Power toys for user management

Hey @artur , cockpit feels quite solid , matured and more featureful than ever, however I feel user management is currently the weakest part of cockpit. Here’s few Wishlist features for user management that I believe will make cockpit even better and more cohesive than ever:

1. Permission level hierarchy : technically anyone with user management permission can create another admin (and can also delete current admin !) which is a big red flag .

2.Ability to change password over REST API

3. 2FA over REST API

4. Restrict backend access : this was a fun feature in cockpit V1

5.Easy and straight forward SMTP integration that can work with user emails : This will open a plethora of options for us including creation of email notification systems.

Do let us know if some of these are already in pipeline… and once again thanx for the awesome piece of software.

Thanx and regards

@artur is No 4 achievable in cockpit v2?

Create the file config/bootstrap.php with the following contents (not tested):

<?php

$app->on('app.user.authenticate', function(&$user) {
   if ($user['role'] == 'xyz') $user = false;
});

I also found, by reading the code, that adding the role ‘public’ to the user blocks authentication in backend. Found in auth controller.