From a7cb20cf2f9281789abd0f6eab4318f402032a5d Mon Sep 17 00:00:00 2001
From: Ana Custura <ana@sr2.uk>
Date: Tue, 10 Mar 2026 10:27:59 +0000
Subject: [PATCH] Wrapping up the portal settings

---
 app/commands.py          |  1 +
 app/forms.py             | 10 ++++++----
 app/routes.py            |  7 ++-----
 app/templates/admin.html |  9 +++++++--
 4 files changed, 16 insertions(+), 11 deletions(-)

diff --git a/app/commands.py b/app/commands.py
index 2c45b70..73bd8ee 100644
--- a/app/commands.py
+++ b/app/commands.py
@@ -25,6 +25,7 @@ def seed_defaults():
         "butterbox_hostname": current_app.config["BUTTERBOX_HOSTNAME"],
         "root_account_settings": "",
         "ssh_access_settings": "disable_ssh",
+        "root_password": "",
     }
 
     for key, value in defaults.items():
diff --git a/app/forms.py b/app/forms.py
index 82f825c..d8845ca 100644
--- a/app/forms.py
+++ b/app/forms.py
@@ -4,6 +4,7 @@ from wtforms import StringField, PasswordField, SubmitField, BooleanField, FileF
 from wtforms.validators import DataRequired, ValidationError, Length
 from flask_babel import lazy_gettext as _l
 import re
+from wtforms.widgets import PasswordInput
 
 def hostname_check(form, field):
     regex= re.compile("[a-zA-Z0-9-_]+")
@@ -35,11 +36,12 @@ class SettingsForm(FlaskForm):
     enable_deltachat = BooleanField(_l('Enable DeltaChat'))
     enable_wifi_sharing = BooleanField(_l('Enable WiFi Sharing'))
     # Access Settings
-    admin_password = PasswordField(_l('Admin Password'))
-
-    root_account_settings= RadioField(_l('Secure Root Account Method'), choices=[ ('lock_root_account', 'Lock root account'), ( 'set_root_password', 'Set root password')], validators=[DataRequired()])
-    ssh_access_settings = RadioField(_l('SSH Access Method'), choices=[ ('disable_ssh', 'Disable SSH'), ( 'enable_ssh_with_root_password', 'Enable SSH with root password'), ('enable_ssh_with_public_key', 'Enable SSH with public key'), ], validators=[DataRequired()])
+    admin_password =  StringField('Admin Password', widget=PasswordInput(hide_value=False))
+    root_password = StringField('Root Password', widget=PasswordInput(hide_value=False), validators=[DataRequired()])
 
+    root_account_settings= RadioField(_l('Secure Root Account Method'), choices=[ ('lock_root_account', 'Lock root account'), ( 'set_root_password', 'Use root password')], validators=[DataRequired()])
+    ssh_access_settings = RadioField(_l('SSH Access Method'), choices=[ ('disable_ssh', 'Disable SSH'), ( 'enable_ssh_with_root_password', 'Enable SSH with root password'), ], validators=[DataRequired()])
+    # ('enable_ssh_with_public_key', 'Enable SSH with public key'),
     lock_root_account = BooleanField(_l('Lock Root Account'))
     butterbox_hostname = StringField(_l('Butterbox Hostname'), validators=[DataRequired(), Length(1, 64), hostname_check])
 
diff --git a/app/routes.py b/app/routes.py
index ef52f62..8215884 100644
--- a/app/routes.py
+++ b/app/routes.py
@@ -17,7 +17,7 @@ import glob
 import time
 import qrcode
 
-CHANGES_REQUIRING_RESTART = ['wifi_password', 'ssid', 'enable_access_point', 'enable_chat', 'enable_delta_chat', 'butterbox_hostname', 'ssh_access_settings', 'root_account_settings']
+CHANGES_REQUIRING_RESTART = ['wifi_password', 'ssid', 'enable_access_point', 'enable_chat', 'enable_delta_chat', 'butterbox_hostname', 'ssh_access_settings', 'root_account_settings', 'root_password']
 
 
 def gen_username() -> str:
@@ -159,7 +159,7 @@ def logout():
 def admin():
     raspap_installed = os.path.exists("/var/www/html/raspap")
     form = SettingsForm()
-    populate_settings = ['butterbox_name', 'wifi_password', 'ssid', 'butterbox_hostname', 'root_account_settings', 'ssh_access_settings']
+    populate_settings = ['butterbox_name', 'wifi_password', 'ssid', 'butterbox_hostname', 'root_account_settings', 'ssh_access_settings', 'root_password', 'admin_password']
     bool_settings = ['enable_access_point','enable_file_viewer', 'enable_map_viewer', 'enable_app_store', 'enable_chat', 'enable_deltachat', 'enable_wifi_sharing']
     populate_settings.extend(bool_settings)
     if not form.is_submitted():
@@ -203,9 +203,6 @@ def admin():
                     admin_user.set_password(new_admin_password)
                     db.session.add(admin_user)
                     non_admin_settings_changed = True
-                else:
-                    form.admin_password.errors.append(
-                        _("New admin password same as old password. Not changing."))
             if app.config['SETTINGS_CHANGED']:
                 flash(_("⚠️ Some settings may not fully take effect until the Butter Box restarts. Click 'Apply Changes' to restart."))
             else:
diff --git a/app/templates/admin.html b/app/templates/admin.html
index c6ffa2c..79f43c3 100644
--- a/app/templates/admin.html
+++ b/app/templates/admin.html
@@ -109,10 +109,9 @@
 
         <hr>
         <label class="label is-large">Access and security</label>
-
         <div class="control field">
             {{ wtf.form_password_field(form.admin_password, form.admin_password.errors) }}
-            <p class="help">Password for accessing this browser interface.</p>
+            <p class="block help">Password for accessing this browser interface.</p>
         </div>
         <div class="control block">
           <label class="label">{{ form.root_account_settings.label }} </label>
@@ -127,6 +126,12 @@
                </label>
             {% endfor %}
             {{ wtf.field_errors(form.root_account_settings.errors)}}
+            <p class="block help">If this is the first time configuring the box, you will need to set a root password, and choose whether you want to lock the root account.</p>
+
+        </div>
+        <div class="control field">
+            {{ wtf.form_password_field(form.root_password, form.root_password.errors) }}
+            <p class="help">Password for accessing the box root account.</p>
         </div>
 
            <div class="control block">