nik/FreedomBox
1
0
Fork 0
mirror of https://github.com/freedombox/FreedomBox.git synced 2026-01-28 08:03:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
216 Commits 11 Branches 403 Tags 290 MiB
Commit Graph

43 Commits

Author SHA1 Message Date
Petter Reinholdtsen
f24d1fb94d Merge branch 'master' into first-boot-create-user 
Resolve conflicts in modules/installed/first_boot.py.
 2013-09-16 05:27:57 +02:00
Nick Daly
5002715cb6 Merge pull request #24 from petterreinholdtsen/first-boot-no-dead-end 
Provide a way to get out of the first-boot screen, even if it isn't read...
 2013-09-15 17:48:30 -07:00
Nick Daly
32a86a54b5 Merge pull request #19 from petterreinholdtsen/first-boot-set-hostname 
Change first_boot module to show and update current hostname,
 2013-09-15 17:43:31 -07:00
Nick Daly
4c42c1ad1f Merge pull request #20 from petterreinholdtsen/expert-user-access 
Fix expert user access checks.
 2013-09-15 16:11:18 -07:00
Nick Daly
702bc2292b Merge pull request #21 from petterreinholdtsen/nonexpert-config-feedback 
Give sensible feedback for non-expert users visiting system/configure.
 2013-09-15 16:10:27 -07:00
Nick Daly
04a266729e Merge pull request #22 from p1otr/master 
use stdlib's json module if simplejson is missing
 2013-09-15 16:09:58 -07:00
Petter Reinholdtsen
8cd1d23e1e Improve message shown to the users. 2013-09-13 10:04:50 +02:00
James Valleroy
5be8a552ab Enable multithread for UserStore DB. 2013-09-12 23:14:07 -04:00
Petter Reinholdtsen
023325fdde Provide a way to get out of the first-boot screen, even if it isn't ready yet. 2013-09-13 00:00:17 +02:00
Petter Reinholdtsen
7ff6ea14e2 Rewrite fix for UserStore.expert() to be more like UserStoreOld.expert(). 2013-09-11 20:31:12 +02:00
Petter Reinholdtsen
1615b7818b Give sensible feedback for non-expert users visiting system/configure. 
Explain that only expert users get access, instead of only showing
an title.
 2013-09-11 20:13:46 +02:00
Petter Reinholdtsen
6effc94349 Fix expert user access checks. 
Several places in the code, cfg.users.expert() is used as a boolean
test to see if the current user is an expert user.  But this do not work.
Change the implementation of expert() to assume the current user if no
argument is given, to get the code working.
 2013-09-11 20:11:56 +02:00
Petter Reinholdtsen
71873b6702 Change first_boot module to show and update current hostname, 
instead of showing the box_name value and failing to set anything
when the user specify a host name value.
 2013-09-11 14:04:34 +02:00
Petter Reinholdtsen
0e5bab19d6 Create admin user on first boot. 
Extend the first_boot module to ask for username and password of
user to create on first boot, and create it as a privileged user.
This should remove the need for the admin user with well known
password.
 2013-09-11 09:58:42 +02:00
Piotr Ożarowski
20d4f961b6 use stdlib's json module if simplejson is missing 
json is available in Python >= 2.6
 2013-09-10 23:12:46 +02:00
Nick Daly
ec9a457e3e Merged: tzafrir's novendor patch. 
Author: Tzafrir Cohen <tzafrir@debian.org>
Description: "vendor" packages are installed as separate system debs
 2013-09-08 17:34:53 -05:00
Nick Daly
dc5139bd2d Simplify authentication code. 2013-09-08 16:53:40 -05:00
Nick Daly
ad7f932fe8 Merged: Add time to auth.py 
Author: Tzafrir Cohen <tzafrir@debian.org>
Desription: Missing import from auth.py
http://git.tzafrir.org.il/?p=plinth/plinth.git
 2013-09-08 16:52:57 -05:00
Petter Reinholdtsen
8f917f0349 Fix typo in apps module, Open ID -> Photo Gallery. 2013-09-07 20:29:51 +02:00
Tom Galloway
2bd413e657 If needed instead of an elif. 2013-04-24 09:29:58 +01:00
Nick Daly
f55c7a48ea Merged with James's upstream. 
Hope I did it right.  If I screwed up, withsqlite is borked.
 2013-04-23 17:49:22 -05:00
Nick Daly
1492fe9728 Unify authentication errors. 
Give the same error if the username doesn't exist or if the password
is wrong.  If we deliver separate errors, we tell the attacker whether
they've picked a valid password or not.

Also, if username doesn't exist, hash the password anyway to avoid
this timing side-channel attack:

1. Invalid Username:

   A. User tries to log in with invalid username.
   B. User name is not found in database.
   C. Password is never hashed.

2. Invalid Password:

   A. User tries to log in with valid username.
   B. User name is found in database.
   C. Password is hashed.

Given that proper password hashing will take a minute, *not* hashing
the password takes so much less time that we've effectively indicated
to the attacker that the username didn't exist, regardless of the
error message.  This way, no such error occurs.
 2013-03-23 19:59:20 -05:00
Tom Galloway
76d67d67f1 Add User & Delete User now works correctly. 2013-01-22 20:22:19 +00:00
Tom Galloway
c4cddbfc0e Changes to get user management screens started. Updated UserStore to add all expected functions. Added tests for these functions. 2013-01-21 10:30:52 +00:00
Tom Galloway
646b5518bb withsqlite is now retrieved from github. Manage User & Groups pages now display correctly but don't do anything yet. 2013-01-16 13:08:48 +00:00
Tom Galloway
b54a4906e6 Fix to allow hostname to be updated on Ubuntu. This needed a change to exmachina which I've created a pull request for. I've updated Make to point to my fork of exmachina until this has been merged, when it can be reverted. 2013-01-10 09:15:31 +00:00
bnewbold
09fbb23e90 use exmachina to configure timezone 2012-07-26 12:41:26 -07:00
bnewbold
f1e764f2e5 integrate exmachina configuration management layer 
- add exmachina code and test code
- modify plinth.py to listen for shared secret on stdin at start
  (if appropriate flag is set) and try to connect to exmachina daemon
- use exmachina to read and set /etc/hostname as a demo
- update plinth init.d script to start exmachina and share keys
- update docs with new deps and run instructions
 2012-07-12 22:25:50 -04:00
Sean O'Brien
5685d3f387 fixes to boostrap, new icons, mobile view works 2012-03-12 14:39:32 -04:00
Sean O'Brien
638b287d1b new template based upon bootstrap 2012-03-12 14:39:31 -04:00
James Vasile
72cf4d639b unlink santiago 2012-02-19 15:16:39 -05:00
James Vasile
992eff9e13 flesh out santiago and apache config a bit 2012-02-19 15:07:16 -05:00
James Vasile
f7d59c5900 enable santiago 2012-02-19 15:07:16 -05:00
James Vasile
71074920b8 starting santiago 2012-02-19 15:07:16 -05:00
James Vasile
d86de60270 add order to privacy page plugin 2012-02-19 15:07:14 -05:00
James Vasile
79de884549 complete the transition to sqlite 2012-02-19 15:07:14 -05:00
James Vasile
4409f1598d autocommit 2012-02-19 15:07:14 -05:00
James Vasile
e8464fa113 add TODO: at exit, commit db 2012-02-19 15:07:14 -05:00
James Vasile
d082538aee move to sqlite3 + json dict storage for users 2012-02-19 15:07:13 -05:00
James Vasile
73f2734308 remove references to design blathering 2011-09-29 23:34:42 -04:00
James Vasile
18b9df74f9 Makefile generates cherrpy.config 2011-03-09 13:41:29 -05:00
James Vasile
443b2649bf load router before router/info 2011-03-09 13:23:04 -05:00
James Vasile
35071d7212 ... 2011-02-22 13:32:45 -05:00