Skip to main content

Accounts

Main concepts #

  • Passwords are hashed and never visible to administrators
  • 4 main types of account: Developer, Manager, Student, Restricted
  • You can reset your password at any time

Role Higherarchy System #

graph LR; R([Restricted])-->S([Student]); S-->M([Manager]) M-->D([Developer])
Role Permissions
Developer Debug and developer page access
Manager Manage user accounts
Student Use printers
Restricted View printers

Password Reset system All Users #

There is a very simple password reset system with a few options

1. User submitted #

Once logged in, a user can request their password to be reset

2. Manager submitted #

Managers have an account management page that can also request that each users password be reset

My password is reset, now what? #

Upon your next login, the password used is what will be set

User Configuration Manager Developer #

Visible by clicking the Account Management button on the home page This enables you to do the following

  • Update a users role
  • Reset their password
    • You cannot view or manually change their password
    • This reset does not require knowledge of their existing password
  • Revoke their login
  • Create new users

Password Verification & Lockout protections #

There are various protections set inplace to ensure security, but also make sure users aren’t locked out from the system

Standard Password Verification Process #

When a user logs in, it will search for the user (not case sensitive) in the registered users and will compare hashes

As part of the password reset function or account creation process a hash could be set to null in which case it will hash and set the users password to that and let them in regardless

Account lockout protections #

There are a few cases in which users will be automatically let in

  1. /ref/config.json does not exist
  2. students does not exist in the config file
  3. Username submitted is “team302” with any capitalization

Role authentication & Lockout protections #

How a users role is determined after setup #

Your role is assigned to you by a manager, or a developer
They have a dashboard to change this if needed
If a user does not have a role defined in /ref/config.json then they are automatically assigned restricted

How a users role is determined during setup #

During setup, the root user is automatically given the role of developer to ensure they have adaquite permissions to continue setup

Role lockout protections #

There are a few cases in which users will be automatically assigned as a developer

  1. /ref/config.json does not exist
  2. students does not exist in the config file
  3. Username submitted is “team302” with any capitalization