Authentication & User Management ================================= First access — setup --------------------- When no users exist in the database, every request is redirected to ``/setup``. Fill in a username and password to create the first administrator account. After the first user is created, ``/setup`` is no longer accessible. Login and logout ---------------- Navigate to ``/login`` and enter your credentials. The session is stored server-side using Flask's signed cookie session. To end the session, click the logout button or navigate to ``/logout``. User management --------------- Authenticated users can manage accounts at ``/users``: - **Add user** — enter a username and password; the account is created immediately. - **Delete user** — removes the account. The currently logged-in user cannot delete their own account. - **Change password** — updates the password for any existing account. .. note:: There is no role system — all accounts have the same level of access. Storage backend --------------- User credentials are stored in ``fwtester-sqlite3.db`` (the same SQLite file used for test results) in a table called ``users``. Passwords are hashed with PBKDF2-SHA256 and never stored in plain text. The implementation is in ``gui/auth.py``. .. warning:: The "Clear results" button on the Runner page deletes only the ``tests_results`` table. The ``users`` table is **not** affected.