Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

37 password managing #40

Merged
merged 41 commits into from
Feb 1, 2024
Merged

37 password managing #40

merged 41 commits into from
Feb 1, 2024

Conversation

ArendJan
Copy link
Contributor

@ArendJan ArendJan commented Nov 28, 2023
edited
Loading

Fixes #37

Components:

Pam:

This Pluggable Authentication Module is hooked into the passwd calls. Before entering a new password it will show the user a warning that it stores the password and that it should not be a safe password. After entering, it will show the password and store it in /home/mirte/.wifi_pwd for the wifi hotspot functionality.

password_manager:

This python script will watch /usr/local/src/mirte/mirte-install-scripts/config/pam/users.json and /usr/local/src/mirte/mirte-install-scripts/config/web/newpasswd for changes. When there are changes, it updates:

Nginx:

Login:

when a user is connecting to any webpage and is not logged in and is not from a 'secure' source (192.168.42/43/137.x), then the user gets a http basic auth popup. When login fails, a custom error page is show how to login. Nginx uses pam to check the username & password.

Code:

The VsCode web server uses a different port from the other pages, as it does not like being in a 'directory'. Nginx will still check for the password. It is possible to go to http://192.168.42.1/code/ and you'll get redirected to the correct port.

@ArendJan
Start install vscode
34503ff
@ArendJan
change nginx install to 'default' method
9559a3a
@ArendJan
start pam module
a340a26
@ArendJan
Add cmake build and install
c2fb7f5
@ArendJan
cleanup cmake
b3f1b2e
@ArendJan
Add json parsing and updating
7fbe8ff
@ArendJan
Improve installation pam and docs
51f91ba
@ArendJan
Add pam to install script + improve readme
5d3f3d6
@ArendJan
Create login page
d1be087
@ArendJan
Add login system to nginx
e24e73f
@ArendJan
Add vscode terms system
7a32d11
@ArendJan
Merge branch 'install-vscode' of https://github.com/ArendJan/mirte-in…
c16bd8a 
…stall-scripts into 37-password-managing
@ArendJan
Fix vscode starting and license terms
4f29703
@ArendJan
Add vscode service
5cf5b7b
@ArendJan
mv sites + add list page
8e8a0dd
@ArendJan
Add password change system nginx
b1202d5
@ArendJan
Fix install missing cmake
d96c45f
@ArendJan
Improve password manager
52e880f
@ArendJan
Add it as service
271b7ab
@ArendJan
Fix nginx install
10bced6
@ArendJan
add install vscode
32c34da
@ArendJan
vscode fixes?
9f3121f
@ArendJan
Fix nginx + passwd
7b64d7c
@ArendJan
sudo kill?
c43e095
@ArendJan
add storepassword to common-password to catch chpasswd
b979272
@ArendJan
test why not installing
9afcf8f
@ArendJan
format fix
3c1aca7
@ArendJan
Cleanup, error check and extra checks
f42f277
@ArendJan
Fix vscode install
7a2b5bc
@ArendJan
remove vscode terms page, as there are none anymore
1d20698
@ArendJan ArendJan requested a review from mklomp November 28, 2023 13:18
@ArendJan ArendJan self-assigned this Nov 28, 2023
@ArendJan ArendJan added the enhancement New feature or request label Nov 28, 2023
@ArendJan ArendJan added this to the 0.2 milestone Nov 28, 2023
@ArendJan ArendJan linked an issue Nov 28, 2023 that may be closed by this pull request
Password managing #37
Open
15 tasks
@ArendJan ArendJan changed the base branch from develop to main December 5, 2023 14:56
@ArendJan ArendJan changed the base branch from main to develop December 5, 2023 14:56
@ArendJan
Copy link
Contributor Author

ArendJan commented Dec 6, 2023
edited
Loading

After our discussion:
TODOS:

  • Remove the option to change password from web
  • Remove python script password_manager
  • Change nginx to use pam
  • Let pam module do all the settings (extra bash script)
  • (optional) let pam module ask user to change wifi password

@ArendJan ArendJan marked this pull request as draft December 6, 2023 12:54
@ArendJan ArendJan marked this pull request as ready for review December 7, 2023 14:37
@ArendJan ArendJan requested review from mklomp and removed request for mklomp December 7, 2023 14:37
@ArendJan
Copy link
Contributor Author

ArendJan commented Dec 7, 2023

All todos are done except the optional feature. I'll look into it

mklomp
mklomp approved these changes Dec 12, 2023
View reviewed changes
Copy link
Contributor

@mklomp mklomp left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Perfect. I think especially the nginx.conf can be cleaned up a bit, but looks great.

create_user.sh Outdated

sudo ./install_pam.sh # setup pam before changing the password for the mirte user.

echo "mirte:{new_password}" | sudo chpasswd
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Where is {new_password} set?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nowhere, probably some find replace mistake

nginx.conf Outdated
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is a lot of duplicate code here. It seems nginx can also have shared [common configs](https://serverfault.com/questions/373578/how-can-i-configure-nginx-locations-to-share-common-configuration-options. I think that cleans it up a lot.)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I searched for "nginx macros", but didn't find one, this is way better. I've implemented it and resolved one warning!

pam/image.png Outdated
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is is now different, right?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

jup, that image was old, the current file is okay. Shows that only for the mirte user it shows any output

@ArendJan ArendJan merged commit e046c54 into mirte-robot:develop Feb 1, 2024
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mklomp mklomp mklomp approved these changes

Assignees

@ArendJan ArendJan

Labels
enhancement New feature or request
Projects
backlog
Status: ✅ Done
Milestone
0.2
Development

Successfully merging this pull request may close these issues.

Password managing
2 participants
@ArendJan @mklomp