Authentication: add read-only mode #17488
Comments
|
We already have the account system (admin password) in place. We could provide a user setting to require authentication for all endpoints. Right now, it's only required for accessing logs or changing configuration. Can you be more specific on what you would like protected or not? Read-only mode? Should it be allowed for everyone to see charging situation and sessions/stats? |
|
Thanks for the quick response. Yes, it'd be great to lock more functions behind the admin password. Basically, a read-only mode would be great. |
naltatis
changed the title
|
Ok, thanks for your clarification. Implementing this should not be too complicated. However, we've a lot of other topics right now. For the meantime, the way to go would be to add basic auth via a reverse proxy. |
|
Its not clear to me how evcc should do this since read-only mode could not be left. Imho wontfix. |
|
My solution would be quite simple. We'd add auth requirement to all http endpoints that mutate state. When the user triggers a UI action (mode change, limit change, ...) it receives a "401 Unauthorized" HTTP response and will then prompt the users with the Login-Dialog. The described 401 > Login Mechanism already exists for all config-Endpoints. What needs to be done in this issue is make this behavior configurable (Config UI) and ensure and test that we've address all the right endpoints. |
Is your feature request related to a problem? Please describe.
It's great to have the EVCC Dashboard available to everyone. However, it's possible for everyone to change the charging profiles and limits too.
Describe the solution you'd like
It'd be great to lock these features. Changing these values should only be possible when authenticated with the password provided.
Describe alternatives you've considered
Restrict access to the entire EVCC dashboard (with something like HTTP Basic Auth)
The text was updated successfully, but these errors were encountered: