Try to log in to the library registry admin interface using a bogus username and password.

Your username will end up in the 'admins' table with no password.

Since there's no password, you can't use this to gain access to the registry, but you shouldn't be able to put an entry in this table at all, and this looks enough like a security problem that I'd like to resolve it quickly.

I suspect this is a case where we use get_one_or_create when we should use get_one.