wireguard-ui icon indicating copy to clipboard operation
wireguard-ui copied to clipboard

Published 20 hours ago verified publisher icon ngoduykhanh

[Feature Request] update admin password

Open changchichung opened this issue 4 years ago • 11 comments

can we update admin/password of the ui ? or even more , can we add some other users to login ?

changchichung avatar Dec 15 '20 05:12 changchichung

I'd like to know as well since "admin:admin" isn't that safe to run in production environment.

itsmichaelk avatar Dec 17 '20 09:12 itsmichaelk

It's in db/server/users.json

visualwritings avatar Jan 04 '21 19:01 visualwritings

It's in db/server/users.json

Thank you @visualwritings !!

itsmichaelk avatar Jan 05 '21 07:01 itsmichaelk

I know there's a file keep the account/password . but I think it might be more intuitive and convenient with a simple "user management" to add/delete/update user accounts

changchichung avatar Jan 06 '21 04:01 changchichung

I very much agree @changchichung , my comment was mostly to help out @itsmichaelk .

visualwritings avatar Jan 06 '21 10:01 visualwritings

Yeah, that actually would be more efficient.. since we needed it asap, I was happy to see @visualwritings answer.. 😅

itsmichaelk avatar Jan 06 '21 10:01 itsmichaelk

Personally I'd rather have this not handle authentication itself, I'd rather have Authelia/Proxy Handle HTTPS + Authentication than the end application. It saves the developer time, and he can always direct the user to use these if they need ask for it. Even if you go ahead with this, Please DO add support for Remote-User header + disabling inbuilt auth.

Anunayj avatar Jan 13 '21 17:01 Anunayj

See PR #67 - it's a quick/dirty solution to set the user/pass combo from ENV on container creation. It does not address allowing for multiple user accounts.

I agree with @Anunayj here that for anything more complex than one admin scenarios that authentication should be handled out of band and that the app should instead support Remote-User header for multiple account authentication. If you're in a scenario where you need multiple admins, you probably have an SSO auth provider that you could easily integrate instead, reducing security vulnerabilities you definitely don't want to have with a VPN configuration tool.

On that vein, adding roles (e.g. admin, user) so that users would be scoped to different access levels might be useful as well. I'm thinking here where the user role might only be able to see their non-disabled configuration(s), an admin role would be able to manage them.

kking124 avatar Jun 02 '21 13:06 kking124

It's in db/server/users.json

where exactly

NOXCIS avatar Aug 13 '21 00:08 NOXCIS

Created a PR for setting credentials through env vars. Trying to keep it as idempotent as possible ;) https://github.com/ngoduykhanh/wireguard-ui/pull/90/files

paklids avatar Aug 20 '21 22:08 paklids

It's in db/server/users.json

where exactly

/op/wgui/db/server

MANKUD avatar Oct 03 '21 21:10 MANKUD