Opened 6 years ago

Closed 6 years ago

Last modified 6 years ago

#13274 closed Bug Report - General (fixed)

Can't change admin password in WebFrontend

Reported by: Bill Meek Owned by: Bill Meek
Priority: minor Milestone: 30.0
Component: MythTV - Web Frontend Version: Master Head
Severity: medium Keywords:
Cc: Ticket locked: no

Description

Myth/ChangePassword? saves to the HTTP/Protected/Password setting, and is no longer used.

Change History (3)

comment:1 Changed 6 years ago by Bill Meek <billmeek@…>

Resolution: fixed
Status: assignedclosed

In f3de8a1fc/mythtv:

Services API: Adds ManageDigestUser? and ManageUrlProtection? endpoints

Restores the ability to change the admin password from Webfrontend
and any clients that may have digest users.

Adds new options to add and remove users, but prevents removal of
user "admin".

Myth/ManageDigestUser? has 3 values for the Action parameter:

Add requires: UserName?, Password and AdminPassword?

Remove requires: UserName? and Password

ChangePassword? requires: UserName?, Password and OldPassword?

Note that adding user: abcd and: ABCD are considered the same.
Something unexpected in MythSessionManager? testing here.

Fixes #13274

Gives users the ability to configure which services require a
digest user/password:

Requires: AdminPassword? and Services, All, None, Myth;Dvr etc.

Command line examples, to turn on protection for all services:

curl --digest --user admin:mythtv --data Services=All \

--data AdminPassword?=mythtv \
localhost:6544/Myth/ManageUrlProtection

wget -O- --http-user=admin --http-password=mythtv \

--method=POST \
localhost:6544/Myth/ManageUrlProtection?Services=All\&AdminPassword=mythtv

[--post-data doesn't work]

Tested WebFrontend? authentication on: Android Chrome 66.0, Chromium
65.0/66.0, Firefox 60.0. Python requests/requests.auth with
HTTPDigestAuth work.

Note the addition of the new verb "Manage", which allows consolidation
of multiple POST methods (thanks Roger.) This adds to the "Naming
standardization" in commit: ce52b5e in 11/11/2011. The Action parameter
should honor the Add and Remove verbs previously established. If any of
the above, or in the future, need to retrieve data, then a similar Get-
endpoint would need to be added using the GET method.

comment:2 Changed 6 years ago by Bill Meek

Milestone: 29.230.0
Version: v29-fixesMaster Head

comment:3 Changed 6 years ago by Bill Meek <billmeek@…>

In f3de8a1fc/mythtv:

Services API: Adds ManageDigestUser? and ManageUrlProtection? endpoints

Restores the ability to change the admin password from Webfrontend
and any clients that may have digest users.

Adds new options to add and remove users, but prevents removal of
user "admin".

Myth/ManageDigestUser? has 3 values for the Action parameter:

Add requires: UserName?, Password and AdminPassword?

Remove requires: UserName? and Password

ChangePassword? requires: UserName?, Password and OldPassword?

Note that adding user: abcd and: ABCD are considered the same.
Something unexpected in MythSessionManager? testing here.

Fixes #13274

Gives users the ability to configure which services require a
digest user/password:

Requires: AdminPassword? and Services, All, None, Myth;Dvr etc.

Command line examples, to turn on protection for all services:

curl --digest --user admin:mythtv --data Services=All \

--data AdminPassword?=mythtv \
localhost:6544/Myth/ManageUrlProtection

wget -O- --http-user=admin --http-password=mythtv \

--method=POST \
localhost:6544/Myth/ManageUrlProtection?Services=All\&AdminPassword=mythtv

[--post-data doesn't work]

Tested WebFrontend? authentication on: Android Chrome 66.0, Chromium
65.0/66.0, Firefox 60.0. Python requests/requests.auth with
HTTPDigestAuth work.

Note the addition of the new verb "Manage", which allows consolidation
of multiple POST methods (thanks Roger.) This adds to the "Naming
standardization" in commit: ce52b5e in 11/11/2011. The Action parameter
should honor the Add and Remove verbs previously established. If any of
the above, or in the future, need to retrieve data, then a similar Get-
endpoint would need to be added using the GET method.

Note: See TracTickets for help on using tickets.