We have POSM, a software to more easily install a number of different mapping and data collection softwares (currently OpenStreetMap, Field Papers, OpenDroneMap/WebODM, OpenMapKit-Server) on portable hardware (designed for an Intel NUC) for use in prolonged activities in offline environments. We're currently working with ToggleCorp on several improvements including an integration of ODK Central.
The WIP is here:
We've currently forked
central-backend - mostly, as I understand it, in order to make some modifications allowing a Central admin to reset a user password and get access to the link to then copy/paste the link to complete the process. Since Central is running on local hardware, the password reset email can't get out to the Central user.
POSM doesn't support HTTPS; since it's intended for use offline and should be predictable, it has a hard-coded hostname (posm.io, with optional subdomains) and acts as a captive portal to intercept all DNS requests and resolve them to itself. We've talked about registering custom subdomains and using Let's Encrypt, but it gets complicated pretty quickly, especially when the hostnames need to be distinct. POSM is typically deployed to controlled environments for limited time periods, so we prioritize flexibility over strict security.
Setting passwords through the command line is not sufficient because POSM once setup is intended to be easily used by program managers not necessarily comfortable with that. We need a way for a Central admin to set and reset user passwords.
The current solution is to allow an initial password to be set on creation of a user:
And modifying the rest functionality to provide the URL instead of email it.
@ln mentioned in Slack that "One thing we’d likely like to have is the ability for admins to reset user passwords." It would be great if we could somehow contribute the functionality we need to core Central, so we don't have to fork. This is related to another desire to have stand-alone Central installations on portable hardware (possible on a Raspberry Pi?) for offline and disaster environments. Which would require the same password set/reset functionality.
Additionally, guidance on easing the keeping of our Central integration up-to-date would be much appreciated. @issa mentioned "there are more components now than just frontend/backend, and soon to be even more." Is there a better way to do the integration?