Security Modes
Single-User mode assumes that every connection to the application is the same person. It is designed for one person to use on a trusted internal network; under no circumstances should an instance configured this way be reachable from the Internet. However, it is a low-friction way to keep up with feeds from multiple devices on a home network.
Single-User with Password mode operates the same way as Single-User mode does, but the application will require a password. Depending on the strength of the password, this model may be appropriate for Internet access, but its intent is more for keeping other internal network users from accessing the site and reading the items before its intended user is able to do so. The password should be set using the CLI.
Multi-User mode requires both an e-mail address and password before allowing the user to proceed. It is the most appropriate configuration for an Internet-facing instance, and it can also be used to provide access to multiple users on an internal network. Managing users is performed via the CLI.
Managing Users in Multi-User Mode
Users can be added or deleted, and passwords set, using the user CLI utility.
(For all the “password” parameters, if a character in the password conflicts with a shell escape
character, enclose the password in double-quotes for *sh or single-quotes for PowerShell.)
Add a User
php-cli utils/user.php add-user alice@example.com AlicesSecur3P4ssword
The utility should respond with the e-mail address and password that were added. If a user with that e-mail address already exists, the utility will not add it again.
Set a User’s Password
php-cli utils/user.php set-password bob@example.com AN3wPassCauseB0bForg0t1t
Delete a User
php-cli utils/user.php delete-user carol@example.com
The utility will require confirmation that the user and their feeds should be deleted. Any input that starts with the letter “y” will confirm, and any other input will cancel the process.
Changing from Single-User to Multi-User Mode
In Single-User mode, the application uses a known e-mail address and password to mimic multi-user mode where that
user is always logged on. If you have been using the application this way, and decide that you want to run in
multi-user mode instead, you will need to update SECURITY_MODEL in user-config.php to
Security::MultiUserMode.
The e-mail address used for Single-User mode is not allowed to log on in Multi-User mode. If you want to preserve the feeds defined by the single user, use the CLI to replace its e-mail address and password.
php-cli utils/user.php migrate-single-user dave@example.com Dav3sPas$wort
If, however, you do not wish to maintain the single user’s information at all, delete it.
php-cli utils/user.php remove-single-user
Changing from Multi-User to any Single-User Mode
This scenario is possible, but not really advisable. When the application is in any Single-User mode, it only displays feeds from the Single-User mode user. The information for the other users remains in the database, though, so this change is not destructive.
Changing from Single-User to Single-User with Password Mode
Set SECURITY_MODEL in user-config.php to Security::SingleUserPasswordMode,
then use the user CLI utility to set a password.
php-cli util/user.php set-single-password aNiceC0mplexPassw0rd
Changing from Single-User with Password to Single-User Mode
If you decide you do not want to enter a password, but want to maintain single-user mode, set
SECURITY_MODEL in user-config.php to Security::SingleUserMode, then run
the user CLI utility to reset the single user back to its expected default.
php-cli util/user.php reset-single-password