From 249bcf5bac27b5cb29bae04603ba2ddc5fbe499d Mon Sep 17 00:00:00 2001
From: Anthony Lapenna <lapenna.anthony@gmail.com>
Date: Fri, 29 Sep 2017 18:44:30 +0200
Subject: [PATCH] fix(api): prevent the creation of multiple admin users
 (#1251)

---
 api/cmd/portainer/main.go | 25 ++++++++++++++++---------
 1 file changed, 16 insertions(+), 9 deletions(-)

diff --git a/api/cmd/portainer/main.go b/api/cmd/portainer/main.go
index b7091cf7a..74aafde28 100644
--- a/api/cmd/portainer/main.go
+++ b/api/cmd/portainer/main.go
@@ -186,7 +186,6 @@ func main() {
 	applicationStatus := initStatus(authorizeEndpointMgmt, flags)
 
 	if *flags.Endpoint != "" {
-		var endpoints []portainer.Endpoint
 		endpoints, err := store.EndpointService.Endpoints()
 		if err != nil {
 			log.Fatal(err)
@@ -229,17 +228,25 @@ func main() {
 	}
 
 	if adminPasswordHash != "" {
-
-		log.Printf("Creating admin user with password hash %s", adminPasswordHash)
-		user := &portainer.User{
-			Username: "admin",
-			Role:     portainer.AdministratorRole,
-			Password: adminPasswordHash,
-		}
-		err := store.UserService.CreateUser(user)
+		users, err := store.UserService.UsersByRole(portainer.AdministratorRole)
 		if err != nil {
 			log.Fatal(err)
 		}
+
+		if len(users) == 0 {
+			log.Printf("Creating admin user with password hash %s", adminPasswordHash)
+			user := &portainer.User{
+				Username: "admin",
+				Role:     portainer.AdministratorRole,
+				Password: adminPasswordHash,
+			}
+			err := store.UserService.CreateUser(user)
+			if err != nil {
+				log.Fatal(err)
+			}
+		} else {
+			log.Println("Instance already has an administrator user defined. Skipping admin password related flags.")
+		}
 	}
 
 	var server portainer.Server = &http.Server{