Access Control copy edits

[peries]

@victorevector @AllenMcAfee for your review

dev notes by victor This text can be found in src/octoprint/templates/dialogs/wizard/firstrun_start.jinja2

dev notes by victor This text can be found in src/octoprint/plugins/corewizard/templates/corewizard_acl_wizard.jinja2

dev notes by victor Re: the html elements that are crossed out... The wizard dialog box is defined in the file src/octoprint/templates/dialogs/wizard.jinja2. Here are some (not all) options on how to edit them out.

• select html identifier and append a display: none; css rule.

• create "minimal" flag and code roboOctoprint to react to this flag; i.e. roboOctoprint chooses which wizard template to render depending on flag.

Relevant elements:

1. side bar:

   1. div#wizard_dialog_menu { display: none;}
   2. div.span3 --> div.span11

2. previous button:

   1. div.modal-footer button.button-previous { display: none; }

3. footer text:

   1. div.modal-footer div.text-center { display: none; }

4. next text:

   1. div.modal-footer button.button-next
   2. use reactive html or js to change the text value based on modal content or button event.

[peries]

@mnacinopa and I haven't been able to figure out how to properly disable it. Could one of you show us?

[victorevector]

Internal notes

• how to reset password: https://github.com/foosel/OctoPrint/issues/1063

[victorevector]

SSH info

• An advanced user wants to enable SSH (default: disabled).

• A user wants to know the implications of turning it on.

  • Any remote user with the printer's username and password can control the printer.

• A user wants to know the default password.

  • username: pi password:

• A user wants to know how to change the default password.

  • https://www.raspberrypi.org/documentation/linux/usage/users.md

[peries]

@victorevector @AllenMcAfee

---

---

---

[peries]

and then if they've already created an account,

[peries]

This is just an idea for new styling, although this content can be fitted into the current styling just fine. I can also send you the text in another document so you can copy/paste

[peries]

@victorevector questions

1. can the 'access control' screens be dynamic such that it knows if you've created an admin account already?
2. can the 'setup complete' screen be dynamic such that it shows which selections you've just made (so you can confirm) before finishing the wizard?

[victorevector]

@peries

re: https://github.com/Robo3D/roboOctoprint/issues/13#issuecomment-347709584

1. The setup wizard does display a different interface if an admin account has already been registered.

2. I can carry over the values to the end screen. It does raise questions about "confirmation". Once you enable access control you can't undo it. Another thing, I think the surest way to reset an admin password is to reflash the whole OS.

[mnacinopa]

@peries The only things to edit

• [x] The default username is actually pi, I think?
• [x] At the Enable/Disable Screens we need to warn them this will restart their printer and interrupt any print jobs going on

[mnacinopa]

@victorevector When there are multiple user accounts can only the admin acc enable/disable access control & ssh?

[peries]

@victorevector feedback for the latest version

Within the wizard,

Start

• [x] second paragraph copy edit: If you're a new user, we'd like to welcome you to the Robo family! If you've been here before, we'll take you through some newly added settings.
• [ ] delete previous button
• [x] delete 'unless otherwise noted..." line
• [ ] change next button text to 'start'

Access Control

• [ ] Note copy edit: NOTE: If you lose your new password, you will need to contact Robo customer support. In which case, you risk losing all of the data on your printer.
• [ ] delete previous button
• [x] delete 'unless otherwise noted..." line

SSH Control

• [x] Change sidebar to say 'SSH Control' instead of wizard
• [x] Change title to say 'SSH Control'
• [x] Delete apostrophe in it's
• [x] Delete extra space after einstein
• [x] Add period after closed parentheses
• [x] Copy edit to the last line of the last paragraph: If you keep SSH disabled, there is no need to change your password.
• [x] delete 'unless otherwise noted..." line
• [x] change previous button text to 'go back'

Finish

• [x] delete 'unless otherwise noted..." line
• [x] change previous button text to 'go back'

[peries]

Enabling

Title: Enable Security Features Body: You are about to launch the setup wizard to enable remote access security features. You will have to complete the wizard in order to continue using the web dashboard. The dashboard and your printer will automatically restart once the wizard is finished. This will disrupt any active prints.

Are you sure you want to proceed?

Disabling

Title: Disable Security Features Body: You are about to disable the remote access security features and DELETE all user accounts. This will make your printer remotely accessible to everyone within your local network. The dashboard and your printer will automatically restart. This will disrupt any active prints.

Are you sure you want to proceed?

[peries]

Can we change the text of the errors that this screen reports?

Title: Enter valid username and password Body: Please properly fill out the username and password forms Invalid username Invalid password Passwords do not match Button: OK

[peries]

@victorevector let's talk more about this notification when you can

[victorevector]

@peries @mnacinopa @AllenMcAfee @Ximidar

I am currently adding the SSH enable/disable radio button to Settings > Access Control. This made sense to me given that the option is originally bundled with Access Control in the Security Setup Wizard. The only caveat is that you can only see Settings > Access Control if you've enabled Access Control. What are your thoughts?

Pros:

• Added security layer in front of SSH. You must be logged in with an admin account to enable/disable SSH

Cons:

• The default state (disabled) cannot be changed unless you run the Security Setup Wizard OR you enable Access Control

[Ximidar]

I believe they should only see the SSH option when they have access control enabled. having that option hidden behind a login would be nice.

[mnacinopa]

Will the Security Setup Wizard run automatically once someone navigates to the web dash after we push the update? The only way i can see this being a problem is for users who actually use SSH, and get blindsided.

[victorevector]

@mnacinopa The user will have to enable the Security Setup Wizard from System menu drop down

[mnacinopa]

@victorevector Okay thats fine. Once we push the update, will SSH just automatically be disabled for all users?

[victorevector]

@mnacinopa Per Allen's request yes

[victorevector]

@peries @mnacinopa @AllenMcAfee @Ximidar I won't be able to add the SSH enable/disable button the Settings today. I've tried for a couple hours now and I don't have the proper environment to test it out. I'll have something ready once I'm back in the office next week.

[peries]

@victorevector

1. Access control screen in the wizard, there's a couple typos
   • Since we didn't explain the QR code and mobile app, can you change the first paragraph to

When Access Control is enabled, you cannot control the printer from the web dashboard unless you are logged in. Additionally, you can only access the API QR code from the logged in view of the web dashboard. This prevents unregistered users from accessing and using your printer via the internet or mobile app. We advise enabling Access Control when your printer is connected to an unsecure or shared network (such as a school or public places).

• Can you change the note to say

NOTE: If you lose your new password, you will need to contact Robo customer support. In which case, you risk losing all of the data on your printer.

2. When access control is enabled, the text for the button to disable it is gone

3. The password to SSH is raspberry. Is this gonna change?

4. for the notification

   • we need to link that top line to the article that explains access control. https://help.robo3d.com/hc/en-us/articles/115002840791
   • How to activate? Go to Settings, then 'Enable remote access security feature' to launch the setup wizard.
   • What's inside this feature? Restrict control of the printer via internet access (web dashboard, mobile app, SSH)

[AllenMcAfee]

@peries can we go ahead and make the link that is needed in the announcement window? I'll need to get that into this fix.

[peries]

@mnacinopa let us know when the article is updated

[peries]

@AllenMcAfee https://help.robo3d.com/hc/en-us/articles/115002840791

[peries]

Couple more things where the text is highlighted: should say 'or the Robo mobile app'

should say 'password is 'raspberry''

[Ximidar]

@peries I fixed those two edits. Could you pull and test?

[peries]

Thanks Matt! Looks like everything has been resolved