Feat: lighthouse book - ui authentication (#4232)

## Proposed Changes Added page explanation for authentication under Siren UI book. ## Additional Info Please provide any additional information. For example, future considerations or information useful for reviewers.
2023-05-01 02:15:57 +00:00 · 2023-05-01 02:15:57 +00:00 · aaf1e4b1ab
commit aaf1e4b1ab
parent c11638c36c
7 changed files with 37 additions and 2 deletions
--- a/book/src/SUMMARY.md
+++ b/book/src/SUMMARY.md
@ -34,6 +34,7 @@
    * [Prometheus Metrics](./advanced_metrics.md)
 * [Lighthouse UI (Siren)](./lighthouse-ui.md)
 	* [Installation](./ui-installation.md)
+    * [Authentication](./ui-authentication.md)
 	* [Configuration](./ui-configuration.md)
 	* [Usage](./ui-usage.md)
 	* [FAQs](./ui-faqs.md)
--- a/book/src/imgs/ui-autoconnect-auth.png
+++ b/book/src/imgs/ui-autoconnect-auth.png
--- a/book/src/imgs/ui-exit.png
+++ b/book/src/imgs/ui-exit.png
--- a/book/src/imgs/ui-fail-auth.png
+++ b/book/src/imgs/ui-fail-auth.png
--- a/book/src/imgs/ui-session-auth.png
+++ b/book/src/imgs/ui-session-auth.png
--- a/book/src/lighthouse-ui.md
+++ b/book/src/lighthouse-ui.md
@ -11,7 +11,7 @@ _Documentation for Siren users and developers._

 Siren is a user interface built for Lighthouse that connects to a Lighthouse Beacon Node and
 a Lighthouse Validator Client to monitor performance and display key validator
-metrics. 
+metrics.

 The UI is currently in active development. Its resides in the
 [Siren](https://github.com/sigp/siren) repository.
@ -24,7 +24,8 @@ information:
 - [Installation Guide](./ui-installation.md) - Information to install and run the Lighthouse UI.
 - [Configuration Guide](./ui-configuration.md) - Explanation of how to setup
 	and configure Siren.
- [Usage](./ui-usage.md) - Details various Siren components. 
+- [Authentication Guide](./ui-authentication.md) - Explanation of how Siren authentication works and protects validator actions.
+- [Usage](./ui-usage.md) - Details various Siren components.
 - [FAQs](./ui-faqs.md) - Frequently Asked Questions.

 ## Contributing
--- a/book/src/ui-authentication.md
+++ b/book/src/ui-authentication.md
@ -0,0 +1,33 @@
+# Authentication
+
+To enhance the security of your account, we offer the option to set a session password. This allows the user to avoid re-entering the api-token when performing critical mutating operations on the validator. Instead a user can simply enter their session password. In the absence of a session password, Siren will revert to the api-token specified in your configuration settings as the default security measure.
+
+> This does not protect your validators from unauthorized device access. 
+
+![](imgs/ui-session-auth.png)
+
+Session passwords must contain at least:
+
+- 12 characters
+- 1 lowercase letter
+- 1 uppercase letter
+- 1 number
+- 1 special character
+
+
+## Protected Actions
+
+Prior to executing any sensitive validator action, Siren will request authentication of the session password or api-token.
+
+![](imgs/ui-exit.png)
+
+
+In the event of three consecutive failed attempts, Siren will initiate a security measure by locking all actions and prompting for configuration settings to be renewed to regain access to these features.
+
+![](imgs/ui-fail-auth.png)
+
+## Auto Connect
+
+In the event that auto-connect is enabled, refreshing the Siren application will result in a prompt to authenticate the session password or api-token. If three consecutive authentication attempts fail, Siren will activate a security measure by locking the session and prompting for configuration settings to be reset to regain access.
+
+![](imgs/ui-autoconnect-auth.png)