From 0e5bab19d618c856de6700e0df736eda1cd76180 Mon Sep 17 00:00:00 2001 From: Petter Reinholdtsen Date: Wed, 11 Sep 2013 09:58:42 +0200 Subject: [PATCH] Create admin user on first boot. Extend the first_boot module to ask for username and password of user to create on first boot, and create it as a privileged user. This should remove the need for the admin user with well known password. --- modules/installed/first_boot.py | 24 ++++++++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) diff --git a/modules/installed/first_boot.py b/modules/installed/first_boot.py index ff3a27e63..b55425981 100644 --- a/modules/installed/first_boot.py +++ b/modules/installed/first_boot.py @@ -7,6 +7,7 @@ from forms import Form import util as u from withsqlite.withsqlite import sqlite_db import cfg +from model import User class FirstBoot(PagePlugin): def __init__(self, *args, **kwargs): @@ -29,7 +30,7 @@ class FirstBoot(PagePlugin): return "fake key" @cherrypy.expose - def state0(self, message="", box_name="", box_key="", submitted=False): + def state0(self, message="", box_name="", box_key="", username="", md5_password="", submitted=False, **kwargs): """ In this state, we do time config over HTTP, name the box and server key selection. @@ -68,9 +69,22 @@ class FirstBoot(PagePlugin): elif submitted and not box_key: box_key = self.generate_box_key() db['box_key'] = box_key + if username and md5_password: + di = { + 'username':username, + 'name':'First user - please change', + 'expert':'on', + "groups": ["expert"], + 'passphrase':md5_password, + } + new_user = User(di) + cfg.users.set(username,new_user) + validuser = True + else: + validuser = False - if box_name and box_key and self.valid_box_name_p(box_name) and self.valid_box_key_p(box_key): + if box_name and box_key and self.valid_box_name_p(box_name) and self.valid_box_key_p(box_key) and validuser: ## Update state to 1 and head there with sqlite_db(cfg.store_file, table="firstboot", autocommit=True) as db: db['state']=1 @@ -79,12 +93,18 @@ class FirstBoot(PagePlugin): main = "

Welcome. It looks like this FreedomBox isn't set up yet. We'll need to ask you a just few questions to get started.

" form = Form(title="Welcome to Your FreedomBox!", action="/firstboot", + onsubmit="return md5ify('whats_my_name', 'password')", name="whats_my_name", message=message) + form.text = '\n'+form.text if not box_name: box_name = cfg.box_name form.html("

For convenience, your FreedomBox needs a name. It should be something short that doesn't contain spaces or punctuation. 'Willard' would be a good name. 'Freestyle McFreedomBox!!!' would not.

") form.text_input('Name your FreedomBox', id="box_name", value=box_name) + form.html("

Initial user and password. Access to this web interface is protected by knowing a username and password. Provide one here to register the initial privileged user. The password can be changed and other users added later.

") + form.text_input('Username:', id="username", value=username) + form.text_input('Password:', id="password", type='password') + form.text_input(name="md5_password", type="hidden") form.html("

%(box_name)s uses cryptographic keys so it can prove its identity when talking to you. %(box_name)s can make a key for itself, but if one already exists (from a prior FreedomBox, for example), you can paste it below. This key should not be the same as your key because you are not your FreedomBox!

" % {'box_name':cfg.box_name}) form.text_box("If you want, paste your box's key here.", id="box_key", value=box_key) form.hidden(name="submitted", value="True")