fediversity/fediversity
14
2
Fork 6
Code Issues 157 Pull requests 32 Projects 1 Activity Actions

Wire up passing credentials from FediPanel to the Pixelfed configuration #190

New issue
Open
opened 2025-02-24 11:32:12 +01:00 by kiara · 7 comments
kiara commented 2025-02-24 11:32:12 +01:00
Owner
Copy link

As a Fediversity user,
I want to choose my initial user credentials,
so that I can log in to my Pixelfed instance.

Test:

Given that I am in the panel,
when I am filling the deployment form,
then I should be able to specify my initial credentials such that I can log in to my deployed instance.

implementation notes

  • proper approach: use LDAP (#615)
**As** a Fediversity user, **I want** to choose my initial user credentials, **so that** I can log in to my Pixelfed instance. Test: **Given** that I am in the panel, **when** I am filling the deployment form, **then** I should be able to specify my [initial credentials](https://git.fediversity.eu/Fediversity/Fediversity/pulls/215/files#diff-c959e516a3e7e73b06277e1352072cd290f6d96b) such that I can log in to my deployed instance. ### implementation notes - proper approach: use LDAP (#615)
kiara added this to the Fediversity project 2025-03-18 09:25:41 +01:00
kiara commented 2025-03-18 11:12:22 +01:00
Author
Owner
Copy link

as a workaround until this story, a dummy value is passed

as a workaround until this story, a [dummy value](https://git.fediversity.eu/Fediversity/Fediversity/commit/6275e8b2dc1e7dd4091e9f2d1bb58a9f2acab09d#diff-de06c10854bd6e90e4d3acc5f00f0c1fdbb89a00) is passed
kiara commented 2025-03-19 16:40:17 +01:00
Author
Owner
Copy link

@kevin noted we may be able to pull these from the django auth info

@kevin noted we may be able to pull these from the django auth info
👍 1
kevin commented 2025-03-28 13:58:21 +01:00
Owner
Copy link

I looked at what info you can get from the django auth and.

we can get the username and email from django. But for the password we cant since django uses 1 way hashing and thus its impossible to get the password from django. so we need find a create a way to have the operator specify that themself when the configure the services

I looked at what info you can get from the django auth and. we can get the username and email from django. But for the password we cant since django uses 1 way hashing and thus its impossible to get the password from django. so we need find a create a way to have the operator specify that themself when the configure the services
👍 1
kiara commented 2025-03-31 09:10:15 +02:00
Author
Owner
Copy link

@kevin makes sense. i guess with the declarative approach of our form putting it in the form kinda sucks too, as it would then remain exposed. that maybe seems like a broader challenge in our approach we should further consider, to e.g.:

  • have a password field in the form (potential security risk, viable at most for demo purposes);
  • have the passwords generated rather than user-specified, then present to the user, potentially with the advice to change them (least advisable long-term, as storing/presenting them and relying on user behavior would make for additional attack vectors);
  • use generated passwords we neither store nor show the user but would then have them use the 'forgot password' function to reset;
  • long-term: have them hooked into an SSO (#212) so we don't need to generate application-specific users.

we should prob discuss our options here to build some consensus.

@kevin makes sense. i guess with the declarative approach of our form putting it in the form kinda sucks too, as it would then remain exposed. that maybe seems like a broader challenge in our approach we should further consider, to e.g.: - have a password field in the form (potential security risk, viable at most for demo purposes); - have the passwords generated rather than user-specified, then present to the user, potentially with the advice to change them (least advisable long-term, as storing/presenting them and relying on user behavior would make for additional attack vectors); - use generated passwords we neither store nor show the user but would then have them use the 'forgot password' function to reset; - long-term: have them hooked into an SSO (#212) so we don't need to generate application-specific users. we should prob discuss our options here to build some consensus.
👍 1
fricklerhandwerk commented 2025-03-31 09:12:41 +02:00
Owner
Copy link

Showing once and adding a note to use "forgot password" for a reset sounds reasonable.

Showing once and adding a note to use "forgot password" for a reset sounds reasonable.
👍 1
kiara removed this from the Fediversity project 2025-04-14 11:12:31 +02:00
kiara commented 2025-06-02 09:28:37 +02:00
Author
Owner
Copy link

out of scope for now as per #327

out of scope for now as per #327
kiara closed this issue 2025-06-02 09:28:37 +02:00
kiara commented 2025-09-14 13:01:50 +02:00
Author
Owner
Copy link

our implementation now only creates an initial user, i.e. does not account for changes to the user or password.

our [implementation](https://git.fediversity.eu/Fediversity/Fediversity/src/branch/main/services/fediversity/pixelfed/default.nix) now only creates an initial user, i.e. does not account for changes to the user or password.
kiara reopened this issue 2025-09-14 13:18:18 +02:00
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
automation/update-workflow
automation/npins-update
kiara/fix-pixelfed
kiara/nspawn
issues/124-database-backups
issues/125-garage-backups
ci/pixelfed
pixelfed-ci
No results found.
Labels
Clear labels   
0 points
fibonacci complexity: 0 points

  
0.5 points
fibonacci complexity: 0.5 points

  
1 point
fibonacci complexity: 1 point

  
13 points
fibonacci complexity: 13 points

  
2 points
fibonacci complexity: 2 points

  
21 points
fibonacci complexity: 21 points

  
3 points
fibonacci complexity: 3 points

  
34 points
fibonacci complexity: 34 points

  
5 points
fibonacci complexity: 5 points

  
55 points
fibonacci complexity: 55 points

  
8 points
fibonacci complexity: 8 points

  
api service
features that may relate more to a (to be created) API service

  
blocked

   
component: fediversity panel

   
component: nixops4

   
documentation

   
estimation high: >3d

   
estimation low: <2h

   
estimation mid: <8h

   
infinite points
fibonacci complexity: infinite points

  
productisation
features out-scoped with the decoupling of the productisation effort

  
project-management
Project management related tasks

  
question

   
role: application developer

   
role: application operator

   
role: hosting provider

   
role: maintainer

   
security

   
technical debt

   
testing

   
type unclear

   
type: bug
Anything that doesn't work as advertised

  
type: deliverable

   
type: key result

   
type: objective

   
type: task

   
type: user story

   
user experience
No labels
0 points
0.5 points
1 point
13 points
2 points
21 points
3 points
34 points
5 points
55 points
8 points
api service
blocked
component: fediversity panel
component: nixops4
documentation
estimation high: >3d
estimation low: <2h
estimation mid: <8h
infinite points
productisation
project-management
question
role: application developer
role: application operator
role: hosting provider
role: maintainer
security
technical debt
testing
type unclear
type: bug
type: deliverable
type: key result
type: objective
type: task
type: user story
user experience
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
3 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Blocks
#178 admin accounts provisioned for deployed services
fediversity/fediversity
#193 Write a test that validates Pixelfed credentials are indeed valid
fediversity/fediversity
Reference
fediversity/fediversity#190
No description provided.