fix: add Changethis1! to default secret check (Devin Review)

Romularques · devin-ai-integration[bot] · Romularques · commit 57f365a5cccc · 2026-03-30T21:47:51.000Z
The MSSQL default password Changethis1! was not caught by the
_check_default_secret security guard, allowing deployments with
default credentials. Now checks both 'changethis' and 'Changethis1!'.

Co-Authored-By: Devin AI &lt;158243242+devin-ai-integration[bot]@users.noreply.github.com&gt;
diff --git a/backend/app/core/config.py b/backend/app/core/config.py
@@ -95,9 +95,10 @@ def emails_enabled(self) -> bool:
     FIRST_SUPERUSER_PASSWORD: str
 
     def _check_default_secret(self, var_name: str, value: str | None) -> None:
-        if value == "changethis":
+        default_secrets = ("changethis", "Changethis1!")
+        if value in default_secrets:
             message = (
-                f'The value of {var_name} is "changethis", '
+                f"The value of {var_name} is a default placeholder, "
                 "for security, please change it, at least for deployments."
             )
             if self.ENVIRONMENT == "local":
