Merge pull request #12972 from zmstone/0503-unhide-default-dashboard-username-password

chore: unhide dashboard default_password config

apps/emqx_dashboard/src/emqx_dashboard_schema.erl

@@ -254,6 +254,10 @@ default_username(default) -> <<"admin">>;
 default_username(required) -> true;
 default_username(desc) -> ?DESC(default_username);
 default_username('readOnly') -> true;
+%% username is hidden but password is not,
+%% this is because we want to force changing 'admin' user's password.
+%% instead of suggesting to create a new user --- which could be
+%% more prone to leaving behind 'admin' user's password unchanged without detection.
 default_username(importance) -> ?IMPORTANCE_HIDDEN;
 default_username(_) -> undefined.
 
@@ -264,7 +268,7 @@ default_password('readOnly') -> true;
 default_password(sensitive) -> true;
 default_password(converter) -> fun emqx_schema:password_converter/2;
 default_password(desc) -> ?DESC(default_password);
-default_password(importance) -> ?IMPORTANCE_HIDDEN;
+default_password(importance) -> ?IMPORTANCE_LOW;
 default_password(_) -> undefined.
 
 cors(type) -> boolean();

rel/i18n/emqx_dashboard_schema.hocon

@@ -28,10 +28,9 @@ cors.label:
 """CORS"""
 
 default_password.desc:
-"""The initial default password for dashboard 'admin' user.
-For safety, it should be changed as soon as possible.
-This value is not valid when you log in to Dashboard for the first time via the web
-and change to a complex password as prompted."""
+"""The password used to initialize a database record for `admin` user.
+NOTE: Changing the default password after it has been initialized (boot up for the fist time) has no effect.
+Once initialized, the default password `public` must be changed from dashboard or CLI as soon as possible."""
 
 default_password.label:
 """Default password"""