Sovran_Systems/Sovran_SystemsOS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Detect and warn when machine was set up without factory seal

Browse Source 
Agent-Logs-Url: https://github.com/naturallaw777/staging_alpha/sessions/169de2bb-0655-4504-a270-8c0341c0d3dd

Co-authored-by: naturallaw777 <99053422+naturallaw777@users.noreply.github.com>
This commit is contained in:
copilot-swe-agent[bot]
2026-04-07 17:48:38 +00:00
committed by GitHub
parent 85aca0d022
commit ac9ba4776c
6 changed files with 58 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
app/sovran_systemsos_web/static/js/features.js
View File

@@ -602,11 +602,19 @@ function renderAutolaunchToggle(enabled) {
var securityBanner = "";
if (_securityIsLegacy) {
var msg = _securityWarningMessage || "Your system may have factory default passwords. Please change your passwords to secure your system.";
var linkText, linkAction;
if (_securityStatus === "unsealed") {
linkText = "Contact Support";
linkAction = "openSupportModal(); return false;";
} else {
linkText = "Change Passwords";
linkAction = "openServiceDetailModal('root-password-setup.service', 'System Passwords', 'passwords'); return false;";
}
securityBanner =
'<div class="security-inline-banner">' +
'<span class="security-inline-icon">⚠</span>' +
'<span class="security-inline-text">' + msg + '</span>' +
'<a class="security-inline-link" href="#" onclick="openServiceDetailModal(\'root-password-setup.service\', \'System Passwords\', \'passwords\'); return false;">Change Passwords</a>' +
'<a class="security-inline-link" href="#" onclick="' + linkAction + '">' + linkText + '</a>' +
'</div>';
}

5
app/sovran_systemsos_web/static/js/security.js
View File

@@ -5,9 +5,10 @@
async function checkLegacySecurity() {
try {
var data = await apiFetch("/api/security/status");
if (data && data.status === "legacy") {
if (data && (data.status === "legacy" || data.status === "unsealed")) {
_securityIsLegacy = true;
_securityWarningMessage = data.warning || "This machine may have a known factory password. Please change your passwords immediately.";
_securityStatus = data.status;
_securityWarningMessage = data.warning || "This machine may have a security issue. Please review your system security.";
}
} catch (_) {
// Non-fatal — silently ignore if the endpoint is unreachable

7
app/sovran_systemsos_web/static/js/service-detail.js
View File

@@ -626,8 +626,11 @@ function openSystemChangePasswordModal(unit, name, icon) {
resultEl.textContent = "✅ System password changed successfully.";
submitBtn.textContent = "Change Password";
submitBtn.disabled = false;
// Hide the legacy security banner if it's visible
if (typeof _securityIsLegacy !== "undefined" && _securityIsLegacy) {
// Hide the legacy security banner if it's visible — but only for
// "legacy" status machines. For "unsealed" machines, changing passwords
// is not enough; the factory residue remains until a proper re-seal or re-install.
if (typeof _securityIsLegacy !== "undefined" && _securityIsLegacy &&
(typeof _securityStatus === "undefined" || _securityStatus !== "unsealed")) {
_securityIsLegacy = false;
var banner = document.querySelector(".security-inline-banner");
if (banner) banner.remove();

1
app/sovran_systemsos_web/static/js/state.js
View File

@@ -101,6 +101,7 @@ const $upgradeCloseBtn = document.getElementById("upgrade-close-btn");
// Legacy security warning state (populated by checkLegacySecurity in security.js)
var _securityIsLegacy = false;
var _securityStatus = "ok"; // "ok", "legacy", or "unsealed"
var _securityWarningMessage = "";
// System status banner