ssh: Add checkbox to remove login group restrictions

Tests:

- Disable the checkbox. Non-admin user who is not part freedombox-ssh group
fails to login. Admin user can login.

- Enable the checkbox and both non-admin user and admin user can login via SSH.

Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>

plinth/modules/ssh/forms.py

@@ -16,3 +16,11 @@ class SSHServerForm(forms.Form):
                     'administrator user account before enabling this option.'),
         required=False,
     )
+
+    allow_all = forms.BooleanField(
+        label=_('Allow all users to login remotely'),
+        help_text=_('Allow all users who have a valid account to login '
+                    'remotely via SSH. When disabled, only users of groups '
+                    'root, admin and freedombox-ssh can login via SSH.'),
+        required=False,
+    )

plinth/modules/ssh/views.py

@@ -32,6 +32,8 @@ class SshAppView(AppView):
         initial.update({
             'password_auth_disabled':
                 not privileged.is_password_authentication_enabled(),
+            'allow_all':
+                not privileged.are_users_restricted()
         })
 
         return initial
@@ -40,6 +42,7 @@ class SshAppView(AppView):
         """Apply changes from the form."""
         old_config = self.get_initial()
         new_config = form.cleaned_data
+        updated = False
 
         def is_field_changed(field):
             return old_config[field] != new_config[field]
@@ -49,6 +52,13 @@ class SshAppView(AppView):
             privileged.set_password_authentication(
                 not new_config['password_auth_disabled'])
             service_privileged.reload('ssh')
+            updated = True
+
+        if is_field_changed('allow_all'):
+            privileged.restrict_users(not new_config['allow_all'])
+            updated = True
+
+        if updated:
             messages.success(self.request, _('Configuration updated'))
 
         return super().form_valid(form)