# SME Server Password Change Application - Deployment Guide

## Overview
This Python Flask application provides a web interface for changing user passwords on SME Server systems. It interfaces with the smeserver configuration database and uses `signal-event password-update` to properly apply password changes.

## Features
- ✅ Web interface matching the original SME Server design
- ✅ Integration with SME Server configuration database
- ✅ Password strength validation
- ✅ Current password verification
- ✅ Uses `signal-event password-update` for proper password updates
- ✅ Responsive design for mobile and desktop
- ✅ Error handling and security measures
- ✅ Demo mode for testing

## System Requirements
- SME Server 10 or 11
- Python 3.6 or higher
- Flask and Flask-CORS Python packages
- Root access for installation

## Installation Methods

### Method 1: Automated Installation (Recommended)
1. Copy the entire application directory to your SME Server
2. Run the installation script as root:
   ```bash
   sudo ./install.sh
   ```
3. The script will:
   - Install Python dependencies
   - Create a systemd service
   - Start the application automatically
   - Configure it to start on boot

### Method 2: Manual Installation
1. Install Python dependencies:
   ```bash
   pip3 install Flask==2.3.3 Flask-CORS==4.0.0
   ```

2. Copy application files to `/opt/smeserver-password-app/`

3. Create systemd service file at `/etc/systemd/system/smeserver-password-web.service`:
   ```ini
   [Unit]
   Description=SME Server Password Change Web Application
   After=network.target

   [Service]
   Type=simple
   User=root
   WorkingDirectory=/opt/smeserver-password-app
   Environment=FLASK_ENV=production
   ExecStart=/usr/bin/python3 /opt/smeserver-password-app/app.py
   Restart=always
   RestartSec=10

   [Install]
   WantedBy=multi-user.target
   ```

4. Enable and start the service:
   ```bash
   systemctl daemon-reload
   systemctl enable smeserver-password-web
   systemctl start smeserver-password-web
   ```

## Configuration

### Port Configuration
By default, the application runs on port 5000. To change the port:
1. Edit `app.py` and modify the port in the last line
2. Restart the service: `systemctl restart smeserver-password-web`

### Security Configuration
- The application runs as root to access SME Server system commands
- Change the secret key in production by setting the `SECRET_KEY` environment variable
- Consider using a reverse proxy (nginx/apache) for SSL termination

### Firewall Configuration
Open the application port in the SME Server firewall:
```bash
# For port 5000
db configuration setprop httpd-admin TCPPort 5000
signal-event remoteaccess-update
```

## Usage

### Accessing the Application
- Open a web browser and navigate to: `http://your-server-ip:5000`
- Fill in the form with:
  - Your account username
  - Current password
  - New password (twice for verification)
- Click "Change Password"

### Password Requirements
- Minimum 7 characters
- Maximum 127 characters
- Must contain at least one letter and one number
- Cannot contain certain special characters (: ; | & ! \ " ')

## Testing

### Demo Mode
For testing without SME Server tools, use the demo mode:
```bash
python3 demo_mode.py
```

Demo users available:
- Username: `testuser`, Password: `oldpassword123`
- Username: `admin`, Password: `adminpass456`
- Username: `john`, Password: `johnpass789`

### Production Testing
1. Verify the service is running: `systemctl status smeserver-password-web`
2. Check logs: `journalctl -u smeserver-password-web -f`
3. Test with a non-critical user account first

## Troubleshooting

### Service Won't Start
- Check logs: `journalctl -u smeserver-password-web`
- Verify Python dependencies are installed
- Ensure port is not in use by another service

### Password Changes Fail
- Verify the user account exists in the SME Server accounts database
- Check that `signal-event` command is available
- Ensure the application has root privileges

### Permission Errors
- The application must run as root to access system commands
- Verify file permissions in the application directory

## Security Considerations
- This application requires root privileges to function properly
- Use HTTPS in production environments
- Consider implementing rate limiting for password change attempts
- Monitor logs for suspicious activity
- Keep the application updated

## File Structure
```
smeserver-password-app/
├── app.py                    # Main Flask application
├── smeserver_utils.py        # SME Server integration utilities
├── demo_mode.py             # Demo version for testing
├── requirements.txt         # Python dependencies
├── install.sh              # Automated installation script
├── templates/
│   └── password_change.html # Web interface template
├── static/
│   └── css/
│       └── style.css       # Styling to match SME Server design
├── README.md               # Project documentation
└── DEPLOYMENT.md          # This deployment guide
```

## Support
For issues or questions:
1. Check the application logs
2. Verify SME Server system status
3. Test with demo mode to isolate issues
4. Review the source code for customization needs