diff options
author | Antoni Sawicki <tenox@google.com> | 2022-03-27 02:30:45 -0700 |
---|---|---|
committer | Antoni Sawicki <tenox@google.com> | 2022-03-27 02:30:45 -0700 |
commit | 7ca145e1a1bf9c2c1a9603dd2af832bfcd608b03 (patch) | |
tree | a095eac482602087bc09b43b60e9f9bc6ce171fc | |
parent | 001328a4d76a4d2fb6baaa8c0829a52eaace33f3 (diff) | |
download | wfm-7ca145e1a1bf9c2c1a9603dd2af832bfcd608b03.tar.gz |
readme password manager
-rw-r--r-- | README.md | 47 | ||||
-rw-r--r-- | TODO.md | 1 |
2 files changed, 40 insertions, 8 deletions
@@ -77,15 +77,48 @@ enable this use `-addr_extra=:8080` flag. ## Authentication -If no password file is specified and no hardcoded passwords are present -WFM will not ask for password. By default it will be in read-only mode -unless you specify `-nopass_rw` flag. The password file can be specified -via `-passwd=/path/users.json` flag. Passwords are read on startup and -therefore can be placed outside of chroot directory. +Authentication is performed by HTTP Basic Auth (in future a custom login +window may be implemented instead). If no password file is specified, or +no users present in it (blank) and no hardcoded passwords are present WFM +will not ask for username/password. Auth-less mode by default it will be +in read-only unless you specify `-nopass_rw` flag. -Passwords can also be hardcoded in the binary, se below. +To enable authentication specify password file via `-passwd=/path/users.json` +flag. Passwords are read on startup and therefore can be placed outside of +chroot directory. Passwords can also be hardcoded in the binary, se below. -### Json password file +## User Management + +Users can be managed using a built-in helper function that services the +specified password json file. + +### Create new blank password file + +```shell +$ wfm -passwd=/path/users.json user newfile +``` + +### Add user + +```shell +$ wfm -passwd=/path/users.json user add myuser rw +``` + +### Delete user + +```shell +$ wfm -passwd=/path/users.json user delete myuser +``` + +### Change password + +```shell +$ wfm -passwd=/path/users.json user passwd myuser +``` + +## JSON password file format + +The JSON file can be edited / managed manually. An example file is [provided](users.json). The format is a simple list of users with "User", "Salt", "Hash" strings and "RW" boolean field. User @@ -6,7 +6,6 @@ ## Security * do not log FormValue["text"] as it contains text data from edit -* User manager add/delete/chpw user via arg * userless/guest read-only mode, user rw requires custom login window * two factor auth |