This forum uses cookies
This forum makes use of cookies to store your login information if you are registered, and your last visit if you are not. Cookies are small text documents stored on your computer; the cookies set by this forum can only be used on this website and pose no security risk. Cookies on this forum also track the specific topics you have read and when you last read them. Please confirm that you accept these cookies being set.

Create user by code
#1
Hello,

I know that user info is stored in /etc/config/httpd.

How can I create new user for http-Auth by lua-code?
It is some API for that?


Thank you
Reply
#2
You cannot create users this way. Normal users are stored in the main database. The only way for now is to use http requests to local web server, the same way as UI does it. The only thing that can be complex if you need ACL instead of full or no access to visualization, trends and schedulers.
Reply
#3
Ok, thanks.

It is any documentation about access to main database?
Reply
#4
This cannot be done with DB access. Here's an example of HTTP request which creates a new user. Change admin password in socket.http.request call.

Code:
require('json')
require('socket.http')
require('socket.url')

data = {
  name = 'test', -- full name
  login = 'testtest', -- login
  password = '123456', -- password
  password_repeat = '123456', -- must match password
  access_vis = 'F', -- full access to visualization
  access_schedulers = '', -- no access to schedulers
  access_trends = 'F', -- full access to trends
}

post = 'data=' .. socket.url.escape(json.encode(data))
res, err = socket.http.request('http://admin:admin@127.0.0.1/scada-main/users/save', post)
log(res, err)
Reply
#5
Good, use this script and it worked without any problem. But in my case, if I have created the users and the pages that can be displayed, but I need to change the passwords of these users, by code and with the help of a 250 byte input object String the password is modified or it is random , if the above could be?
Reply
#6
If you want to edit an existing user then you need to pass user ID in data table:
Code:
data = {
  id = 123,
  name = 'test',
  ...

You can get user IDs via a script:
Code:
users = db:getall('SELECT id, login FROM users')
log(users)
Reply
#7
Admin, thanks for answering. Request the user ID and with this help, I could change the password of the user, the inconvenience is that I only want to change your password, but I want to keep the pages that user could see. Try to create the user previously, giving permission to certain pages, then executing the code but in the access_vis = part change it to 'P'. When observing that he executed the code correctly, I verify the user Access and I notice that the pages that I had enabled for that user are disabled.
Reply
#8
Hi,

This is never possible without a reload as the browser is not aware of the changes made in the DB that runs server side.

Only with a reload the client (browser) will receive the updated information..

BR,

Erwin
Reply
#9
Hello, thanks for answering. As you can see in the video (link https://mega.nz/#!E8wj2AIY!d7sbLTXKBLWSI...SzwQGl7p4E) I reload the page, but it continues disabling the pages that I had previously enabled. Thank you and I will be attentive to your comments. Taking advantage of this thread, I would like to know if there is a manual where one can have information to all this part of the database, because in the manual of the logic machine lite 5, nothing of these internal operations appears (access to the base of data and others).
Reply
#10
For partial access you have to also pass IDs for items that use has access to. If you only need to change the password then it can be done via a .lp script. I'll post an example later.

Internal functions are not documented because they are internal Smile
Reply
#11
Ready, I'm attentive to your answers. On the other hand, apart from just changing the password but keeping the pages that the user has access to see, it would be very interesting to know how to modify which pages the user can see and which ones not through the script. Thank you.
Reply
#12
Upload attached files to user directory using apps FTP account. Then open http://LM_IP/user/pass.lp to change password. You can also include this page via iframe.

As for changing partial user access rights you have pass array of IDs (plans, trends, schedulers):
Code:
acl = {
  vis = { 1, 2, 3 },
  schedulers = { 4, 5, 6 },
  trends = {},
}


data = {
  id = 123,
  name = 'test',
  acl = json.encode(acl)
  ...

Attached Files
.lp   pass.lp (Size: 1.56 KB / Downloads: 16)
.lua   pass.lua (Size: 996 bytes / Downloads: 20)
Reply
#13
Hi admin, thanks for replying. Both worked, but I will implement the option that the code has since the idea is that there is a user that is responsible for changing the password of several users without having to enter each user, besides that having the code could make the password is taken as an argument, by time schedules. I abjunto the code that worked for me.

Code:
require('json')
require('socket.http')
require('socket.url')

acl = {
 vis = {387,343,359,360},
 schedulers = {},
 trends = {},
}

data = {
 id = 3,
 name = 'jmv', -- full name
 login = 'jmv', -- login
 password = '654321', -- password
 password_repeat = '654321', -- must match password
 access_vis = 'P', -- full access to visualization
 access_schedulers = '', -- no access to schedulers
 access_trends = 'F', -- full access to trends
 acl = json.encode(acl)
}

post = 'data=' .. socket.url.escape(json.encode(data))
res, err = socket.http.request('http://admin:admin@127.0.0.1/scada-main/users/save', post)
log(res, err)
Reply
#14
Hello friends, I hope you are excellent. I am writing to you, because I am trying to implement that code in a logic machine 5 lite with the most recent firmware, but it is not working for me and I get the following error:

Event for Password Generator HX01 (0/36/141) 08.26.2022 17:30:25 * arg: 1 * string: {"errors":{"password":false},"success":false} * arg: 2 * number: 200


The administrator password is correct, since it has the default one. Now, I would think that maybe it is not working for me, since it needs to be given more parameters, since that code that I am using is from when we had 2019 firmware, where the cloud login option was not, nor active , trends access, apps access etc.

Thank you and I am attentive to your comments
Reply
#15
Password must be at least 8 characters long. active = true is required, otherwise the new user will be inactive. Cloud login (optional) can be specified by setting the login_cloud field. Also add access_mosaic = 'F' to have full access to Mosaic.
Reply
#16
(29.08.2022, 06:31)admin Wrote: Password must be at least 8 characters long. active = true is required, otherwise the new user will be inactive. Cloud login (optional) can be specified by setting the login_cloud field. Also add access_mosaic = 'F' to have full access to Mosaic.

Hi Admin, thanks for replying. Indeed, you are absolutely right, the main reason was the length of the password and the fact that I must implement uppercase letters, lowercase letters and numbers, which made me also modify the function that was in charge of changing the password, but it is already solved. On the other hand, on Saturday I had already implemented the active, acces_mosaic etc, but the above was missing. In the end, the function that would take care of changing the user would be like this:

Code:
require('json')
      require('socket.http')
      require('socket.url')

        acl = {
        vis = paginas_visu, -- Table with the pages to which the user has access
        schedulers = {},
        trends = {},
        }


        user = grp.getvalue(user_visu) -- User variable

        data = {
          id = id_user, --  ID user variable
          name = nombre, -- full name
          login = user, -- login
          login_cloud='',
          active= true,
          password = pass, -- Password variable
          password_repeat = pass, -- Must match password variable
          access_vis = 'P', -- full access to visualization
          access_schedulers = '', -- no access to schedulers
          access_trends = 'F', -- full access to trends
          access_apps = '', -- no access to schedulers
          access_mosaic = 'F', -- full access to mosaic
          acl = json.encode(acl)
        }

      post = 'data=' .. socket.url.escape(json.encode(data))
      res, err = socket.http.request('http://admin:admin@127.0.0.1/scada-main/users/save', post)
      log (res, err)
end
Thank you very much
Reply


Forum Jump: