brianr/StandalonePasswordChange
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a6cc1b40ee02262d14fc6a4aa333d1ee31d01e7f
StandalonePasswordChange/python-flask/smeserver-password-app/DEPLOYMENT.md

171 lines
5.2 KiB
Markdown
Raw Normal View History

Initial code for password change in python flask
2025-07-16 14:13:26 +01:00
# SME Server Password Change Application - Deployment Guide
## Overview
This Python Flask application provides a web interface for changing user passwords on SME Server systems. It interfaces with the smeserver configuration database and uses `signal-event password-update` to properly apply password changes.
## Features
- ✅ Web interface matching the original SME Server design
- ✅ Integration with SME Server configuration database
- ✅ Password strength validation
- ✅ Current password verification
- ✅ Uses `signal-event password-update` for proper password updates
- ✅ Responsive design for mobile and desktop
- ✅ Error handling and security measures
- ✅ Demo mode for testing
## System Requirements
- SME Server 10 or 11
- Python 3.6 or higher
- Flask and Flask-CORS Python packages
- Root access for installation
## Installation Methods
### Method 1: Automated Installation (Recommended)
1. Copy the entire application directory to your SME Server
2. Run the installation script as root:
```bash
sudo ./install.sh
```
3. The script will:
- Install Python dependencies
- Create a systemd service
- Start the application automatically
- Configure it to start on boot
### Method 2: Manual Installation
1. Install Python dependencies:
```bash
pip3 install Flask==2.3.3 Flask-CORS==4.0.0
```
2. Copy application files to `/opt/smeserver-password-app/`
3. Create systemd service file at `/etc/systemd/system/smeserver-password-web.service`:
```ini
[Unit]
Description=SME Server Password Change Web Application
After=network.target
[Service]
Type=simple
User=root
WorkingDirectory=/opt/smeserver-password-app
Environment=FLASK_ENV=production
ExecStart=/usr/bin/python3 /opt/smeserver-password-app/app.py
Restart=always
RestartSec=10
[Install]
WantedBy=multi-user.target
```
4. Enable and start the service:
```bash
systemctl daemon-reload
systemctl enable smeserver-password-web
systemctl start smeserver-password-web
```
## Configuration
### Port Configuration
By default, the application runs on port 5000. To change the port:
1. Edit `app.py` and modify the port in the last line
2. Restart the service: `systemctl restart smeserver-password-web`
### Security Configuration
- The application runs as root to access SME Server system commands
- Change the secret key in production by setting the `SECRET_KEY` environment variable
- Consider using a reverse proxy (nginx/apache) for SSL termination
### Firewall Configuration
Open the application port in the SME Server firewall:
```bash
# For port 5000
db configuration setprop httpd-admin TCPPort 5000
signal-event remoteaccess-update
```
## Usage
### Accessing the Application
- Open a web browser and navigate to: `http://your-server-ip:5000`
- Fill in the form with:
- Your account username
- Current password
- New password (twice for verification)
- Click "Change Password"
### Password Requirements
- Minimum 7 characters
- Maximum 127 characters
- Must contain at least one letter and one number
- Cannot contain certain special characters (: ; | & ! \ " ')
## Testing
### Demo Mode
For testing without SME Server tools, use the demo mode:
```bash
python3 demo_mode.py
```
Demo users available:
- Username: `testuser`, Password: `oldpassword123`
- Username: `admin`, Password: `adminpass456`
- Username: `john`, Password: `johnpass789`
### Production Testing
1. Verify the service is running: `systemctl status smeserver-password-web`
2. Check logs: `journalctl -u smeserver-password-web -f`
3. Test with a non-critical user account first
## Troubleshooting
### Service Won't Start
- Check logs: `journalctl -u smeserver-password-web`
- Verify Python dependencies are installed
- Ensure port is not in use by another service
### Password Changes Fail
- Verify the user account exists in the SME Server accounts database
- Check that `signal-event` command is available
- Ensure the application has root privileges
### Permission Errors
- The application must run as root to access system commands
- Verify file permissions in the application directory
## Security Considerations
- This application requires root privileges to function properly
- Use HTTPS in production environments
- Consider implementing rate limiting for password change attempts
- Monitor logs for suspicious activity
- Keep the application updated
## File Structure
```
smeserver-password-app/
├── app.py # Main Flask application
├── smeserver_utils.py # SME Server integration utilities
├── demo_mode.py # Demo version for testing
├── requirements.txt # Python dependencies
├── install.sh # Automated installation script
├── templates/
│ └── password_change.html # Web interface template
├── static/
│ └── css/
│ └── style.css # Styling to match SME Server design
├── README.md # Project documentation
└── DEPLOYMENT.md # This deployment guide
```
## Support
For issues or questions:
1. Check the application logs
2. Verify SME Server system status
3. Test with demo mode to isolate issues
4. Review the source code for customization needs
Reference in New Issue Copy Permalink