Bug #285

Implement authentication for the web interface

Added by Hammel over 3 years ago. Updated over 2 years ago.

Status:ClosedStart date:08 Mar 2014
Priority:ImmediateDue date:
Assignee:Hammel% Done:

100%

Category:Settings
Target version:PiBox - 0.10.0
Severity:01 - Critical

Description

Not sure if this should be php or javascript. But I need a login and session authentication via the web interface.

Associated revisions

Revision 5e7da23d
Added by Hammel over 2 years ago

RM #285: Add AUTH support to monkey using a default user.

Revision e2f7ee91
Added by Hammel over 2 years ago

RM #285: Implemented test for admin password change, including a new password set page and the ability to send a new MT_PW message to piboxd to handle the password update.

Revision 1ffa6757
Added by Hammel over 2 years ago

RM #285: Fix POST var name for pw.

Revision 1e8f0c8e
Added by Hammel over 2 years ago

RM #285: Set the action bit for MA_SAVE.

Revision 772c66f6
Added by Hammel over 2 years ago

RM #285: Added MT_PW and associated actions to diagram.

Revision 3648ae43
Added by Hammel over 2 years ago

RM #285: Added support for MT_PW and associated actions for changing a user password in the web service.

Revision e5235ca9
Added by Hammel over 2 years ago

RM #285: Remove creation of DEFAULT file. This is superceded by piboxd handling.

Revision e0238c82
Added by Hammel over 2 years ago

RM #285: Extend the artificial delay after updating a password before reloading the front page.

Revision 5b1d66ea
Added by Hammel over 2 years ago

RM #285: Cleaned up icons to more closely match the ones used on the attached display (under launcher) and added users icon to front page.

Revision 60c24734
Added by Hammel over 2 years ago

RM #285: Don't include the xcf files in the images directory of the packaging.

Revision c8f6484d
Added by Hammel over 2 years ago

RM #285: comment update to reflect actual code for MT_PW, MA_GET.

Revision d0163a3d
Added by Hammel over 2 years ago

RM #285: add support for MA_GET to MT_PW.

Revision a935dc9d
Added by Hammel over 2 years ago

RM #285: Move check for payload to MA_SAVE only (MA_GET doesn't need it) in handlePW. Also, make sure cleanup is properly handled for the socket descriptor in handlePW.

Revision f71b9647
Added by Hammel over 2 years ago

RM #285: Integrated a user selection page that allows creating, updating and deleting users.

Revision a810e2a8
Added by Hammel over 2 years ago

RM #285: Retrieving from a text input field with jquery requires use of val().

Revision 60143cc5
Added by Hammel over 2 years ago

RM #285: Add usersPW.js script to support saving changes.

Revision c01a0e24
Added by Hammel over 2 years ago

RM #285: Add support for deleting a user.

Revision b5425129
Added by Hammel over 2 years ago

RM #285: Add missing "!" when checking for delete parameter.

Revision d4d3376a
Added by Hammel over 2 years ago

RM #285: Added support for MT_PW/MA_DEL to delete a user.

Revision 7baeba4b
Added by Hammel over 2 years ago

RM #285: Add support for creating a log file on installation and disable logging by default.

Revision c1812618
Added by Hammel over 2 years ago

RM #285: Added user and camera icons for use with the web interface.

History

#2 Updated by Hammel over 3 years ago

  • Priority changed from Urgent to Normal
  • Target version changed from 0.9.0 to 0.10.0

Moving configuration tools to 0.10.0.

#3 Updated by Hammel almost 3 years ago

  • Priority changed from Normal to Immediate

#4 Updated by Hammel over 2 years ago

  • Status changed from New to In Progress
  • % Done changed from 0 to 20

Authentication with Monkey overrides adding authentication with PHP, Javascript or HTTP headers. That's because Monkey doesn't provide the usual authentication.

See the monkey documentation for details on how to set up basic authentication.

I think this means I'll set up an initial authentication and then add a Users tab to the web interface to add users, set passwords and restart monkey. That should be about it.

#5 Updated by Hammel over 2 years ago

  • % Done changed from 20 to 30

A quick tests of this shows that it's easy to setup and works fine. Here is what need to happen.

  1. Add the Basic Auth configuration to the monkey opkg.
  2. Create a default user with a default password in user.mk
  3. frontpage.php needs to test if the default user has been modified.
    1. If not, force the user to change the default user password.
  4. Create a new page called from frontpage with a new "users" icon.
  5. The user page will allow editing existing users and adding new users
    1. Find existing users: pull from first column of users.mk file
    2. Updated passwords: use mk_passwd -b
  6. If a password is changed then monkey has to be restarted.
    1. Schedule the restart for a second or two after the update
    2. This gives us time to return to the main page first.
    3. Restart could be a new command for piboxd: delay (int, milliseconds), command are the payload

#6 Updated by Hammel over 2 years ago

Auth config added to monkey with default admin user.

Now I need to make the changes to frontpage.php to test if the admin user pw needs to be changed.

#7 Updated by Hammel over 2 years ago

  • % Done changed from 30 to 40

Implemented test for admin password change, including a new password set page and the ability to send a new MT_PW message (message type = 4, which is not yet implemented in piboxed) to piboxd to handle the password update.

Now I need to implement the password change request in piboxd.

After that I need to go back and add the new users page that allows selecting a user and then calls the userPW.tmple like frontpage does for changing the users password.

#8 Updated by Hammel over 2 years ago

  • Project changed from PiBox to piboxwww
  • Category deleted (04 - Root File System)

#9 Updated by Hammel over 2 years ago

  • Category set to Settings
  • Severity changed from 03 - Medium to 01 - Critical

#10 Updated by Hammel over 2 years ago

  • % Done changed from 40 to 50

Implemented password change requirement for first login for the admin user. Tested on target and seems to work quite well.

All changes committed and pushed.

Now I need to add a users page (with a front page icon) that allows adding and deleting users (except the admin) and changing their passwords.

#11 Updated by Hammel over 2 years ago

  • % Done changed from 50 to 60

I updated the web icons to match the style used in the launcher and added a users icon.

Now I need the users page and functionality. Note that the piboxd action for getting users is already implemented (MT_PW, MA_GET).

#12 Updated by Hammel over 2 years ago

  • % Done changed from 60 to 80

With the exception of deleting users (which requires another action added to MT_PW in piboxd), this functionality is complete. You can now edit existing users and add new ones.

Deleting a user should be pretty easy so I'll wait till I finish that before closing this issue.

#13 Updated by Hammel over 2 years ago

  • Status changed from In Progress to Closed
  • % Done changed from 80 to 100

Added delete functionality. Code tested, committed and pushed.

Closing issue

Also available in: Atom PDF