Authentication & User Management

First access — setup

When no users exist in the database, every request is redirected to /setup. Fill in a username and password to create the first administrator account. After the first user is created, /setup is no longer accessible.

Login and logout

Navigate to /login and enter your credentials. The session is stored server-side using Flask’s signed cookie session. To end the session, click the logout button or navigate to /logout.

User management

Authenticated users can manage accounts at /users:

  • Add user — enter a username and password; the account is created immediately.

  • Delete user — removes the account. The currently logged-in user cannot delete their own account.

  • Change password — updates the password for any existing account.

Note

There is no role system — all accounts have the same level of access.

Storage backend

User credentials are stored in fwtester-sqlite3.db (the same SQLite file used for test results) in a table called users. Passwords are hashed with PBKDF2-SHA256 and never stored in plain text.

The implementation is in gui/auth.py.

Warning

The “Clear results” button on the Runner page deletes only the tests_results table. The users table is not affected.