some docs catchup for web interface changes

diff --git a/CHANGES b/CHANGES
index ada5cf916ec78db1a1ae88f270670d238c545078..3268dc497c8635f571293910a67952043920ef45 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -6,6 +6,11 @@ See ChangeLog.d/* for detailed revision history.
 
 Users are now stored in the database rather than a configuration file.
 
 
 Users are now stored in the database rather than a configuration file.
 

+** Web Interface
+
+The web interface now uses cookies to remember user identity, and allows
+online registration of new users.
+

 * Changes up to version 2.0
 
 ** General
 * Changes up to version 2.0
 
 ** General

diff --git a/README b/README
index e3d9c2c53160fe05adeb675600b75780864a29ed..e62945d04ef850dd7fde26795d6672ff9caa32f1 100644 (file)
--- a/README
+++ b/README
@@ -207,73 +207,33 @@ You need to configure a number of things to make this work:
 
    Separate logging is not required but I find it convenient.  Up to you.
 
 
    Separate logging is not required but I find it convenient.  Up to you.
 

-2. disorder.cgi assumes it is subject to access control (and in particular uses
-   the username to report who did what).  Here's how I configured Apache, given
-   the above VirtualHost settings:
+2. The web interface depends on a 'guest' user existing.  You can create this
+   with the following command:

 
 

-     <Directory /home/jukebox>
-     Require valid-user
-     AuthType basic
-     AuthName jukebox
-     AuthUserFile /home/jukebox/http.users
-     </Directory>
+     disorder setup-guest

 
 

-   Adjust this according to wherever you're going to install disorder.cgi and
-   its expected URL.
+   If you don't want to allow online registration instead use:

 
 

-   Don't forget to reload apache after modifying its configuration.  If you got
-   it wrong, fix it and restart Apache.
+     disorder -- setup-guest --no-online-registration

 
 

-3. Create the password file configured above.  Something like this:
-
-     # htpasswd -b -c /home/jukebox/http.users myusername mypassword
-     Adding password for user myusername
-     # htpasswd -b /home/jukebox/http.users othername otherpass
-     Adding password for user othername
-
-4. The jukebox must be configured to trust the web user.  The example
-   configuration assumes that this is www-data, but it might be something else
-   on your system.  Edit the 'trust' line if necessary.
-
-5. Install disorder.cgi in an appropriate location.  Remember to make it
+3. Install disorder.cgi in an appropriate location.  Remember to make it

    executable.  For example:
 
      install -m 755 clients/disorder.cgi ~jukebox/public_html/index.cgi
 
    executable.  For example:
 
      install -m 755 clients/disorder.cgi ~jukebox/public_html/index.cgi
 

-6. The config file must also allow the web interface to be any user, and it
-   must list the URL of the web interface explicitly:
+4. The config file must list the URL of the web interface explicitly:

 
 

-     trust www-data

      url http://jukebox.DOMAIN/
 
      url http://jukebox.DOMAIN/
 

-7. Give www-data (or whatever user it is) a password and edit
-   /etc/disorder/config.private accordingly.  This file should be mode 640 and
-   owned by root:jukebox.  The line should look something like this:
-
-     allow www-data MYPASSWORD
-
-   After editing the config file, you must make the daemon re-read it:
-
-     disorder reconfigure
-
-8. Teach www-data its password, by putting it in /etc/disorder/config.www-data.
-   This file should be mode 640 and owned by root:www-data.
-
-     password MYPASSWORD
-
-   (You could also use ~www-data/.disorder/passwd for this but on some systems
-   the web server user's home directory is inside the document root, which
-   would have rather unfortunate consequences!)
-
-9. Try it out.  You should be asked for a username and password that you
-   configured earlier, and be shown details of what is playing and what other
-   tracks have been configured for future play.
+5. Try it out.  You should be able to perform read-only operations straight
+   away, and after visiting the 'Login' page to authenticate, perform other
+   operations like adding a track to the queue.

 
 

-10. If you run into problems, always look at the appropriate error log; the
+6. If you run into problems, always look at the appropriate error log; the

     message you see in your web browser will usually not be sufficient to
     diagnose the problem all by itself.
 
     message you see in your web browser will usually not be sufficient to
     diagnose the problem all by itself.
 

-11. If you have a huge number of top level directories, then you might find
+7. If you have a huge number of top level directories, then you might find

     that the 'Choose' page is unreasonably large.  If so add the following line
     to /etc/disorder/options.user:
       label sidebar.choosewhich choosealpha
     that the 'Choose' page is unreasonably large.  If so add the following line
     to /etc/disorder/options.user:
       label sidebar.choosewhich choosealpha

diff --git a/README.upgrades b/README.upgrades
index b47022e5510c040d2f0797e4215a0d61b2d4450d..d9db551e6508ac1ee61652eb6f77ded13ec04972 100644 (file)
--- a/README.upgrades
+++ b/README.upgrades
@@ -4,7 +4,8 @@ The general procedure is:
 
  * stop the old daemon:  /etc/init.d/disorder stop
  * back up your database directory (example below)
 
  * stop the old daemon:  /etc/init.d/disorder stop
  * back up your database directory (example below)

- * build and install the new version as described in the README
+ * build and install the new version as described in the README.  Remember to
+   install the new version of the web interface too.

  * update the configuration files (see below)
  * start the new daemon, e.g. with
      /etc/init.d/disorder start
  * update the configuration files (see below)
  * start the new daemon, e.g. with
      /etc/init.d/disorder start


@@ -32,6 +33,13 @@ after the first run you should remove these directives and (optionally) add a
 'allow', 'restrict' and 'trust' will stop working entirely in a future version
 but for now they will generate harmless error messages.
 
 'allow', 'restrict' and 'trust' will stop working entirely in a future version
 but for now they will generate harmless error messages.
 

+** Web Interface
+
+The web interface no longer uses HTTP basic authentication and the web server
+configuration imposing access control on it should be removed.  Users now log
+in using their main DisOrder password and the one in the htpassed file is now
+obsolete.
+

 * 1.4/1.5 -> 2.0
 
 ** 'transform' and 'namepart' directives
 * 1.4/1.5 -> 2.0
 
 ** 'transform' and 'namepart' directives