Revert "Move root password menu into authentication menu (#3650)"
This reverts commit e0c3bb3869.
This commit is contained in:
parent
e0c3bb3869
commit
8d29fbd07f
|
|
@ -23,8 +23,6 @@ from archinstall.lib.models.network_configuration import NetworkConfiguration
|
|||
from archinstall.lib.models.packages import Repository
|
||||
from archinstall.lib.models.profile import ProfileConfiguration
|
||||
from archinstall.lib.models.users import Password, User
|
||||
from archinstall.lib.models.profile_model import ProfileConfiguration
|
||||
from archinstall.lib.models.users import Password, User, UserSerialization
|
||||
from archinstall.lib.output import debug, error, logger, warn
|
||||
from archinstall.lib.plugins import load_plugin
|
||||
from archinstall.lib.translationhandler import Language, tr, translation_handler
|
||||
|
|
@ -80,15 +78,14 @@ class ArchConfig:
|
|||
|
||||
# Special fields that should be handle with care due to security implications
|
||||
users: list[User] = field(default_factory=list)
|
||||
root_enc_password: Password | None = None
|
||||
|
||||
def unsafe_json(self) -> dict[str, Any]:
|
||||
config: dict[str, list[UserSerialization] | str | None] = {
|
||||
config = {
|
||||
'users': [user.json() for user in self.users],
|
||||
'root_enc_password': self.root_enc_password.enc_password if self.root_enc_password else None,
|
||||
}
|
||||
|
||||
if self.auth_config and self.auth_config.root_enc_password:
|
||||
config['root_enc_password'] = self.auth_config.root_enc_password.enc_password
|
||||
|
||||
if self.disk_config:
|
||||
disk_encryption = self.disk_config.disk_encryption
|
||||
if disk_encryption and disk_encryption.encryption_password:
|
||||
|
|
@ -225,17 +222,11 @@ class ArchConfig:
|
|||
arch_config.services = services
|
||||
|
||||
# DEPRECATED: backwards compatibility
|
||||
root_password = None
|
||||
if root_password := args_config.get('!root-password', None):
|
||||
root_password = Password(plaintext=root_password)
|
||||
arch_config.root_enc_password = Password(plaintext=root_password)
|
||||
|
||||
if enc_password := args_config.get('root_enc_password', None):
|
||||
root_password = Password(enc_password=enc_password)
|
||||
|
||||
if root_password is not None:
|
||||
if arch_config.auth_config is None:
|
||||
arch_config.auth_config = AuthenticationConfiguration()
|
||||
arch_config.auth_config.root_enc_password = root_password
|
||||
arch_config.root_enc_password = Password(enc_password=enc_password)
|
||||
|
||||
if custom_commands := args_config.get('custom_commands', []):
|
||||
arch_config.custom_commands = custom_commands
|
||||
|
|
|
|||
|
|
@ -3,9 +3,7 @@ from typing import override
|
|||
from archinstall.lib.disk.fido import Fido2
|
||||
from archinstall.lib.menu.abstract_menu import AbstractSubMenu
|
||||
from archinstall.lib.models.authentication import AuthenticationConfiguration, U2FLoginConfiguration, U2FLoginMethod
|
||||
from archinstall.lib.models.users import Password
|
||||
from archinstall.lib.translationhandler import tr
|
||||
from archinstall.lib.utils.util import get_password
|
||||
from archinstall.tui.curses_menu import SelectMenu
|
||||
from archinstall.tui.menu_item import MenuItem, MenuItemGroup
|
||||
from archinstall.tui.result import ResultType
|
||||
|
|
@ -35,12 +33,6 @@ class AuthenticationMenu(AbstractSubMenu[AuthenticationConfiguration]):
|
|||
|
||||
def _define_menu_options(self) -> list[MenuItem]:
|
||||
return [
|
||||
MenuItem(
|
||||
text=tr('Root password'),
|
||||
action=select_root_password,
|
||||
preview_action=self._prev_root_pwd,
|
||||
key='root_enc_password',
|
||||
),
|
||||
MenuItem(
|
||||
text=tr('U2F login setup'),
|
||||
action=select_u2f_login,
|
||||
|
|
@ -50,18 +42,6 @@ class AuthenticationMenu(AbstractSubMenu[AuthenticationConfiguration]):
|
|||
),
|
||||
]
|
||||
|
||||
def _prev_root_pwd(self, item: MenuItem) -> str | None:
|
||||
if item.value is not None:
|
||||
password: Password = item.value
|
||||
return f'{tr("Root password")}: {password.hidden()}'
|
||||
return None
|
||||
|
||||
def _depends_on_u2f(self) -> bool:
|
||||
devices = Fido2.get_fido2_devices()
|
||||
if not devices:
|
||||
return False
|
||||
return True
|
||||
|
||||
def _prev_u2f_login(self, item: MenuItem) -> str | None:
|
||||
if item.value is not None:
|
||||
u2f_config: U2FLoginConfiguration = item.value
|
||||
|
|
@ -81,11 +61,6 @@ class AuthenticationMenu(AbstractSubMenu[AuthenticationConfiguration]):
|
|||
return None
|
||||
|
||||
|
||||
def select_root_password(preset: str | None = None) -> Password | None:
|
||||
password = get_password(text=tr('Root password'), allow_skip=True)
|
||||
return password
|
||||
|
||||
|
||||
def select_u2f_login(preset: U2FLoginConfiguration) -> U2FLoginConfiguration | None:
|
||||
devices = Fido2.get_fido2_devices()
|
||||
if not devices:
|
||||
|
|
|
|||
|
|
@ -34,11 +34,10 @@ from .models.network_configuration import NetworkConfiguration, NicType
|
|||
from .models.packages import Repository
|
||||
from .models.profile import ProfileConfiguration
|
||||
from .models.users import Password, User
|
||||
from .models.profile_model import ProfileConfiguration
|
||||
from .models.users import User
|
||||
from .output import FormattedOutput
|
||||
from .pacman.config import PacmanConfig
|
||||
from .translationhandler import Language, tr, translation_handler
|
||||
from .utils.util import get_password
|
||||
|
||||
|
||||
class GlobalMenu(AbstractMenu[None]):
|
||||
|
|
@ -111,9 +110,16 @@ class GlobalMenu(AbstractMenu[None]):
|
|||
preview_action=self._prev_hostname,
|
||||
key='hostname',
|
||||
),
|
||||
MenuItem(
|
||||
text=tr('Root password'),
|
||||
action=self._set_root_password,
|
||||
preview_action=self._prev_root_pwd,
|
||||
key='root_enc_password',
|
||||
),
|
||||
MenuItem(
|
||||
text=tr('Authentication'),
|
||||
action=self._select_authentication,
|
||||
value=[],
|
||||
preview_action=self._prev_authentication,
|
||||
key='auth_config',
|
||||
),
|
||||
|
|
@ -224,16 +230,13 @@ class GlobalMenu(AbstractMenu[None]):
|
|||
|
||||
missing = set()
|
||||
|
||||
item: MenuItem = self._item_group.find_by_key('auth_config')
|
||||
auth_config: AuthenticationConfiguration | None = item.value
|
||||
|
||||
if (auth_config is None or auth_config.root_enc_password is None) and not has_superuser():
|
||||
missing.add(
|
||||
tr('Either root-password or at least 1 user with sudo privileges must be specified'),
|
||||
)
|
||||
|
||||
for item in self._item_group.items:
|
||||
if item.mandatory:
|
||||
if item.key in ['root_enc_password', 'users']:
|
||||
if not check('root_enc_password') and not has_superuser():
|
||||
missing.add(
|
||||
tr('Either root-password or at least 1 user with sudo privileges must be specified'),
|
||||
)
|
||||
elif item.mandatory:
|
||||
assert item.key is not None
|
||||
if not check(item.key):
|
||||
missing.add(item.text)
|
||||
|
|
@ -311,9 +314,6 @@ class GlobalMenu(AbstractMenu[None]):
|
|||
auth_config: AuthenticationConfiguration = item.value
|
||||
output = ''
|
||||
|
||||
if auth_config.root_enc_password:
|
||||
output += f'{tr("Root password")}: {auth_config.root_enc_password.hidden()}\n'
|
||||
|
||||
if auth_config.u2f_config:
|
||||
u2f_config = auth_config.u2f_config
|
||||
login_method = u2f_config.u2f_login_method.display_value()
|
||||
|
|
@ -400,6 +400,12 @@ class GlobalMenu(AbstractMenu[None]):
|
|||
return f'{tr("Hostname")}: {item.value}'
|
||||
return None
|
||||
|
||||
def _prev_root_pwd(self, item: MenuItem) -> str | None:
|
||||
if item.value is not None:
|
||||
password: Password = item.value
|
||||
return f'{tr("Root password")}: {password.hidden()}'
|
||||
return None
|
||||
|
||||
def _prev_parallel_dw(self, item: MenuItem) -> str | None:
|
||||
if item.value is not None:
|
||||
return f'{tr("Parallel Downloads")}: {item.value}'
|
||||
|
|
@ -504,6 +510,10 @@ class GlobalMenu(AbstractMenu[None]):
|
|||
|
||||
return None
|
||||
|
||||
def _set_root_password(self, preset: str | None = None) -> Password | None:
|
||||
password = get_password(text=tr('Root password'), allow_skip=True)
|
||||
return password
|
||||
|
||||
def _select_disk_config(
|
||||
self,
|
||||
preset: DiskLayoutConfiguration | None = None,
|
||||
|
|
|
|||
|
|
@ -2,7 +2,6 @@ from dataclasses import dataclass
|
|||
from enum import Enum
|
||||
from typing import Any, NotRequired, TypedDict
|
||||
|
||||
from archinstall.lib.models.users import Password
|
||||
from archinstall.lib.translationhandler import tr
|
||||
|
||||
|
||||
|
|
@ -59,7 +58,6 @@ class U2FLoginConfiguration:
|
|||
|
||||
@dataclass
|
||||
class AuthenticationConfiguration:
|
||||
root_enc_password: Password | None = None
|
||||
u2f_config: U2FLoginConfiguration | None = None
|
||||
|
||||
@staticmethod
|
||||
|
|
@ -69,9 +67,6 @@ class AuthenticationConfiguration:
|
|||
if (u2f_config := args.get('u2f_config')) is not None:
|
||||
auth_config.u2f_config = U2FLoginConfiguration.parse_arg(u2f_config)
|
||||
|
||||
if enc_password := args.get('root_enc_password'):
|
||||
auth_config.root_enc_password = Password(enc_password=enc_password)
|
||||
|
||||
return auth_config
|
||||
|
||||
def json(self) -> AuthenticationSerialization:
|
||||
|
|
|
|||
|
|
@ -100,8 +100,8 @@ class PasswordStrength(Enum):
|
|||
return PasswordStrength.VERY_WEAK
|
||||
|
||||
|
||||
UserSerialization = TypedDict(
|
||||
'UserSerialization',
|
||||
_UserSerialization = TypedDict(
|
||||
'_UserSerialization',
|
||||
{
|
||||
'username': str,
|
||||
'!password': NotRequired[str],
|
||||
|
|
@ -173,7 +173,7 @@ class User:
|
|||
'groups': self.groups,
|
||||
}
|
||||
|
||||
def json(self) -> UserSerialization:
|
||||
def json(self) -> _UserSerialization:
|
||||
return {
|
||||
'username': self.username,
|
||||
'enc_password': self.password.enc_password,
|
||||
|
|
@ -184,7 +184,7 @@ class User:
|
|||
@classmethod
|
||||
def parse_arguments(
|
||||
cls,
|
||||
args: list[UserSerialization],
|
||||
args: list[_UserSerialization],
|
||||
) -> list['User']:
|
||||
users: list[User] = []
|
||||
|
||||
|
|
|
|||
|
|
@ -138,8 +138,8 @@ def perform_installation(mountpoint: Path) -> None:
|
|||
if accessibility_tools_in_use():
|
||||
installation.enable_espeakup()
|
||||
|
||||
if config.auth_config and config.auth_config.root_enc_password:
|
||||
root_user = User('root', config.auth_config.root_enc_password, False)
|
||||
if root_pw := config.root_enc_password:
|
||||
root_user = User('root', root_pw, False)
|
||||
installation.set_user_password(root_user)
|
||||
|
||||
if (profile_config := config.profile_config) and profile_config.profile:
|
||||
|
|
|
|||
|
|
@ -134,7 +134,6 @@ def test_config_file_parsing(
|
|||
audio_config=AudioConfiguration(audio=Audio.PIPEWIRE),
|
||||
),
|
||||
auth_config=AuthenticationConfiguration(
|
||||
root_enc_password=Password(enc_password='password_hash'),
|
||||
u2f_config=U2FLoginConfiguration(
|
||||
u2f_login_method=U2FLoginMethod.Passwordless,
|
||||
passwordless_sudo=True,
|
||||
|
|
@ -224,6 +223,7 @@ def test_config_file_parsing(
|
|||
),
|
||||
],
|
||||
services=['service_1', 'service_2'],
|
||||
root_enc_password=Password(enc_password='password_hash'),
|
||||
custom_commands=["echo 'Hello, World!'"],
|
||||
)
|
||||
|
||||
|
|
@ -280,8 +280,7 @@ def test_deprecated_creds_config_parsing(
|
|||
handler = ArchConfigHandler()
|
||||
arch_config = handler.config
|
||||
|
||||
assert arch_config.auth_config is not None
|
||||
assert arch_config.auth_config.root_enc_password == Password(plaintext='rootPwd')
|
||||
assert arch_config.root_enc_password == Password(plaintext='rootPwd')
|
||||
|
||||
assert arch_config.users == [
|
||||
User(
|
||||
|
|
@ -332,8 +331,7 @@ def test_encrypted_creds_with_arg(
|
|||
handler = ArchConfigHandler()
|
||||
arch_config = handler.config
|
||||
|
||||
assert arch_config.auth_config is not None
|
||||
assert arch_config.auth_config.root_enc_password == Password(enc_password='$y$j9T$FWCInXmSsS.8KV4i7O50H.$Hb6/g.Sw1ry888iXgkVgc93YNuVk/Rw94knDKdPVQw7')
|
||||
assert arch_config.root_enc_password == Password(enc_password='$y$j9T$FWCInXmSsS.8KV4i7O50H.$Hb6/g.Sw1ry888iXgkVgc93YNuVk/Rw94knDKdPVQw7')
|
||||
assert arch_config.users == [
|
||||
User(
|
||||
username='t',
|
||||
|
|
@ -361,8 +359,7 @@ def test_encrypted_creds_with_env_var(
|
|||
handler = ArchConfigHandler()
|
||||
arch_config = handler.config
|
||||
|
||||
assert arch_config.auth_config is not None
|
||||
assert arch_config.auth_config.root_enc_password == Password(enc_password='$y$j9T$FWCInXmSsS.8KV4i7O50H.$Hb6/g.Sw1ry888iXgkVgc93YNuVk/Rw94knDKdPVQw7')
|
||||
assert arch_config.root_enc_password == Password(enc_password='$y$j9T$FWCInXmSsS.8KV4i7O50H.$Hb6/g.Sw1ry888iXgkVgc93YNuVk/Rw94knDKdPVQw7')
|
||||
assert arch_config.users == [
|
||||
User(
|
||||
username='t',
|
||||
|
|
|
|||
Loading…
Reference in New Issue