaclayton]

Duplicate issue from @damccull:

In order to submit an effective bug report, please include the following information along with your issue description.

Environment Details

Please share the following basic details about your setup.

• Foundry VTT Version: 0.7.8 and below
• Operating System: All
• How Are You Using Foundry: Native and deployed headless with all browsers
• Which Game System: All
• Modules Enabled?: Yes and no

Issue Description

The game currently doesn't require an admin password to be set and it seems to cause a lot of confusion between the admin password and the GM's "access key" for a world. When no admin password is set and the GM returns to setup, all other connected players automatically get full access to the server. This is mentioned in the documentation but it is insecure by default and, because there is no prompt or requirement, new GM's are not always setting an admin password, thinking that their GM access key is what they need to set.

Instead, this should be a required part of setting up the server the first time. Setting the password should be part of the initial setup on first login and the system should not let you progress without having one set.

For GMs and developers (module and otherwise) who don't want the password to be set, support a command line option during launch like --no-admin-password which will override that requirement and allow the server to launch without an admin password. That option would be great for password recovery, as well.

[aaclayton]

Originally in GitLab by @kakaroto

--no-admin-password shouldn't override the admin password but just override the requirement for an admin password, as I'd be using that for the Forge, but would still want to allow users to set one if they want to.

EDIT: I think there's already another option to force the admin password which could be used for recovery, no ?

[aaclayton]

Related to #5832