Implement authentication for the web interface
|Status:||Closed||Start date:||08 Mar 2014|
|Target version:||PiBox - 0.10.0|
|Severity:||01 - Critical|
RM #285: Implemented test for admin password change, including a new password set page and the ability to send a new MT_PW message to piboxd to handle the password update.
RM #285: Added support for MT_PW and associated actions for changing a user password in the web service.
RM #285: Extend the artificial delay after updating a password before reloading the front page.
RM #285: Cleaned up icons to more closely match the ones used on the attached display (under launcher) and added users icon to front page.
RM #285: Move check for payload to MA_SAVE only (MA_GET doesn't need it) in handlePW. Also, make sure cleanup is properly handled for the socket descriptor in handlePW.
RM #285: Integrated a user selection page that allows creating, updating and deleting users.
RM #285: Add support for creating a log file on installation and disable logging by default.
#4 Updated by Hammel over 4 years ago
- Status changed from New to In Progress
- % Done changed from 0 to 20
See the monkey documentation for details on how to set up basic authentication.
I think this means I'll set up an initial authentication and then add a Users tab to the web interface to add users, set passwords and restart monkey. That should be about it.
#5 Updated by Hammel over 4 years ago
- % Done changed from 20 to 30
A quick tests of this shows that it's easy to setup and works fine. Here is what need to happen.
- Add the Basic Auth configuration to the monkey opkg.
- Create a default user with a default password in user.mk
- frontpage.php needs to test if the default user has been modified.
- If not, force the user to change the default user password.
- Create a new page called from frontpage with a new "users" icon.
- The user page will allow editing existing users and adding new users
- Find existing users: pull from first column of users.mk file
- Updated passwords: use mk_passwd -b
- If a password is changed then monkey has to be restarted.
- Schedule the restart for a second or two after the update
- This gives us time to return to the main page first.
- Restart could be a new command for piboxd: delay (int, milliseconds), command are the payload
#7 Updated by Hammel over 4 years ago
- % Done changed from 30 to 40
Implemented test for admin password change, including a new password set page and the ability to send a new MT_PW message (message type = 4, which is not yet implemented in piboxed) to piboxd to handle the password update.
Now I need to implement the password change request in piboxd.
After that I need to go back and add the new users page that allows selecting a user and then calls the userPW.tmple like frontpage does for changing the users password.
#10 Updated by Hammel over 4 years ago
- % Done changed from 40 to 50
Implemented password change requirement for first login for the admin user. Tested on target and seems to work quite well.
All changes committed and pushed.
Now I need to add a users page (with a front page icon) that allows adding and deleting users (except the admin) and changing their passwords.
#12 Updated by Hammel over 4 years ago
- % Done changed from 60 to 80
With the exception of deleting users (which requires another action added to MT_PW in piboxd), this functionality is complete. You can now edit existing users and add new ones.
Deleting a user should be pretty easy so I'll wait till I finish that before closing this issue.