search

viper-framework / viper

Binary analysis and management framework
Other
1.54k stars 353 forks source link

Enable users to change their password #779

Closed Stean closed 4 years ago

Stean commented 4 years ago

Hi!

Since I couldn't find anything related in the documentation, I wondered whether there is a way for a non-admin user to change his password via the webinterface. Could somebody tell me if I just missed it or is there really no such possibility?

Thanks in advance Stean

frennkie commented 4 years ago

The Webinterface is based on a web framework called Django. This does include a form where user can change their password.

Should not be hard to find. I can also send the link when I'm at home.

On March 19, 2020 5:48:42 PM GMT+01:00, Stean notifications@github.com wrote:

Hi!

Since I couldn't find anything related in the documentation, I wondered whether there is a way for a non-admin user to change his password via the webinterface. Could somebody tell me if I just missed it or is there really no such possibility?

Thanks in advance Stean

-- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/viper-framework/viper/issues/779

-- Sent from my Android device with K-9 Mail. Please excuse my brevity.

Stean commented 4 years ago

Thanks for the quick response!

The Webinterface is based on a web framework called Django. This does include a form where user can change their password. Should be hard to find.[...]

I also thought of this and I think, I already found the correct page: https://docs.djangoproject.com/en/3.0/topics/auth/default/#changing-passwords However, these pages aren't accessible by a non-privileged user.

Example: If a non-admin User visits the subpage /admin/password_change/, he/she get's the error message "You are authenticated as [Username], but are not authorized to access this page. Would you like to login to a different account?".

frennkie commented 4 years ago

Can you try assigning "is staff" privileges to the user and try it again..?!

Stean commented 4 years ago

Yep, thanks, that worked :) Since in our existing setup only a few users had the staff flag set, I thought that staff permissions would be somehow comparable to admin privileges.

jaegeral commented 4 years ago

As it is has been answered, I will close the issue, thanks @frennkie for helping ;-)