- A freshly installed FreedomBox can be hijacked by a third party and an admin
account can be created which can be used to inject malware or simply take over
the instance. Password protecting the firstboot step is a good way to avoid
this. A secret will be displayed to the user as soon as the Plinth package
is installed, which they have to enter during firstboot welcome step. Also,
writing this to a file in plinth's home in case the user loses it.
- This protection is not applicable for images built by freedom-maker and for
Amazon Machine Images.
Signed-off-by: Joseph Nuthalapati <njoseph@thoughtworks.com>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Added validation logic in the backend to compensate
Signed-off-by: Joseph Nuthalapati <njoseph@thoughtworks.com>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- This is a fallback solution to manually refresh package lists on AWS images
since they come with no apt package lists.
- This can also be occasionally useful for people running the testing
distribution where packages might be frequently added and removed.
Signed-off-by: Joseph Nuthalapati <njoseph@thoughtworks.com>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Adjust the template so that it uses glyphicons for sys page and logos for the app page
- Add logos for missing apps (tor and sharing) and their licences
Signed-off-by: Hemanth Kumar Veeranki <hems.india1997@gmail.com>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Don't show Create User menu item to non-admin users. Previously this
was fixed for the Edit User page, and this fixes it also for the
Change Password page.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
For non-admin users, the subsubmenu containing both Edit and Create forms is
shown. Removed the subsubmenu so that only the update form is shown.
Signed-off-by: Joseph Nuthalapati <njoseph@thoughtworks.com>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Don't allow disabling the only available admin account.
- Don't allow deletion of the only available admin account.
- Don't allow removing admin privileges of the only available admin account.
Signed-off-by: Hemanth Kumar Veeranki <hems.india1997@gmail.com>
Reviewed-by: Joseph Nuthalapati <njoseph@thoughtworks.com>
- Add a field `allowed_groups` to shortcuts, which will contain groups which can
access a particular app
- When a user is logged in, only return those shortcuts to the front page if the
user is allowed to access them. This check is done based on the allowed_groups
field of the shortcut
- Add allowed_groups for shortcuts of all apps with group-restricted access
Signed-off-by: Hemanth Kumar Veeranki <hemanthveeranki@gmail.com>
Reviewed-by: Joseph Nuthalapati <njoseph@thoughtworks.com>
