From 68bceddabb01973f8d86f351121f144c674a8c4c Mon Sep 17 00:00:00 2001
From: pqhuy1987 <pqhuy1987@gmail.com>
Date: Fri, 22 May 2026 11:09:11 +0700
Subject: [PATCH] =?UTF-8?q?[CLAUDE]=20Infra:=20Plan=20CA=20Chunk=20D2=20ho?=
 =?UTF-8?q?tfix=20=E2=80=94=20Password=20=E2=89=A512=20chars=20cho=20catal?=
 =?UTF-8?q?og.manager=20(S22+2=20policy)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Reviewer spawn pre-push verify catch CRITICAL bug Chunk D 4a592cf:
- DemoUserPassword = "User@123456" (11 chars)
- Identity password policy S22+2 ≥12 chars enforced
- → New user catalog.manager CreateAsync FAIL prod → user KHÔNG seed
- → Bro UAT login fe-user 401 → Plan CA broken on prod

Fix: per-user password override conditional check trên roles.Contains(CatalogManager).
- CatalogManager role → password = "CatalogMgr@2026" (15 chars, complexity OK)
- Existing 30 demo user → giữ DemoUserPassword "User@123456" (created pre-S22+2, alive)

Pattern reusable: Khi add demo user MỚI sau S22+2 password policy bump, MUST verify
password ≥12 chars OR override per-user. Existing 30 user idempotent skip CreateAsync
nên KHÔNG bị ảnh hưởng (password hashed in DB từ pre-bump).

Verify:
- dotnet build SolutionErp.slnx PASS 0 err
- Idempotent: existing catalog.manager (nếu manual create) skip + KHÔNG đụng password
- Smart Friend Reviewer guard active — caught issue trước push

Plan CA chain (5 commits cumulative):
- A 80d39a0 BE Role + Seed (em main solo)
- B 06a441c FE move 4 master pages (Implementer Case 2)
- C c995f42 Sidebar filter 2 app (em main solo)
- D 4a592cf Seed demo user (em main solo) — INTRODUCED BUG
- D2 (this) Hotfix password policy (em main solo, Reviewer catch)

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 .../Persistence/DbInitializer.cs                           | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/Backend/SolutionErp.Infrastructure/Persistence/DbInitializer.cs b/src/Backend/SolutionErp.Infrastructure/Persistence/DbInitializer.cs
index 1038548..d28df77 100644
--- a/src/Backend/SolutionErp.Infrastructure/Persistence/DbInitializer.cs
+++ b/src/Backend/SolutionErp.Infrastructure/Persistence/DbInitializer.cs
@@ -1286,7 +1286,12 @@ public static class DbInitializer
                         Position = position,
                         CreatedAt = DateTime.UtcNow,
                     };
-                    var result = await userManager.CreateAsync(user, DemoUserPassword);
+                    // [Plan CA S29 2026-05-22] CatalogManager role mới — password
+                    // ≥12 chars per policy S22+2 (existing 30 demo user dùng
+                    // DemoUserPassword 11 chars seed pre-S22+2 nên alive). User
+                    // mới phải tuân policy mới hoặc CreateAsync fail trên prod.
+                    var pwd = roles.Contains(AppRoles.CatalogManager) ? "CatalogMgr@2026" : DemoUserPassword;
+                    var result = await userManager.CreateAsync(user, pwd);
                     if (!result.Succeeded)
                     {
                         logger.LogWarning("Demo user {Email} CREATE fail: {Err}",