Same "sync" user credentials across facilities cause sync to fail

Observed behavior

Have two facilities with the same admin credentials on a server. Was attempting to import facilities on two different devices using kolibri manage sync...

The sync was always failing on the 2nd device with this error -

requests.exceptions.HTTPError: 403 Client Error: Forbidden for url: http://192.168.1.69:8080/api/morango/v1/certificates/

After a lot of permutations and combinations realised that setting different passwords for each of the admin users allowed the sync to complete successfully on each device.

Expected behavior

The sync should have worked even with the same user credentials across facilities since the sync command differentiates the users with a --facility <facilityid>

User-facing consequences

Confusion and anxiety as user has no way to know what is wrong and what is the cause of the error.

Errors and logs

Error message following a large exception dump -

requests.exceptions.HTTPError: 403 Client Error: Forbidden for url: http://192.168.1.69:8080/api/morango/v1/certificates/

Steps to reproduce

1. Create two facilities.
2. Add a admin user in each of the facilities with exactly the same username and password - admin / password.
3. On another device try importing the two facilities using kolibri manage sync --baseurl <source device ip/domain> --facility <facilityid[1,2]> --username admin --password password --no-push --noninteractive command.
4. The import shall most likely fail for the second attempt.
5. Now change password of the admin user of the facility for which the sync is failing.
6. Stop Kolibri, remove the KOLIBRI_HOME folder and start Kolibri.
7. Reattempt the sync for both the facilities.
8. Now the sync shall work for both facilities.

Context

Kolibi 0.14.3