nik/FreedomBox
1
0
Fork 0
mirror of https://github.com/freedombox/FreedomBox.git synced 2026-01-28 08:03:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
FreedomBox/plinth/modules/first_boot/templates/firstboot_welcome.html
Joseph Nuthalapati ba9af6ddff
firstboot: Prompt for secret during firstboot welcome 
- A freshly installed FreedomBox can be hijacked by a third party and an admin
  account can be created which can be used to inject malware or simply take over
  the instance. Password protecting the firstboot step is a good way to avoid
  this. A secret will be displayed to the user as soon as the Plinth package
  is installed, which they have to enter during firstboot welcome step. Also,
  writing this to a file in plinth's home in case the user loses it.
- This protection is not applicable for images built by freedom-maker and for
  Amazon Machine Images.

Signed-off-by: Joseph Nuthalapati <njoseph@thoughtworks.com>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
2018-07-04 20:22:54 -04:00

56 lines
1.5 KiB
HTML
Raw Blame History

{% extends "base_firstboot.html" %}
{% comment %}
#
# This file is part of FreedomBox.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
{% endcomment %}
{% load bootstrap %}
{% load i18n %}
{% load static %}
{% block page_head %}
<style type="text/css">
.navbar-brand {
display: none;
}
img.firstboot {
display: block;
max-width: 100%;
}
</style>
{% endblock %}
{% block content %}
<div class="logo">
<img class="firstboot" src="{% static 'theme/img/FreedomBox-logo-standard.png' %}"
alt="{{ box_name }}" />
</div>
<form class="form text-center" method="post">
{% csrf_token %}
{% if show_wizard_password_prompt %}
{{ form|bootstrap }}
{% endif %}
<p>
<input type="submit" class="btn btn-lg btn-primary"
value="{% trans "Start Setup" %}"/>
</p>
</form>
{% endblock %}
Reference in New Issue View Git Blame Copy Permalink