rhasspy
rhasspy copied to clipboard
rhasspy
Optional log in screen for Web UI
Hey @synesthesiam ,
I think it would be great to have an optional log in screen for the Rhasspy Web UI that is disabled by default, but could be enabled through the settings. At the moment everyone on your network could open the Web UI and change settings, phrases and just everything else. In case of a complex home automation system where Rhasspy is just one of a lot of system components it would be nice to have it more secure if needed. Situation examples would be, if you have IT interested kids that want to try Rhasspy, but you let them set up their own for testing and want to prevent them from accidently working on the main system or if you are living at your parents house and your siblings just don't like you sometimes 😄
I imagine just a small place in the settings where you could enable the log in screen and define your log in data. After that you could eventually integrate Rhasspy into Heimdall as @koenvervloesem mentioned in his book and access all your satellites through it, too.
Any suggestions for this? I'd like to get it right the first time instead of needing to deprecate something down the road.
I will take a closer look at the settings section of the web UI, think about it and give you a detailed description of my idea. Thanks for considering to implement the function, @synesthesiam 👍
The quart-auth extension implements cookie-bases session authentication, which looks like a good approach.
Note that, as far as I know, Heimdall doesn't have any direct support for authenticating to services you show in its interface, it's really not built for this purpose.
Hey @synesthesiam , today I finally had the time to update my system to 2.5.9 and think about how to realise a log-in screen for Rhasspy. This is what I imagine:
A "Safety" button in the top bar of the WebUi:
If you click the "Safety" button, the safety settings window opens:
If you decide to use the optional log-in feature, the locked input boxes get unlocked and you can unfold the security questions that are meant to log in when you forgot your password:
When using the log-in feature, this pops up as log-in screen when you try to use the WebUI:
If you forgot your password, you can answer the three security questions to log in and check you password:
If we are using three security questions, we could realise a secure way to log in after forgetting the password without the need of a registered mail address. Every failed log in attempt should pop up with time and date after the next successful attempt.
All this combined with the things @koenvervloesem mentioned about integrating Heimdall connectivity would make a cool feature in my opinion. Tell me what you think about it :)
Nice mock-ups! I think the security questions are a bit overkill for a home-based service ;-) And a more logical place seems to be the settings page instead of putting it at the top right, and I would call it "Security Settings" instead of "Safety Settings", but I like the general idea.
Thank you for responding, @koenvervloesem.
You are right, it should be "Security" not "Safety" and the questions might be kind of overkill. I just wanted it to get a high wife approval factor and my wife likes very secure smart home devices 😅
I chose the place for the button, because everything in the settings is about the main functionality of Rhasspy and @synesthesiam added my last idea which had nothing to do with voice recognition as a button in the top right corner (restart / shutdown host).
Thanks for the feedback! Another important point to consider: API endpoints. You can't really "log in" from NodeRED, but it makes sense to protect both the Web UI and the API endpoints.
I'm thinking that quart-auth would be useful for protecting the Web UI. Do we need multiple users, or just a password? For Rhasspy, I don't think we need to go with security questions since the user who controls the profile should always be able to reset everything (Rhasspy's security model assumes access to the profile directory is guarded).
For the API endpoints, I think we could use the "Auth" header like Home Assistant does. Something like "Bearer:
Thoughts?
Hey @synesthesiam, you are right, we do not need the security questions. I just thought I'll add everything that might be useful and comes to my mind so we have a point to start the discussion about the feature.
As you mentioned, there is "the user" that controls the system, so I don't think we need to have multiple profiles, unless you want one Rhasspy base with multiple profiles, that lets each person in the household configure the satellite in his or her own room when logged into the matching WebUI profile.
To secure the API endpoints, it's sounds like a good idea to do it similar to Home Assistant, so new unexperienced users will only have to learn one method for both systems and not a separate one for each.
I hope this has not been abandoned as I would really like to see some security features to bolt down the management interface of Rhasspy. May I add that the very loud logs (all on DEBUG by default) are "spraying" around the external MQTT password as sensitive data is not anonymized in the logs. So anybody on the network will be able to catch this (either through the Web UI or the log stream on websockets).
Do we need multiple users, or just a password?
I'd opt for a simple password. The typical Rhasspy user would be the one and only administrator at home, I guess.
For the API endpoints, I think we could use the "Auth" header like Home Assistant does. Something like "Bearer: " where "" is a random string you can generate in the Web UI with a name (and later revoke if needed). I would probably just store them in the profile.
I like the token-based approach. Easy to work with.
