Bug #285
closed
Implement authentication for the web interface
Added by Hammel almost 11 years ago. Updated about 10 years ago.
100%
Description
Not sure if this should be php or javascript. But I need a login and session authentication via the web interface.
Updated by Hammel over 10 years ago
- Priority changed from Urgent to Normal
- Target version changed from 0.9.0 to 0.10.0
Moving configuration tools to 0.10.0.
Updated by Hammel about 10 years ago
- Status changed from New to In Progress
- % Done changed from 0 to 20
Authentication with Monkey overrides adding authentication with PHP, Javascript or HTTP headers. That's because Monkey doesn't provide the usual authentication.
See the monkey documentation for details on how to set up basic authentication.
I think this means I'll set up an initial authentication and then add a Users tab to the web interface to add users, set passwords and restart monkey. That should be about it.
Updated by Hammel about 10 years ago
- % Done changed from 20 to 30
A quick tests of this shows that it's easy to setup and works fine. Here is what need to happen.
- Add the Basic Auth configuration to the monkey opkg.
- Create a default user with a default password in user.mk
- frontpage.php needs to test if the default user has been modified.
- If not, force the user to change the default user password.
- Create a new page called from frontpage with a new "users" icon.
- The user page will allow editing existing users and adding new users
- Find existing users: pull from first column of users.mk file
- Updated passwords: use mk_passwd -b
- If a password is changed then monkey has to be restarted.
- Schedule the restart for a second or two after the update
- This gives us time to return to the main page first.
- Restart could be a new command for piboxd: delay (int, milliseconds), command are the payload
Updated by Hammel about 10 years ago
Auth config added to monkey with default admin user.
Now I need to make the changes to frontpage.php to test if the admin user pw needs to be changed.
Updated by Hammel about 10 years ago
- % Done changed from 30 to 40
Implemented test for admin password change, including a new password set page and the ability to send a new MT_PW message (message type = 4, which is not yet implemented in piboxed) to piboxd to handle the password update.
Now I need to implement the password change request in piboxd.
After that I need to go back and add the new users page that allows selecting a user and then calls the userPW.tmple like frontpage does for changing the users password.
Updated by Hammel about 10 years ago
- Project changed from PiBox to piboxwww
- Category deleted (
04 - Root File System)
Updated by Hammel about 10 years ago
- Category set to Settings
- Severity changed from 03 - Medium to 01 - Critical
Updated by Hammel about 10 years ago
- % Done changed from 40 to 50
Implemented password change requirement for first login for the admin user. Tested on target and seems to work quite well.
All changes committed and pushed.
Now I need to add a users page (with a front page icon) that allows adding and deleting users (except the admin) and changing their passwords.
Updated by Hammel about 10 years ago
- % Done changed from 50 to 60
I updated the web icons to match the style used in the launcher and added a users icon.
Now I need the users page and functionality. Note that the piboxd action for getting users is already implemented (MT_PW, MA_GET).
Updated by Hammel about 10 years ago
- % Done changed from 60 to 80
With the exception of deleting users (which requires another action added to MT_PW in piboxd), this functionality is complete. You can now edit existing users and add new ones.
Deleting a user should be pretty easy so I'll wait till I finish that before closing this issue.
Updated by Hammel about 10 years ago
- Status changed from In Progress to Closed
- % Done changed from 80 to 100
Added delete functionality. Code tested, committed and pushed.
Closing issue