- This allows overriding these headers in individual pages easily instead of
relaxing global policy.
- Drop the obsolete CSP directive "block-all-mixed-content" and avoid a console
warning in Firefox.
Tests:
- Load a page and notice in the browser developer tools that the three headers
referrer-policy, content-security-policy, and x-content-type-options are set as
before.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- As reported on IRC, links to source code files in Weblate are broken. This is
due to incorrect paths to files inside the POT file. Instead of plinth/views.py
it contains views.py. This might be a regression introduced when switching to
Makefile for all build tasks.
- To fix, we need to run 'django-admin makemessages' command at the topic level
directory in the source code repository. However, running at the top-level has
problems:
- Various unnecessary directories are considered. This was remedied using
--ignore aruments.
- The default locales directory was not being detected. This was remedied
using LOCALE_PATHS in Django settings.
- Django settings file was not being picked up. This was remedied using
--settings option.
- Django settings were being picked up from system's module path. This was
remedied using --pythonpath . option.
Tests:
- Running 'make update-translations' updates all the files. Newly generated POT
file contains plinth/ in the file paths. All locales were updated. There are no
other major changes POT or language files (other than what seemed to be pending
updates).
- Running freedombox-develop, locale can be changed to Spanish. The changed
locale is visible in UI. Changes to .po file are reflected in the UI after
running 'django-admin compilemessages'.
- After running freedombox using plinth.service systemd unit, locale can be
changed to Spanish. The changed locale is visible in UI. Changes to .po file are
reflected in the UI after running 'make build install'.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
1. Set temporary directory to /var/tmp
2. Drop MemoryFileUploadHandler
Tests:
- During upload notice that file are in /var/tmp/system-private... folder
instead of /var/tmp.
- Upload a file but rename with another extension instead of moving to
destination through changes in code. Notice that the file is available in
/var/tmp/systemd-private... directory after the upload operation is completed.
Stop the service and notice that the file has been deleted. Folder is empty
after the service starts again.
Signed-off-by: Joseph Nuthalapati <njoseph@riseup.net>
[sunil: Add PrivateTmp=yes in plinth.service file]
[sunil: Update comments]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- Eliminate a Django warning message.
- This setting has been deprecated. It will be remove in Django 5.0 and is
always on.
Tests:
- On Debian stable, django.VERSION <= (4,0) evaluates to True and on testing it
evaluates to False.
- After the patch, the warning related to USE_L10N has disappeared.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- Try to mark class variables in component classes.
- Leave typing hints generic, such as 'list' and 'dict' where content is usually
not filled, too complex, or context is unimportant.
- backups: Handle failure for tarfile extraction so that methods are not called
on potentially None valued variables.
- backups: Prevent potentially passing a keyword argument twice.
- dynamicdns: Deal properly with outcome of urlparsing.
- ejabberd: Deal with failed regex match
- email: Fix a mypy compliant when iterating a filtered list.
- tor: Don't reuse variables for different typed values.
- tor: Don't reuse variables for different typed values.
- operation: Return None explicitly.
- operation: Ensure that keyword argument is not repeated.
Tests:
- Where only typing hints were modified and no syntax error came up, additional
testing was not done.
- `mypy --ignore-missing-imports .` run successfully.
- Generate developer documentation.
- Service runs without errors upon start up.
- backups: Listing and restoring specific apps from a backup works.
- backups: Mounting a remote backup repository works.
- NOT TESTED: dynamicdns: Migrating from old style configuration works.
- ejabberd: Verify that setting coturn configuration works.
- email: Test that showing configuration from postfix works.
- tor: Orport value is properly shown.
- transmission: Configuration values are properly set.
- users: Running unit tests as root works.
- operation: Operation status messages are show properly during app install.
- ./setup.py install runs
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- During database error such as 'database is locked', show a special message
asking users to try again instead of submitting a bug report.
[sunil: Minor formatting, rename the template file name]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
[jvalleroy: Fix missing import]
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- Add explicit dependency on django-ipware >=3. django-axes >= 6 adds
only and optional dependency on django-ipware. Adding explicit dependency make
the behavior safer.
- Depend on django-axes >= 5 where the authentication backend and other features
are available. The new code won't work with older versions. The new approach
uses and authentication backend to deny access to the login form on lockout and
a middleware to redirect user to locked out form when limit of attempts have
been reached.
- Drop old code used for compatibility with django-axes 3.x.
- Suppress verbose and debug messages as django-axes is too chatty.
- Re-implment the CAPTCHA form entirely. In the old style, we have a login form
with CAPTCHA field. That would not work with the new django-axes authentication
middle. On submission of the form, auth.authenticate() will be called. This
call invokes various authentication backends include django-axes authentication
backend. This backend's behavior is to reject all authentication attempts when
the IP is listed in locked table. The new approach is to provide a simple
CAPTCHA form with just the CAPTCHA field. If the form is successfully
validated (correct CAPTCHA is provided), then the lock on the IP address is
reset. The user is then free to perform 3 more attempts to login.
- Update firstboot form to send the request parameter when using
auth.authenticate() method. This needed by Django axes' authentication method
which will be triggered.
Tests:
- Run tests on Debian Bookworm and Debian testing.
- Axes verbose messages and debug messages are not printed on the console when
running FreedomBox in debug mode.
- Only three invalid attempts are allowed at the login page. After the final
incorrect attempt, user is redirected to CAPTCHA page. Visiting the login page
using the URL works but entering the correct credentials still takes the user to
CAPTCHA page.
- CAPTCHA form appears as expected. Clicking the CAPTCHA images downloads the
audio file corresponding to the image. Incorrect CAPTCHA shows an error. Correct
CAPTCHA takes the user to login form where they are able to login with correct
credentials. Entering incorrect credentials 3 times will take the user again to
CAPTCHA page.
- Creating user account during firstboot works.
- Blocked IP address the IP of the client such as 10.42.0.1 and not the local IP
address 127.0.0.1 according the django-axes log messages. While one client IP
address is blocked, another IP is able to login to the same user account that
was attempted by the blocked client.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- This header is not supported by modern browsers[1]
- Our Content-Security-Policy header already does a better job.
- Django 4.0 removed this setting and does nothing with it.
Links:
1) https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
Tests:
- Without the patch X-XSS-Protection header is sent and with the patch it is not
sent.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Django 3.2 has a argon2 password hashing complexity unsuitable for single
board computers. Choose parameters suitable for Olimex Lime2 boards.
Tests:
- In a browser, login to a user without these changes. Notice the hash
parameters in sqlite3 auth_user table. Login with the changes. Notice that the
hash has been updated with latest has parameters.
- Login in Django 2.2 and Django 3.2. Login succeeds and hash parameters are
updated.
- As measured by the browser. Notice that change in login request time with and
without these changes
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
This is already the default (Django 3.2), however, setting it explicitly seems
to avoid a warning while running 'django-admin makemigrations'.
Tests:
- Add SECRET_KEY to settings.py temporarily. Run the command 'django-admin
makemigrations --pythonpath=. --settings=plinth.settings'. There should no
warnings related DEFAULT_AUTO_FIELD not being set.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Reduces the probability that plinth gives an error 500 because
the database is locked.
Test performed:
1) Lock the database:
> sqlite3 data/var/lib/plinth/plinth.sqlite3
sqlite> PRAGMA locking_mode = EXCLUSIVE;
sqlite> BEGIN EXCLUSIVE;
2) Visit plinth/apps/
3) Only after 30s plinth logs an exception:
django.db.utils.OperationalError: database is locked
Closes#1786
Related to #1443
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
[sunil: Move the timeout value to settings module as it is static]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Currently, sessions are created as files in /var/lib/plinth/sessions. If a user
does not logout, the sessions remains there ever after expiry. Cleanup these
accumulating files by running a cleanup job every week.
Adding django.contrib.sessions to apps list necessary to ensure that
'clearsessions' management command is available. This creates an empty database
table for session storage but is harmless.
Tests performed:
- When run with the change for first time, migration is run for
django.contrib.sessions app.
- Change the scheduled interval to 30 seconds in the code. Login as a user. A
new session file is created in data/var/lib/plinth/sessions. Forward the system
clock by at least 2 weeks. The session expires. Within 30 seconds the file is
also removed.
- Login, then remove the django-secret.key. In 30 seconds we see a message that
the session data is corrupt. Advance the clock by at least 2 weeks. The session
file is removed and the message about session data is no longer printed.
- Repeat for system level plinth after `./setup.py install` and `sudo -u plinth
plinth`.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
This allows for many cases of having to deal with Django objects such as models.
- Allows all modules including ones with models to be imported by Sphinx.
- Run most of the management commands using django-admin.
- Make it simpler to import all modules on REPL interactive Python shells.
Does not change any of the settings that we are passing to Django for
configuration.
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
