2013-10-29 - [GRASE-Hotspot] No username/password logins!

Header Data

From: Timothy White <ti***8@gmail.com>
Message Hash: 02aadf14957f216376d1d40447d5aeb648d7e2b927f898bf417fe5d32646df88
Message ID: <CAESLx0JCiN+k3czB0NYdn3xcWeNqKoONm2zup52kT8TR7OXMnQ@mail.gmail.com>
Reply To: N/A
UTC Datetime: 2013-10-29 03:32:33 UTC
Raw Date: Tue, 29 Oct 2013 20:32:33 +1000

Raw message 

Hey everyone

I've not had much time to work on Grase in the lasts few months, but I do
have a number of things I've been slowly developing in the background!

The one I want to let everyone know about, is "Free Logins" or "Just accept
TOS to use", etc etc.
It's still in testing, but I've just put it live in a second site for more
testing, and currently it's not highly customisable i.e. the button is
ether there or not, not customisation of what it says, and no forcing you
to click the "I accept" checkbox, as ideally you already have informed
users that by logging in they must accept the TOS.

The way it works is simple. At the login screen, there is a "Free Access"
button above the login form. It's only visible if enabled. Clicking the
button causes a few requests back and forth, which creates an account for
that computer, based on the "auto create" group in settings. It then does
the CHAP challenge/response server side, so the accounts password is never
sent to the client, preventing people logging in with these accounts for
another computer (as all the passwords are the same). The server sends the
chap response back to the login form, which then does a normal login, just
without ever seeing the password.
Mission accomplished!

In the backend, it's rather simple, a random long password is generated for
the "autocreate" users. Then based on the computers MAC address, we
generate them a funky unique username, in the group specified, and do the
login. This way we can use that group to limit them, for example with a
timelimit per day, and speed limiting.

My dev machine is currently not local to me for a week or so, but once it
is, I'll get proper packages built and in the dev repository. (Code is
already in bzr for those who want to build it themselves)

Tim

Thread