Fix migrator login

crates/defguard/src/main.rs

@@ -64,7 +64,7 @@ async fn main() -> Result<(), anyhow::Error> {
     if dotenvy::from_filename(".env.local").is_err() {
         dotenvy::dotenv().ok();
     }
-    let mut config = DefGuardConfig::new();
+    let config = DefGuardConfig::new();
     let log_filter = format!(
         "{},defguard_core::handlers::component_setup=debug,defguard_setup::auto_adoption=debug",
         config.log_level
@@ -142,6 +142,8 @@ async fn main() -> Result<(), anyhow::Error> {
     let wizard = Wizard::init(&pool, has_auto_adopt_flags, &config).await?;
 
     Settings::initialize_runtime_defaults(&pool).await?;
+    SERVER_CONFIG.set(config.clone()).ok();
+
     if !wizard.completed {
         match wizard.active_wizard {
             ActiveWizard::None => {}
@@ -186,9 +188,6 @@ async fn main() -> Result<(), anyhow::Error> {
     })?;
     update_current_settings(&pool, settings).await?;
 
-    config.initialize_post_settings();
-    SERVER_CONFIG.set(config.clone()).ok();
-
     let settings = Settings::get_current_settings();
 
     // create event channels for services

crates/defguard_common/src/config.rs

@@ -305,14 +305,6 @@ impl DefGuardConfig {
         }
     }
 
-    /// Initialize values that depend on Settings.
-    pub fn initialize_post_settings(&mut self) {
-        if self.cookie_domain.is_none() {
-            let settings = Settings::get_current_settings();
-            self.cookie_domain = settings.cookie_domain().ok();
-        }
-    }
-
     /// Try PKCS#1 and PKCS#8 PEM formats.
     fn parse_openid_key(path: &str) -> Result<RsaPrivateKey, rsa::pkcs8::Error> {
         if let Ok(key) = RsaPrivateKey::read_pkcs1_pem_file(path) {
@@ -342,8 +334,6 @@ impl Default for DefGuardConfig {
 
 #[cfg(test)]
 mod tests {
-    use std::env;
-
     use super::*;
 
     #[test]
@@ -352,17 +342,6 @@ mod tests {
         DefGuardConfig::command().debug_assert();
     }
 
-    #[test]
-    fn test_cookie_domain_env_override() {
-        unsafe {
-            env::set_var("DEFGUARD_COOKIE_DOMAIN", "example.com");
-        }
-
-        let config = DefGuardConfig::new();
-
-        assert_eq!(config.cookie_domain, Some("example.com".to_string()));
-    }
-
     fn make_config(adopt_edge: Option<&str>, adopt_gateway: Option<&str>) -> DefGuardConfig {
         let mut config = DefGuardConfig::new_test_config();
         config.adopt_edge = adopt_edge.map(str::to_string);

crates/defguard_core/tests/integration/common.rs

@@ -29,7 +29,7 @@ pub(crate) async fn init_config(
 ) -> DefGuardConfig {
     let url = custom_defguard_url.unwrap_or("http://localhost:8000");
     let test_secret_key = "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef";
-    let mut config = DefGuardConfig::new_test_config();
+    let config = DefGuardConfig::new_test_config();
     initialize_current_settings(pool)
         .await
         .expect("Could not initialize current settings in the database");
@@ -41,7 +41,6 @@ pub(crate) async fn init_config(
         .expect("Could not update current settings in the database");
     set_test_license_business();
 
-    config.initialize_post_settings();
     let _ = SERVER_CONFIG.set(config.clone());
     config
 }

crates/defguard_setup/tests/common/mod.rs

@@ -141,7 +141,6 @@ pub async fn init_settings_with_secret_key(pool: &PgPool) {
 
     let mut config = DefGuardConfig::new_test_config();
     config.cookie_insecure = Some(true);
-    config.initialize_post_settings();
     let _ = SERVER_CONFIG.set(config);
 }
 

deny.toml

@@ -72,6 +72,7 @@ feature-depth = 1
 ignore = [
     { id = "RUSTSEC-2023-0071", reason = "https://github.com/RustCrypto/RSA/issues/19" },
     { id = "RUSTSEC-2024-0436", reason = "Unmaintained dependency of tera" },
+    { id = "RUSTSEC-2026-0097", reason = "Unsound rand 0.8.5 advisory; silenced until jsonwebtoken upgrades their dependencies" },
 ]
 # If this is true, then cargo deny will use the git executable to fetch advisory database.
 # If this is false, then it uses a built-in git library.