mirror of
https://github.com/freedombox/FreedomBox.git
synced 2026-01-28 08:03:36 +00:00
ba9af6ddff
- A freshly installed FreedomBox can be hijacked by a third party and an admin account can be created which can be used to inject malware or simply take over the instance. Password protecting the firstboot step is a good way to avoid this. A secret will be displayed to the user as soon as the Plinth package is installed, which they have to enter during firstboot welcome step. Also, writing this to a file in plinth's home in case the user loses it. - This protection is not applicable for images built by freedom-maker and for Amazon Machine Images. Signed-off-by: Joseph Nuthalapati <njoseph@thoughtworks.com> Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
33 lines
1.1 KiB
Python
33 lines
1.1 KiB
Python
#
|
|
# This file is part of FreedomBox.
|
|
#
|
|
# This program is free software: you can redistribute it and/or modify
|
|
# it under the terms of the GNU Affero General Public License as
|
|
# published by the Free Software Foundation, either version 3 of the
|
|
# License, or (at your option) any later version.
|
|
#
|
|
# This program is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU Affero General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU Affero General Public License
|
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
#
|
|
"""
|
|
URLs for the First Boot module
|
|
"""
|
|
|
|
from django.conf.urls import url
|
|
from stronghold.decorators import public
|
|
|
|
from .views import CompleteView, WelcomeView
|
|
|
|
urlpatterns = [
|
|
# Take care of the firstboot middleware when changing URLs
|
|
url(r'^firstboot/$', public(WelcomeView.as_view()), name='index'),
|
|
url(r'^firstboot/welcome/$', public(WelcomeView.as_view()),
|
|
name='welcome'),
|
|
url(r'^firstboot/complete/$', CompleteView.as_view(), name='complete'),
|
|
]
|