What problem are you trying to solve? Please describe.
Would like to remain logged into CALDERA after restarting the server (e.g. during development or frequent testing). Users shouldn't have to get redirected back to the login screen every time the server restarts.
The ideal solution: What should the feature do?
Allow user's browsers to continue using the same session cookie even after the server restarts, unless the user explicitly logs out.
Currently, Caldera seems to auto-generate a new cookie storage key each time on start-up, which invalidates any previously generated session cookies. To implement persistent logins, this key would have to persist across server reboots. This could be done by storing the key encrypted on disk and only generated it if it's not already on disk.
What category of feature is this?
If you have code or pseudo-code please provide:
On server startup:
- if cookie storage key is available on disk in the
/data directory, decrypt it and use it.
- If cookie storage key is not available on disk, generate a new one like before, save it encrypted on disk in the
/data directory, and use it
Existing encrypted file read/writes from file_svc.py can be used (example code, UNTESTED):
async def fetch_cookie_storage_key(self):
'''
Decrypts the cookie storage key from data/cookie_storage_key if available.
Otherwise, generates a new key and saves it encrypted on disk.
'''
secret_key = b''
try:
return await self.get_service('file_svc').read_file(COOKIE_STORAGE_KEY_FILE, 'data')
except FileNotFoundError:
# Generate a new key
self.log.info('No cookie storage key found. Generating a new one.')
fernet_key = fernet.Fernet.generate_key()
secret_key = base64.urlsafe_b64decode(fernet_key)
await self.get_service('file_svc').save_file(COOKIE_STORAGE_KEY_FILE, secret_key, 'data')
return secret_keyAdditional context
implementation will require testing with default login and LDAP-based login to ensure existing functionality is maintained
What problem are you trying to solve? Please describe.
Would like to remain logged into CALDERA after restarting the server (e.g. during development or frequent testing). Users shouldn't have to get redirected back to the login screen every time the server restarts.
The ideal solution: What should the feature do?
Allow user's browsers to continue using the same session cookie even after the server restarts, unless the user explicitly logs out.
Currently, Caldera seems to auto-generate a new cookie storage key each time on start-up, which invalidates any previously generated session cookies. To implement persistent logins, this key would have to persist across server reboots. This could be done by storing the key encrypted on disk and only generated it if it's not already on disk.
What category of feature is this?
If you have code or pseudo-code please provide:
On server startup:
/datadirectory, decrypt it and use it./datadirectory, and use itExisting encrypted file read/writes from file_svc.py can be used (example code, UNTESTED):
Additional context
implementation will require testing with default login and LDAP-based login to ensure existing functionality is maintained