Authentication & User Management
First access — setup
When no users exist in the database, every request is redirected to /setup.
Fill in a username and password to create the first administrator account.
After the first user is created, /setup is no longer accessible.
Login and logout
Navigate to /login and enter your credentials. The session is stored
server-side using Flask’s signed cookie session. To end the session, click the
logout button or navigate to /logout.
User management
Authenticated users can manage accounts at /users:
Add user — enter a username and password; the account is created immediately.
Delete user — removes the account. The currently logged-in user cannot delete their own account.
Change password — updates the password for any existing account.
Note
There is no role system — all accounts have the same level of access.
Storage backend
User credentials are stored in fwtester-sqlite3.db (the same SQLite file
used for test results) in a table called users. Passwords are hashed with
PBKDF2-SHA256 and never stored in plain text.
The implementation is in gui/auth.py.
Warning
The “Clear results” button on the Runner page deletes only the
tests_results table. The users table is not affected.