🔐PWD work #634

2024-04-20 10:14:22 +10:00
parent c1b5a2684b
commit 003fc557cd
19 changed files with 76 additions and 248 deletions
--- a/back/app.conf
+++ b/back/app.conf
@@ -21,8 +21,6 @@
 SCAN_SUBNETS=['192.168.1.0/24 --interface=eth1']
 TIMEZONE='Europe/Berlin'
 PIALERT_WEB_PROTECTION=False
 PIALERT_WEB_PASSWORD='8d969eef6ecad3c29a3a629280e686cf0c3f5d5a86aff3ca12020c923adc6c92'
 DAYS_TO_KEEP_EVENTS=90
 # Used for generating links in emails. Make sure not to add a trailing slash!
 REPORT_DASHBOARD_URL='http://netalertx'
--- a/back/pialert-cli
+++ b/back/pialert-cli
@@ -1,125 +0,0 @@
 #!/bin/bash
 SCRIPT=$(readlink -f $0)
 SCRIPTPATH=$(dirname $SCRIPT)
 CONFFILENAME="app.conf" 
 SETTING_NAME_TOGGLE="PIALERT_WEB_PROTECTION"
 SETTING_NAME_PWD="PIALERT_WEB_PASSWORD"
 PIA_CONF_FILE=${SCRIPTPATH}'/../config/${CONFFILENAME}'
 case $1 in
  help)
    echo "pialert-cli v0.1 (https://github.com/leiweibau/Pi.Alert)"
    echo "Usage: pialert-cli <command>"
    echo ""
    echo "The is a list of supported commands:"
    echo ""
    echo " set_login                - Sets the parameter $SETTING_NAME_TOGGLE in the config file to TRUE"
    echo "                          - If the parameter is not present, it will be created. Additionally the" 
    echo "                            default password '123456' is set."
    echo ""
    echo " unset_login              - Sets the parameter $SETTING_NAME_TOGGLE in the config file to FALSE"
    echo "                          - If the parameter is not present, it will be created. Additionally the"
    echo "                            default password '123456' is set."
    echo ""
    echo " set_password <password>  - Sets the new password as a hashed value."
    echo "                          - If the $SETTING_NAME_TOGGLE parameter does not exist yet, it will be"
    echo "                            created and set to 'True' (login enabled)"
    echo ""
    echo " set_autopassword         - Sets a new random password as a hashed value and show it plaintext in"
    echo "                            the console."
    echo "                          - If the $SETTING_NAME_TOGGLE parameter does not exist yet, it will be"
    echo "                            created and set to 'True' (login enabled)"
    echo ""
    echo ""
    echo ""
    ;;
  set_login)
    ## Check if $SETTING_NAME_TOGGLE exists
    CHECK_PROT=$(grep "$SETTING_NAME_TOGGLE" $PIA_CONF_FILE | wc -l)
    if [ $CHECK_PROT -eq 0 ]
    then
        ## Create $SETTING_NAME_TOGGLE and enable it
        sed -i "/^VENDORS_DB.*/a $SETTING_NAME_TOGGLE = True" $PIA_CONF_FILE
        sed -i "/^$SETTING_NAME_TOGGLE.*/a $SETTING_NAME_PWD = '8d969eef6ecad3c29a3a629280e686cf0c3f5d5a86aff3ca12020c923adc6c92'" $PIA_CONF_FILE
    else
        ## Switch $SETTING_NAME_TOGGLE to enable
        sed -i "/$SETTING_NAME_TOGGLE/c\$SETTING_NAME_TOGGLE = True" $PIA_CONF_FILE
    fi
    echo "Login is now enabled"
    ;;
  unset_login)
    ## Check if $SETTING_NAME_TOGGLE exists
    CHECK_PROT=$(grep "$SETTING_NAME_TOGGLE" $PIA_CONF_FILE | wc -l)
    if [ $CHECK_PROT -eq 0 ]
    then
        ## Create $SETTING_NAME_TOGGLE and disable it
        sed -i "/^VENDORS_DB.*/a $SETTING_NAME_TOGGLE = False" $PIA_CONF_FILE
        sed -i "/^$SETTING_NAME_TOGGLE.*/a $SETTING_NAME_PWD = '8d969eef6ecad3c29a3a629280e686cf0c3f5d5a86aff3ca12020c923adc6c92'" $PIA_CONF_FILE
    else
        ## Switch $SETTING_NAME_TOGGLE to disable
        sed -i "/$SETTING_NAME_TOGGLE/c\$SETTING_NAME_TOGGLE = False" $PIA_CONF_FILE
    fi
    echo "Login is now disabled"
    ;;
  set_password)
    PIA_PASS=$2
    ## Check if $SETTING_NAME_TOGGLE exists
    CHECK_PROT=$(grep "$SETTING_NAME_TOGGLE" $PIA_CONF_FILE | wc -l)
    if [ $CHECK_PROT -eq 0 ]
    then
        ## Create $SETTING_NAME_TOGGLE and enable it
        sed -i "/^VENDORS_DB.*/a $SETTING_NAME_TOGGLE = True" $PIA_CONF_FILE
    fi
    ## Prepare Hash
    PIA_PASS_HASH=$(echo -n $PIA_PASS | sha256sum | awk '{print $1}')
    echo "   The hashed password is:"
    echo "   $PIA_PASS_HASH"
    ## Check if the password parameter is set
    CHECK_PWD=$(grep "$SETTING_NAME_PWD" $PIA_CONF_FILE | wc -l)
    if [ $CHECK_PWD -eq 0 ]
    then
        sed -i "/^$SETTING_NAME_TOGGLE.*/a $SETTING_NAME_PWD = '$PIA_PASS_HASH'" $PIA_CONF_FILE
    else
        sed -i "/$SETTING_NAME_PWD/c\$SETTING_NAME_PWD = '$PIA_PASS_HASH'" $PIA_CONF_FILE
    fi
    echo ""
    echo "The new password is set"
    ;;
  set_autopassword)
    ## Check if $SETTING_NAME_TOGGLE exists
    CHECK_PROT=$(grep "$SETTING_NAME_TOGGLE" $PIA_CONF_FILE | wc -l)
    if [ $CHECK_PROT -eq 0 ]
    then
        ## Create $SETTING_NAME_TOGGLE and enable it
        sed -i "/^VENDORS_DB.*/a $SETTING_NAME_TOGGLE = True" $PIA_CONF_FILE
    fi
    ## Create autopassword
    PIA_AUTOPASS=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 8 | head -n 1)
    echo "   The password is: $PIA_AUTOPASS"
    ## Prepare Hash
    PIA_AUTOPASS_HASH=$(echo -n $PIA_AUTOPASS | sha256sum | awk '{print $1}')
    echo "   The hashed password is:"
    echo "   $PIA_AUTOPASS_HASH"
    ## Check if the password parameter is set
    CHECK_PWD=$(grep "$SETTING_NAME_PWD" $PIA_CONF_FILE | wc -l)
    if [ $CHECK_PWD -eq 0 ]
    then
        ## Create password parameter
        sed -i "/^$SETTING_NAME_TOGGLE.*/a $SETTING_NAME_PWD = '$PIA_AUTOPASS_HASH'" $PIA_CONF_FILE
    else
        ## Overwrite password parameter
        sed -i "/$SETTING_NAME_PWD/c\$SETTING_NAME_PWD = '$PIA_AUTOPASS_HASH'" $PIA_CONF_FILE
    fi
    echo ""
    echo "The new password is set"
    ;;
  *)
    echo "pialert-cli v0.1 (https://github.com/leiweibau/Pi.Alert)"
    echo "Use \"pialert-cli help\" for a list of supported commands."
 esac
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -12,11 +12,11 @@ services:
    # restart: unless-stopped
    volumes:
      # - ${APP_DATA_LOCATION}/netalertx_dev/config:/app/config
-      # - ${APP_DATA_LOCATION}/netalertx/config:/app/config
+      - ${APP_DATA_LOCATION}/netalertx/config:/app/config
-      - ${APP_DATA_LOCATION}/netalertx/config:/home/pi/pialert/config
+      # - ${APP_DATA_LOCATION}/netalertx/config:/home/pi/pialert/config
      # - ${APP_DATA_LOCATION}/netalertx_dev/db:/app/db      
-      # - ${APP_DATA_LOCATION}/netalertx/db:/app/db           
+      - ${APP_DATA_LOCATION}/netalertx/db:/app/db           
-      - ${APP_DATA_LOCATION}/netalertx/db:/home/pi/pialert/db 
+      # - ${APP_DATA_LOCATION}/netalertx/db:/home/pi/pialert/db 
      # (optional) useful for debugging if you have issues setting up the container
      # - ${LOGS_LOCATION}:/app/front/log      
      # ---------------------------------------------------------------------------
@@ -33,7 +33,7 @@ services:
      - ${DEV_LOCATION}/front/css:/app/front/css
      - ${DEV_LOCATION}/front/img:/app/front/img
      - ${DEV_LOCATION}/back/update_vendors.sh:/app/back/update_vendors.sh
-      - ${DEV_LOCATION}/front/lib/AdminLTE:/app/front/lib/AdminLTE
+      - ${DEV_LOCATION}/front/lib:/app/front/lib
      - ${DEV_LOCATION}/front/js:/app/front/js
      - ${DEV_LOCATION}/install/start.debian.sh:/app/install/start.debian.sh
      - ${DEV_LOCATION}/install/user-mapping.debian.sh:/app/install/user-mapping.debian.sh
--- a/dockerfiles/README.md
+++ b/dockerfiles/README.md
@@ -9,11 +9,8 @@
  | 🐳 [Docker hub](https://registry.hub.docker.com/r/jokobsk/netalertx) |  📑 [Docker guide](https://github.com/jokob-sk/NetAlertX/blob/main/dockerfiles/README.md) |🆕 [Release notes](https://github.com/jokob-sk/NetAlertX/releases) | 📚 [All Docs](https://github.com/jokob-sk/NetAlertX/tree/main/docs) |
  |----------------------|----------------------| ----------------------|  ----------------------| 
-<a href="https://raw.githubusercontent.com/jokob-sk/NetAlertX/main/docs/img/devices_split.png" target="_blank">
+<a href="https://raw.githubusercontent.com/jokob-sk/NetAlertX/main/docs/img/GENERAL/github_social_image.jpg" target="_blank">
-  <img src="https://raw.githubusercontent.com/jokob-sk/NetAlertX/main/docs/img/devices_split.png" width="300px" />
+  <img src="https://raw.githubusercontent.com/jokob-sk/NetAlertX/main/docs/img/GENERAL/github_social_image.jpg" width="1000px" />
 </a>
 <a href="https://raw.githubusercontent.com/jokob-sk/NetAlertX/main/docs/img/network.png" target="_blank">
  <img src="https://raw.githubusercontent.com/jokob-sk/NetAlertX/main/docs/img/network.png" width="300px" />
 </a>
 > [!NOTE]
--- a/docs/MIGRATION.md
+++ b/docs/MIGRATION.md
@@ -33,8 +33,13 @@ In summary:
 4. Update the volume mappings in your `docker-compose.yaml`
 5. Place the renamed files the above locations. 
 > [!TIP] 
 > If you have troubles accessing past backups, config or database files you can copy them into the newly mapped directories, for example by running this command in the container:  `cp -r /app/config /home/pi/pialert/config/old_backup_files`. This should create a folder in the `config` directory called `old_backup_files` conatining all the files in that location. Another approach is to map the old location and the new one at the same time to copy things over. 
 Examples follow.
 ## Example 1: Mapping folders
 ### Old docker-compose.yml
--- a/docs/img/GENERAL/github_social_image.jpg
+++ b/docs/img/GENERAL/github_social_image.jpg
--- a/front/index.php
+++ b/front/index.php
@@ -147,7 +147,6 @@ if ($ENABLED_DARKMODE === True) {
          <button type="button" class="close" data-dismiss="alert" aria-hidden="true"><3E></button>
          <h4><i class="icon fa <?php echo $login_icon;?>"></i><?php echo $login_headline;?></h4>
          <p><?php echo $login_info;?></p>
          <p><?= lang('Login_Psw_run');?><br><span style="border: solid 1px yellow; padding: 2px;"> /app/back/pialert-cli set_password <?= lang('Login_Psw_new');?></span><br><?= lang('Login_Psw_folder');?></p>
      </div>
  </div>
--- a/front/js/settings_utils.js
+++ b/front/js/settings_utils.js
@@ -165,6 +165,18 @@
    return true; // Return true if no schedules are found
  }
  // -------------------------------------------------------------------
  // Checks if value is already encoded
  function isSHA256(value) {
    // Check if the value is a string and has a length of 64 characters
    if (typeof value === "string" && value.length === 64) {
        // Check if the value contains only hexadecimal characters
        return /^[0-9a-fA-F]+$/.test(value);
    } else {
        return false;
    }
 }
--- a/front/lib/crypto/crypto-js.min.js
+++ b/front/lib/crypto/crypto-js.min.js
--- a/front/php/server/util.php
+++ b/front/php/server/util.php
@@ -328,7 +328,7 @@ function saveSettings()
        $settingValue = $setting[3];
        if ($group == $settingGroup) {
-            if ($settingType == 'text' || $settingType == 'password' || $settingType == 'readonly' || $settingType == 'text.select') {
+            if ($settingType == 'text' || $settingType == 'password' || $settingType == 'password.SHA256' || $settingType == 'readonly' || $settingType == 'text.select') {
                $val = encode_single_quotes($settingValue);
                $txt .= $settingKey . "='" . $val . "'\n";
            } elseif ($settingType == 'integer' || $settingType == 'integer.select') {
--- a/front/php/templates/security.php
+++ b/front/php/templates/security.php
@@ -29,18 +29,18 @@ $config_file_lines = file($config_file);
 $CookieSaveLoginName = "NetAlertX_SaveLogin";
 // ###################################
-// ## PIALERT_WEB_PROTECTION FALSE
+// ## SETPWD_enable_password FALSE
 // ###################################
-$config_file_lines_bypass = array_values(preg_grep('/^PIALERT_WEB_PROTECTION.*=/', $config_file_lines));
+$config_file_lines_bypass = array_values(preg_grep('/^SETPWD_enable_password.*=/', $config_file_lines));
 $protection_line = explode("=", $config_file_lines_bypass[0]);
 $Pia_WebProtection = strtolower(trim($protection_line[1]));
 // ###################################
-// ## PIALERT_WEB_PROTECTION TRUE
+// ## SETPWD_enable_password TRUE
 // ###################################
-$config_file_lines = array_values(preg_grep('/^PIALERT_WEB_PASSWORD.*=/', $config_file_lines));
+$config_file_lines = array_values(preg_grep('/^SETPWD_password.*=/', $config_file_lines));
 $password_line = explode("'", $config_file_lines[0]);
 $Pia_Password = $password_line[1];
--- a/front/plugins/README.md
+++ b/front/plugins/README.md
@@ -29,7 +29,7 @@
 |          |    Yes      | PIHOLE        | External SQLite DB | 🔍dev scanner  | 📚[pihole_scan](/front/plugins/pihole_scan/)                        |
 |          |             | PUSHSAFER     | Script             | 💬 publisher   | 📚[_publisher_pushsafer](/front/plugins/_publisher_pushsafer/)      |
 |          |             | PUSHOVER      | Script             | 💬 publisher   | 📚[_pushover_pushsafer](/front/plugins/_publisher_pushover/)        |
-|          |             | SETPWD        | Script             | ⚙ system       | 📚[set_password](/front/plugins/set_password/)                      |
+|  Yes     |             | SETPWD        | Template           | ⚙ system       | 📚[set_password](/front/plugins/set_password/)                      |
 |          |             | SMTP          | Script             | 💬 publisher   | 📚[_publisher_email](/front/plugins/_publisher_email/)              |
 |          |    Yes      | SNMPDSC       | Script             | 🔍dev scanner  | 📚[snmp_discovery](/front/plugins/snmp_discovery/)                  |
 |          |    Yes**    | UNDIS         | Script             | ♻ other        | 📚[undiscoverables](/front/plugins/undiscoverables/)                |
--- a/front/plugins/set_password/README.md
+++ b/front/plugins/set_password/README.md
@@ -1,48 +1,13 @@
 ## Overview
-A simple script-based plugin for setting the password. 
+A simple setting-based plugin for setting the password. 
 ### Usage
- Head to **Settings** > **UI password** to adjust the default values.
+- Head to **Settings** > **Set Password** to adjust the default values.
 ### Notes
- The plugin is executed on the `RUN` type `before_config_save` so it's possible to update the `app.conf` file before the data is loaded into the app. 
+- The default password is <code>123456</code>.
- The executed command is stored in the `CMD` setting: `/app/back/pialert-cli set_password {password}`
+- When enabled a login dialog is displayed. If facing issues, you can always disable the login by setting <code>SETPWD_enable_password=False</code> in your <code>app.conf</code> file.
- The `{password}` parameter is replaced via the parameter and setting below:
+- SHA256 hash is used
 ```json
  ...
 "params" : [
    {
        "name"  : "password",
        "type"  : "setting",
        "value" : "SETPWD_password"
    }
  ], 
  ...
  {
    "function": "password",
    "type": "password",
    "maxLength": 50,
    "default_value": "123456",
    "options": [],
    "localized": ["name", "description"],
    "name": [
      {
        "language_code": "en_us",
        "string": "Password"
      }
    ],
    "description": [
      {
        "language_code": "en_us",
        "string": "The default password is <code>123456</code>. To change the password run <code>/app/back/pialert-cli set_password {password}</code> in the container"
      }
    ]
  }
 ```
--- a/front/plugins/set_password/config.json
+++ b/front/plugins/set_password/config.json
@@ -4,7 +4,7 @@
  "unique_prefix": "SETPWD",
  "plugin_type": "system",
  "enabled": true,
-  "data_source": "script",  
+  "data_source": "template",  
  "show_ui": false,
  "localized": ["display_name", "description", "icon"],
  "display_name": [{
@@ -42,55 +42,27 @@
  ], 
  "settings":[   
  {
-      "function": "RUN",    
+    "function": "enable_password",
-      "events": [],        
+    "type": "boolean",
-      "type": "text.select",            
+    "default_value": false,
      "default_value":"disabled",
      "options": ["disabled", "before_config_save"],
      "localized": ["name", "description"],
      "name" :[{
          "language_code":"en_us",
          "string" : "When to run"
      },
 	  {
          "language_code":"es_es",
          "string" : "Cuándo ejecuta"
      }],
      "description": [{
          "language_code":"en_us",
          "string" : "Set to <code>before_config_save</code> and specify password to reset your pasword in <code>SETPWD_password</code>."
      },
 	  {
          "language_code":"es_es",
          "string" : "Configure en <code>before_config_save</code> y especifique la contraseña para restablecer su contraseña en <code>SETPWD_password</code>. Puede establecer <code>deshabilitado</code> una vez que se cambia la contraseña."
      }]
  },
  {
      "function": "CMD",
      "type": "readonly",
      "default_value":"/app/back/pialert-cli set_password {password}",
    "options": [],
    "localized": ["name", "description"],
-      "name" : [{
+    "name": [
          "language_code":"en_us",
          "string" : "Command"
      },
      {
-          "language_code":"es_es",
+        "language_code": "en_us",
-          "string" : "Comando"
+        "string": "Enable login"
-      }],
+      }  
-      "description": [{
+    ],
-          "language_code":"en_us",
+    "description": [
          "string" : "Command to run"
      },
      {
-          "language_code":"es_es",
+        "language_code": "en_us",
-          "string" : "Comando a ejecutar"
+        "string": "When enabled a login dialog is displayed. If facing issues, you can always disable the login by setting <code>SETPWD_enable_password=False</code> in your <code>app.conf</code> file."
-      }]
+      }
    ]
  },
  {
    "function": "password",
-    "type": "password",
+    "type": "password.SHA256",
    "maxLength": 50,
    "default_value": "123456",
    "options": [],
@@ -108,11 +80,7 @@
    "description": [
      {
        "language_code": "en_us",
-        "string": "The default password is <code>123456</code>. To change it, you can either use this plugin (follow the instructions in the <code>SETPWD_RUN</code> setting) or run <code>/app/back/pialert-cli set_password {password}</code> in the container."
+        "string": "The default password is <code>123456</code>."
      },
      {
        "language_code": "es_es",
        "string": "La contraseña predeterminada es <code>123456</code>. Para cambiar la contraseña, ejecute <code>/app/back/pialert-cli set_password {password}</code> en el contenedor"
      } 
    ]
  }
--- a/front/settings.php
+++ b/front/settings.php
@@ -56,6 +56,7 @@ while ($row = $result -> fetchArray (SQLITE3_ASSOC)) {
 <script src="js/settings_utils.js"></script>
 <script src="js/db_methods.js"></script>
 <script src="js/ui_components.js"></script>
 <script src="lib/crypto/crypto-js.min.js"></script>
 <div id="settingsPage" class="content-wrapper">
@@ -412,7 +413,7 @@ while ($row = $result -> fetchArray (SQLITE3_ASSOC)) {
            }            
          } else if (setType === 'integer') {
            inputHtml = `<input onChange="settingsChanged()"  my-data-type="${setType}" class="form-control" id="${codeName}" type="number" value="${val}"/>`;
-          } else if (setType === 'password') {
+          } else if (setType.startsWith('password')) {
            inputHtml = `<input onChange="settingsChanged()"  my-data-type="${setType}"  class="form-control input" id="${codeName}" type="password" value="${val}"/>`;
          } else if (setType === 'readonly') {
            inputHtml = `<input class="form-control input"  my-data-type="${setType}"  id="${codeName}"  value="${val}" readonly/>`;
@@ -687,6 +688,15 @@ while ($row = $result -> fetchArray (SQLITE3_ASSOC)) {
          } else if (set['Type'] === 'json') {        
            const temps = $('#'+set["Code_Name"]).val();        
            settingsArray.push([set["Group"], set["Code_Name"], set["Type"], temps]);          
          } else if (set['Type'] === 'password.SHA256') { 
            // save value as SHA256 if value isn't SHA256 already       
            var temps = $('#'+set["Code_Name"]).val(); 
            if(temps != "" && !isSHA256(temps))
            {
              temps = CryptoJS.SHA256(temps).toString(CryptoJS.enc.Hex);
            } 
            settingsArray.push([set["Group"], set["Code_Name"], set["Type"], temps]);
          }
        });
@@ -707,9 +717,9 @@ while ($row = $result -> fetchArray (SQLITE3_ASSOC)) {
            // Reloads the current page
            setTimeout("window.location.reload()", 3000);            
          }
        });
      })
    }
--- a/server/conf.py
+++ b/server/conf.py
@@ -36,8 +36,6 @@ UI_LANG         = 'English'
 UI_PRESENCE       = ['online', 'offline', 'archived']  
 UI_MY_DEVICES     = ['online', 'offline', 'archived', 'new', 'down']  
 UI_NOT_RANDOM_MAC = []
 PIALERT_WEB_PROTECTION  = False 
 PIALERT_WEB_PASSWORD    = '8d969eef6ecad3c29a3a629280e686cf0c3f5d5a86aff3ca12020c923adc6c92' 
 DAYS_TO_KEEP_EVENTS     = 90 
 REPORT_DASHBOARD_URL    = 'http://netalertx/' 
--- a/server/helper.py
+++ b/server/helper.py
@@ -302,7 +302,7 @@ def get_setting_value(key):
        set_type = setting["Type"]  # Setting type        
        # Handle different types of settings
-        if set_type in ['text', 'string', 'password', 'readonly', 'text.select']:
+        if set_type in ['text', 'string', 'password', 'password.SHA256', 'readonly', 'text.select']:
            value = str(set_value)
        elif set_type in ['boolean', 'integer.checkbox']:
--- a/server/initialise.py
+++ b/server/initialise.py
@@ -102,8 +102,6 @@ def importConfigs (db):
    conf.LOG_LEVEL = ccd('LOG_LEVEL', 'verbose' , c_d, 'Log verboseness', 'text.select', "['none', 'minimal', 'verbose', 'debug']", 'General')
    conf.TIMEZONE = ccd('TIMEZONE', 'Europe/Berlin' , c_d, 'Time zone', 'text', '', 'General')    
    conf.PLUGINS_KEEP_HIST = ccd('PLUGINS_KEEP_HIST', 250 , c_d, 'Keep history entries', 'integer', '', 'General') 
    conf.PIALERT_WEB_PROTECTION = ccd('PIALERT_WEB_PROTECTION', False , c_d, 'Enable logon', 'boolean', '', 'General')
    conf.PIALERT_WEB_PASSWORD = ccd('PIALERT_WEB_PASSWORD', '8d969eef6ecad3c29a3a629280e686cf0c3f5d5a86aff3ca12020c923adc6c92' , c_d, 'Logon password', 'readonly', '', 'General')    
    conf.REPORT_DASHBOARD_URL = ccd('REPORT_DASHBOARD_URL', 'http://netalertx/' , c_d, 'NetAlertX URL', 'text', '', 'General')
    conf.UI_LANG = ccd('UI_LANG', 'English' , c_d, 'Language Interface', 'text.select', "['English', 'French', 'German', 'Norwegian', 'Russian', 'Spanish' ]", 'General')
    conf.UI_PRESENCE = ccd('UI_PRESENCE', ['online', 'offline', 'archived']   , c_d, 'Include in presence', 'text.multiselect', "['online', 'offline', 'archived']", 'General')    
@@ -256,6 +254,8 @@ def read_config_file(filename):
 replacements = {
    r'\bREPORT_TO\b': 'SMTP_REPORT_TO',
    r'\bREPORT_FROM\b': 'SMTP_REPORT_FROM',
    r'\bPIALERT_WEB_PROTECTION\b': 'SETPWD_enable_password',
    r'\bPIALERT_WEB_PASSWORD\b': 'SETPWD_password',
    r'REPORT_MAIL=True': 'SMTP_RUN=\'on_notification\'',
    r'REPORT_APPRISE=True': 'APPRISE_RUN=\'on_notification\'',
    r'REPORT_NTFY=True': 'NTFY_RUN=\'on_notification\'',
--- a/server/plugin.py
+++ b/server/plugin.py
@@ -31,7 +31,7 @@ class plugin_param:
                setVal = inputValue["Value"] # setting value
                setTyp = inputValue["Type"]  # setting type
-                noConversion            = ['text', 'string', 'integer', 'boolean', 'password', 'readonly', 'integer.select', 'text.select', 'integer.checkbox'  ]
+                noConversion            = ['text', 'string', 'integer', 'boolean', 'password', 'password.SHA256', 'readonly', 'integer.select', 'text.select', 'integer.checkbox'  ]
                arrayConversion         = ['text.multiselect', 'list', 'subnets']                 
                jsonConversion          = ['.template']