The default password must be changed on the first access

[avivace]

Having the same password for every device is a serious security issue (webcam stream, ...)

(1) I propose to disable every route and make the web application unusable until the password is changed.

On the backend:

• Implement a change wifi password route
• check the password, if it's the default, disable every route but the change wifi password one, then force a redirect to a change password page on the frontend

On the frontend:

• Implement a simple page allowing to change the password

(2) An alternative could be to generate a new password, show it to the user, making sure the user has taken note of (confirmation dialog?) then reboot the wifi service and apply the new password, on the first run.

Any opinion on this? @previ @leonardo77

[leonardo77]

(1) seems ok to me, but we also need the possibility to reset the password. If we add a hardware button we can exploit it to trigger the password reset, assuming that anyone who has the access to the robot can set its password.

[previ]

Agree, (1) looks good to me. The password, as well as the ssid, could be changed via web ui, old version. It implemented in wifi.py; it's a little cumbersome, but it should work.