Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Synchronize root and admin password #527
We suspect some instance have 'yunohost' as password. More generally, when people set or change the admin password, it does not affect the root password, which leads to : 1) more confusion between 'what's the admin password' and 'what's the root password', and 2) leaves hole open if the user forgets to change the default root password ...
Add a migration that check if the root password is 'yunohost' : if so, the root password is automatically replaced by the admin password. Otherwise, the migration is manual and will sync root and admin password. Also, using
How to test
I have to admit that this migration looks super tricky and breaking prone to me, I don't feel really confident about having it
I know this is frustrating to re-do some existing work but I think it would be way better if we had a mechanism on authentication to check if the password in a blacklist and require a modification on the password at that moment. That would be way more flexible and futur proof because we could extend this blacklist very easily.
Also this PR seems to contain a totally very different modification that what is announce
So the main problem for you is the way I add a second password on ldap ?
Until today, i never saw someone on forum/irc saying this manipulation break something. I know it's quite tricky.
To explain a little bit, we need during postinstall to change root password with the admin's one. It's the easiest way i found to be sure root password will not be a default password from our images.
In more, having different password between root/admin users is not so simple to understand for users. So it's a solution pretty well to fix that too.
To understand completely the issue, you should read this PR too: #518
That's not the goal of this PR. To accept good password or not, there is already an other PR #196 .
I already reduce the list of password tested in this PR to the strict minimal, because other contributors here say it's a different case if the user put a weak password voluntarily...
After a short review : I shall test this tomorrow, but in the meantime, agreed on the principle.
Note that since we are gonna have a few manual migrations now, we should check how this behaves exactly. I'm thinking that if you have several pending migrations (manual or auto), running
Yes and no : the spirit of this PR is that root and admin password shall be identical and shall be resynchronized each time