https://redmine.graphics-muse.org/https://redmine.graphics-muse.org/favicon.ico?16278048512014-03-09T03:53:15ZGraphics Muse Issue Trackerpiboxwww - Bug #285: Implement authentication for the web interfacehttps://redmine.graphics-muse.org/issues/285?journal_id=10292014-03-09T03:53:15ZHammelmjhammel@graphics-muse.org
<ul></ul>Research:
<ul>
<li><a href="http://www.thebuzzmedia.com/designing-a-secure-rest-api-without-oauth-authentication/" class="external">Designing a Secure REST (Web) API without OAuth</a></li>
<li><a href="http://www.tutorialized.com/tutorials/PHP/User-Authentication/1" class="external">PHP Tutorials : User Authentication Tutorials</a></li>
<li><a href="http://evertpot.com/223/" class="external">HTTP Basic and Digest authentication with PHP</a></li>
<li><a href="http://www.peej.co.uk/articles/http-auth-with-html-forms.html" class="external">HTTP Authentication with HTML Forms</a></li>
</ul> piboxwww - Bug #285: Implement authentication for the web interfacehttps://redmine.graphics-muse.org/issues/285?journal_id=11452014-05-07T02:54:25ZHammelmjhammel@graphics-muse.org
<ul><li><strong>Priority</strong> changed from <i>Urgent</i> to <i>Normal</i></li><li><strong>Target version</strong> changed from <i>0.9.0</i> to <i>0.10.0</i></li></ul><p>Moving configuration tools to 0.10.0.</p> piboxwww - Bug #285: Implement authentication for the web interfacehttps://redmine.graphics-muse.org/issues/285?journal_id=13572014-09-11T16:01:00ZHammelmjhammel@graphics-muse.org
<ul><li><strong>Priority</strong> changed from <i>Normal</i> to <i>Immediate</i></li></ul> piboxwww - Bug #285: Implement authentication for the web interfacehttps://redmine.graphics-muse.org/issues/285?journal_id=14702014-12-04T00:47:20ZHammelmjhammel@graphics-muse.org
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>In Progress</i></li><li><strong>% Done</strong> changed from <i>0</i> to <i>20</i></li></ul><p>Authentication with Monkey overrides adding authentication with PHP, Javascript or HTTP headers. That's because Monkey doesn't provide the usual authentication.</p>
<p>See the <a href="http://monkey-project.com/documentation/basic_authentication" class="external">monkey documentation</a> for details on how to set up basic authentication.</p>
<p>I <strong>think</strong> this means I'll set up an initial authentication and then add a Users tab to the web interface to add users, set passwords and restart monkey. That should be about it.</p> piboxwww - Bug #285: Implement authentication for the web interfacehttps://redmine.graphics-muse.org/issues/285?journal_id=14712014-12-04T01:16:35ZHammelmjhammel@graphics-muse.org
<ul><li><strong>% Done</strong> changed from <i>20</i> to <i>30</i></li></ul><p>A quick tests of this shows that it's easy to setup and works fine. Here is what need to happen.</p>
<ol>
<li>Add the <a href="http://monkey-project.com/documentation/basic_authentication" class="external">Basic Auth</a> configuration to the monkey opkg.</li>
<li>Create a default user with a default password in user.mk</li>
<li>frontpage.php needs to test if the default user has been modified.
<ol>
<li>If not, force the user to change the default user password.</li>
</ol>
</li>
<li>Create a new page called from frontpage with a new "users" icon.</li>
<li>The user page will allow editing existing users and adding new users
<ol>
<li>Find existing users: pull from first column of users.mk file</li>
<li>Updated passwords: use mk_passwd -b</li>
</ol>
</li>
<li>If a password is changed then monkey has to be restarted.
<ol>
<li>Schedule the restart for a second or two after the update</li>
<li>This gives us time to return to the main page first.</li>
<li>Restart could be a new command for piboxd: delay (int, milliseconds), command are the payload</li>
</ol></li>
</ol> piboxwww - Bug #285: Implement authentication for the web interfacehttps://redmine.graphics-muse.org/issues/285?journal_id=14722014-12-04T05:14:58ZHammelmjhammel@graphics-muse.org
<ul></ul><p>Auth config added to monkey with default admin user.</p>
<p>Now I need to make the changes to frontpage.php to test if the admin user pw needs to be changed.</p> piboxwww - Bug #285: Implement authentication for the web interfacehttps://redmine.graphics-muse.org/issues/285?journal_id=14772014-12-05T21:07:18ZHammelmjhammel@graphics-muse.org
<ul><li><strong>% Done</strong> changed from <i>30</i> to <i>40</i></li></ul><p>Implemented test for admin password change, including a new password set page and the ability to send a new MT_PW message (message type = 4, which is not yet implemented in piboxed) to piboxd to handle the password update.</p>
<p>Now I need to implement the password change request in piboxd.</p>
<p>After that I need to go back and add the new users page that allows selecting a user and then calls the userPW.tmple like frontpage does for changing the users password.</p> piboxwww - Bug #285: Implement authentication for the web interfacehttps://redmine.graphics-muse.org/issues/285?journal_id=14782014-12-05T21:07:48ZHammelmjhammel@graphics-muse.org
<ul><li><strong>Project</strong> changed from <i>PiBox</i> to <i>piboxwww</i></li><li><strong>Category</strong> deleted (<del><i>04 - Root File System</i></del>)</li></ul> piboxwww - Bug #285: Implement authentication for the web interfacehttps://redmine.graphics-muse.org/issues/285?journal_id=14792014-12-05T21:08:52ZHammelmjhammel@graphics-muse.org
<ul><li><strong>Category</strong> set to <i>Settings</i></li><li><strong>Severity</strong> changed from <i>03 - Medium</i> to <i>01 - Critical</i></li></ul> piboxwww - Bug #285: Implement authentication for the web interfacehttps://redmine.graphics-muse.org/issues/285?journal_id=14802014-12-06T00:34:38ZHammelmjhammel@graphics-muse.org
<ul><li><strong>% Done</strong> changed from <i>40</i> to <i>50</i></li></ul><p>Implemented password change requirement for first login for the admin user. Tested on target and seems to work quite well.</p>
<p>All changes committed and pushed.</p>
<p>Now I need to add a users page (with a front page icon) that allows adding and deleting users (except the admin) and changing their passwords.</p> piboxwww - Bug #285: Implement authentication for the web interfacehttps://redmine.graphics-muse.org/issues/285?journal_id=14812014-12-06T18:59:03ZHammelmjhammel@graphics-muse.org
<ul><li><strong>% Done</strong> changed from <i>50</i> to <i>60</i></li></ul><p>I updated the web icons to match the style used in the launcher and added a users icon.</p>
<p>Now I need the users page and functionality. Note that the piboxd action for getting users is already implemented (MT_PW, MA_GET).</p> piboxwww - Bug #285: Implement authentication for the web interfacehttps://redmine.graphics-muse.org/issues/285?journal_id=14822014-12-08T19:18:52ZHammelmjhammel@graphics-muse.org
<ul><li><strong>% Done</strong> changed from <i>60</i> to <i>80</i></li></ul><p>With the exception of deleting users (which requires another action added to MT_PW in piboxd), this functionality is complete. You can now edit existing users and add new ones.</p>
<p>Deleting a user should be pretty easy so I'll wait till I finish that before closing this issue.</p> piboxwww - Bug #285: Implement authentication for the web interfacehttps://redmine.graphics-muse.org/issues/285?journal_id=14832014-12-08T22:45:11ZHammelmjhammel@graphics-muse.org
<ul><li><strong>Status</strong> changed from <i>In Progress</i> to <i>Closed</i></li><li><strong>% Done</strong> changed from <i>80</i> to <i>100</i></li></ul><p>Added delete functionality. Code tested, committed and pushed.</p>
<p>Closing issue</p>