Make backup admin password configurable

2025-09-10 23:15:37 +08:00 · 2023-02-02 11:31:30 +01:00 · 2023-02-02 11:31:30 +01:00 · 2b63712762
commit 2b63712762
parent 6ab6ed9ef3
8 changed files with 50 additions and 14 deletions
--- a/1
+++ b/1
@ -3,6 +3,7 @@
    - Aupgrade client integrated into NPBackup, that can be called manually via --auto-upgrade or automatically run every n backups
    - Upgrade server which servers files and their metadata
  - Added a gui to create a scheduled task under Windows
+  - Added a gui to configure backup admin password (was compile time setting before)
  - Improved setup.py to provide launch scripts for both Linux and Windows platforms
  - Made windows cloud file filter optional (enabled by default)
  - Added default configuration settings
--- a/examples/npbackup.conf.dist
+++ b/examples/npbackup.conf.dist
@ -63,4 +63,5 @@ options:
  server_username:
  server_password:
  # every 10 NPBackup runs, we'll try an autoupgrade. Never set this lower than 2 since failed upgrades will prevent backups from succeeding
-  interval: 10
+  interval: 10
+  backup_admin_password: NPBackup_00
--- a/npbackup/configuration.py
+++ b/npbackup/configuration.py
@ -18,13 +18,13 @@ from npbackup.customization import ID_STRING

 # Try to import a private key, if not available, fallback to the default key
 try:
-    from npbackup._private_secret_keys import AES_KEY, ADMIN_PASSWORD
+    from npbackup._private_secret_keys import AES_KEY, DEFAULT_BACKUP_ADMIN_PASSWORD
    from npbackup._private_revac import revac

    AES_KEY = revac(AES_KEY)
 except ImportError:
    try:
-        from npbackup.secret_keys import AES_KEY, ADMIN_PASSWORD
+        from npbackup.secret_keys import AES_KEY, DEFAULT_BACKUP_ADMIN_PASSWORD
    except ImportError:
        print("No secret_keys file. Please read documentation.")
        sys.exit(1)
@ -39,6 +39,7 @@ ENCRYPTED_OPTIONS = [
    {"section": "prometheus", "name": "http_password", "type": str},
    {"section": "options", "name": "server_username", "type": str},
    {"section": "options", "name": "server_password", "type": str},
+    {"section": "options", "name": "backup_admin_password", "type": str}
 ]

 empty_config_dict = {
@ -52,7 +53,9 @@ empty_config_dict = {
    "repo": {"minimum_backup_age": 1440},
    "prometheus": {},
    "env": {},
-    "options": {},
+    "options": {
+        "backup_admin_password": DEFAULT_BACKUP_ADMIN_PASSWORD
+    },
 }


--- a/npbackup/gui/config.py
+++ b/npbackup/gui/config.py
@ -22,6 +22,20 @@ from npbackup.path_helper import CURRENT_EXECUTABLE
 logger = getLogger(__intname__)


+def ask_backup_admin_password(config_dict) -> bool:
+    try:
+        backup_admin_password = config_dict['options']['backup_admin_password']
+    except KeyError:
+        backup_admin_password = configuration.DEFAULT_BACKUP_ADMIN_PASSWORD
+    if (
+        sg.PopupGetText(_t("config_gui.enter_backup_admin_password"))
+        == backup_admin_password
+    ):
+        return True
+    sg.PopupError(_t("config_gui.wrong_password"))
+    return False
+
+
 def config_gui(config_dict: dict, config_file: str):
    logger.info("Launching configuration GUI")

@ -39,8 +53,12 @@ def config_gui(config_dict: dict, config_file: str):
            if config_dict[section] is None:
                config_dict[section] = {}
            for entry in config_dict[section].keys():
+                # Don't bother to update admin password since we won't show it
+                if entry == "backup_admin_password":
+                    continue
                try:
                    value = config_dict[section][entry]
+                    # Don't show sensible info unless unencrypted requested
                    if not unencrypted:
                        if entry in [
                            "http_username",
@ -315,6 +333,14 @@ def config_gui(config_dict: dict, config_file: str):
            sg.Text(_t("config_gui.auto_upgrade_interval"), size=(30, 1)),
            sg.Input(key="options---interval", size=(50, 1)),
        ],
+        [sg.HorizontalSeparator(key='sep')],
+        [
+            sg.Text(_t("config_gui.enter_backup_admin_password"), size=(30, 1)),
+            sg.Input(key="backup_admin_password", size=(50, 1), password_char='*'),
+        ],
+        [
+            sg.Button(_t("generic.change"), key="change_backup_admin_password")
+        ]
    ]

    scheduled_task_col = [
@ -427,13 +453,8 @@ def config_gui(config_dict: dict, config_file: str):
            logger.info("Configuration saved successfully.")
            break
        if event == _t("generic.decrypt"):
-            if (
-                sg.PopupGetText(_t("config_gui.enter_backup_admin_password"))
-                == configuration.ADMIN_PASSWORD
-            ):
+            if ask_backup_admin_password(config_dict):
                update_gui(window, config_dict, unencrypted=True)
-            else:
-                sg.PopupError(_t("config_gui.wrong_password"))
        if event == "create_task":
            if os.name == 'nt':
                result = create_scheduled_task(CURRENT_EXECUTABLE, values['scheduled_task_interval'])
@ -443,5 +464,9 @@ def config_gui(config_dict: dict, config_file: str):
                    sg.PopupError(_t("config_gui.scheduled_task_creation_failure"))
            else:
                sg.PopupError(_t("config_gui.scheduled_task_creation_failure"))
+        if event == "change_backup_admin_password":
+            if ask_backup_admin_password(config_dict):
+                config_dict['options']['backup_admin_password'] = values['backup_admin_password']
+                sg.Popup(_t("config_gui.password_updated_please_save"))
    window.close()
    return config_dict
--- a/npbackup/secret_keys.py
+++ b/npbackup/secret_keys.py
@ -19,4 +19,4 @@ __build__ = "2022120401"
 # print(generate_key(32))

 AES_KEY = b"\x9e\xbck\xe4\xc5nkT\x1e\xbf\xb5o\x06\xd3\xc6(\x0e:'i\x1bT\xb3\xf0\x1aC e\x9bd\xa5\xc6"
-ADMIN_PASSWORD = "NPBackup_00"
+DEFAULT_BACKUP_ADMIN_PASSWORD = "NPBackup_00"
--- a/npbackup/translations/config_gui.en.yml
+++ b/npbackup/translations/config_gui.en.yml
@ -48,8 +48,9 @@ en:
  np_binary: Cannot find backup backend. Please install restic binary from restic.net

  configuration_saved: Configuration saved
-  enter_backup_admin_password: Enter backup administrator password
+  enter_backup_admin_password: Backup admin password
  wrong_password: Wrong password
+  password_updated_please_save: Password updated. Please save

  auto_upgrade: Auto upgrade
  auto_upgrade_server_url: Server URL
--- a/npbackup/translations/config_gui.fr.yml
+++ b/npbackup/translations/config_gui.fr.yml
@ -48,8 +48,9 @@ fr:
  no_binary: Impossible de trouver le coeur de sauvegarde. Merci d'installer le binaire restic depuis restic.net

  configuration_saved: Configuration sauvegardée
-  enter_backup_admin_password: Veuillez entrer le mot de passe administrateur de sauvegarde
+  enter_backup_admin_password: Mot de passe admin de sauvegarde
  wrong_password: Mot de passe érroné
+  password_updated_please_save: Mot de passe mis à jour. Veuillez enregistrer

  auto_upgrade: Mise à niveau
  auto_upgrade_server_url: Serveur de mise à niveau
--- a/npbackup/upgrade_client/upgrader.py
+++ b/npbackup/upgrade_client/upgrader.py
@ -110,7 +110,11 @@ def _check_new_version(upgrade_url: str, username: str, password: str) -> bool:
    """
    Check if we have a newer version of npbackup
    """
-    logger.info("Upgrade server is %s", upgrade_url)
+    if upgrade_url:
+        logger.info("Upgrade server is %s", upgrade_url)
+    else:
+        logger.debug("Upgrade server not set")
+        return False
    requestor = Requestor(upgrade_url, username, password)
    requestor.create_session(authenticated=True)
    server_ident = requestor.data_model()