WillHHippo
commented
3 years ago The current implementation assumes a username and password. That might be reason enough to include a default username.
Closed nullcount closed 3 years ago
WillHHippo
commented
3 years ago The current implementation assumes a username and password. That might be reason enough to include a default username.
nullcount
commented
3 years ago Yes, that's a good reason to keep username. However, it should be hidden from the user. Otherwise, it implies that there can be multiple users.
So user can remain hardcoded but password needs read from file.
Also hide the user field from login view.
nullcount
commented
3 years ago Just a note for how this should be approached:
In the /config.yml there should be a definition for the location fo the password file. The login method should reference that location by parsing the yml. It should compare the hash in that file (you can decide on the hashing + salt algo) to the plaintext password it just received.
Currently, auth is checked against a hard coded user and password.
Unless someone can give a good reason, I don't think we need a username for the app. There should be one admin for Rainstorm. Other users will be at the service level and maybe we can allow the admin to create users later. But those users dont need to manage the services themselves.
Since theres only one admin, the user name cam be ommitted.
Since we're not using a DB, the password hash will be stored somewhere in the filesystem. If it is stored on the SD card, it will be reset when the user upgrades, unless premium. This could be an intentional headache to promote premium purchases. Otherwise, store the password hash file on the HDD.