- Add explicit dependency on django-ipware >=3. django-axes >= 6 adds
only and optional dependency on django-ipware. Adding explicit dependency make
the behavior safer.
- Depend on django-axes >= 5 where the authentication backend and other features
are available. The new code won't work with older versions. The new approach
uses and authentication backend to deny access to the login form on lockout and
a middleware to redirect user to locked out form when limit of attempts have
been reached.
- Drop old code used for compatibility with django-axes 3.x.
- Suppress verbose and debug messages as django-axes is too chatty.
- Re-implment the CAPTCHA form entirely. In the old style, we have a login form
with CAPTCHA field. That would not work with the new django-axes authentication
middle. On submission of the form, auth.authenticate() will be called. This
call invokes various authentication backends include django-axes authentication
backend. This backend's behavior is to reject all authentication attempts when
the IP is listed in locked table. The new approach is to provide a simple
CAPTCHA form with just the CAPTCHA field. If the form is successfully
validated (correct CAPTCHA is provided), then the lock on the IP address is
reset. The user is then free to perform 3 more attempts to login.
- Update firstboot form to send the request parameter when using
auth.authenticate() method. This needed by Django axes' authentication method
which will be triggered.
Tests:
- Run tests on Debian Bookworm and Debian testing.
- Axes verbose messages and debug messages are not printed on the console when
running FreedomBox in debug mode.
- Only three invalid attempts are allowed at the login page. After the final
incorrect attempt, user is redirected to CAPTCHA page. Visiting the login page
using the URL works but entering the correct credentials still takes the user to
CAPTCHA page.
- CAPTCHA form appears as expected. Clicking the CAPTCHA images downloads the
audio file corresponding to the image. Incorrect CAPTCHA shows an error. Correct
CAPTCHA takes the user to login form where they are able to login with correct
credentials. Entering incorrect credentials 3 times will take the user again to
CAPTCHA page.
- Creating user account during firstboot works.
- Blocked IP address the IP of the client such as 10.42.0.1 and not the local IP
address 127.0.0.1 according the django-axes log messages. While one client IP
address is blocked, another IP is able to login to the same user account that
was attempted by the blocked client.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Don't try to get the depends from module level and sort modules based on that.
- Instead after all App instances are created, sort the apps based on
app.info.depends and app.info.is_essential.
- Print message that apps have been initialized instead of printing before they
are initialized. The correct order of apps is only known after they have been
initialized and sorted.
- Avoid circular import on module_loader and setup.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Avoid any potential problems with sqlite3 not being present.
- Avoid any potential problems with secret key not being available. Avoid
accidentally creating the secret key hardware/container images.
Tests:
- --list-dependencies works with and without secret key and plinth sqlite3.
- --list-dependencies works with plinth and root users.
- --list-dependencies does not create the sqlite3 database or the secret key.
- Running app works in normal mode and creates the secret key.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Loading module is only for importing python modules and determining the order
in which they should be loaded.
- Initializing apps will create the instances which involves just creating the
components of the apps.
- Post initialization involves connecting to signals, running configuration
fixes, etc.
Tests:
- All apps that have post initialization step have been tested.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Don't run the second phase of web framework initialization. This avoids
writing to the DB file.
- Set log level to ERROR so that no messages get printed even to stderr while
listing dependencies.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
A simple Django configuration does not need to create the database whereas DB
migration requires creating the database.
In some operations such as listing dependencies, we can skip running the second
part and so writing to database will no longer be necessary during such
operations.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Chmod -x dbus.py. It appears that the file was accidentally set to permissions
0o755 instead of 0o644.
glib module will contain:
- Code to deal with glib main loop.
- Use glib as a way to schedule timely events instead of creating long running
threads.
- Other mechanisms to help with asynchronous I/O until we start using asyncio.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
This introduces flake8 and fixes a bunch of flake8 errors.
flake8 is run with: ./venv/bin/flake8 plinth
if you're using a python3 venv.
We can eventually further integrate this with gitlab ci.
https://salsa.debian.org/freedombox-team/plinth/issues/58
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- Implement listening for CacheUpdated notification.
- Configuration to allow only root to trigger the notification.
- Trigger the notification from an apt update hook.
- Retrieve the list of packages available for upgrade and print them to log.
- Add dependency on libglib2.0-bin for the gdbus command line tool.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
This will keep web server de-coupled with service that want to shutdown on exit.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
This will help with modularizing the code as well as abstracting out CherryPy
for potential later replacement.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
While capturing stdout and stderr and automatically logging that to system
logging daemon provides basic information, a lot of information lost in the
process.
This change logs to systemd journal directly so that rich information such as
code file, code function, code line, etc, can be captured in a structured way.
To avoid double logging, discard stdout and stderr in the systemd unit file.
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Instead log only to the console and let daemon wrapper (systemd in Debian) take
the logs from the console and log them to system log. There are many advantages
for logging to system log instead of handling files on our own:
- No need to handle log file rotation. This can be configured in many ways and
we don't have to support that. System's log daemon handles this. Closes#1353.
- Remaining system logs such as sudo and audit logs can be along with FreedomBox
logs for better debugging.
- It is possible to do remote logging based on system logger.
- It is possible to make the logs tamper resistant based on system logger
configuration.
Since timestamp is automatically logged by system log daemon, remove timestamps
from log format. When running on console, timestamps are not very useful.
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Access log is not populated by cherrpy anymore.
- CherrPy does not log WSGI handler requests at all. So the request for HTML
pages actually is never logged. Only static file requests which are hardly
useful are logged.
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
The default upload limit (request size) of cherrypy is 100MB.
When uploading backup archives we need larger files too.
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Use the directory for service custom static files only if it exists.
- This fixes issue with lintian complaining of installing files in /var/www.
Closes#1399
Signed-off-by: Joseph Nuthalapati <njoseph@thoughtworks.com>
- Static files are directly served by the CherryPy web server.
- .gitignore file placed as a placeholder to be able to commit the directory
Signed-off-by: Joseph Nuthalapati <njoseph@thoughtworks.com>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
And re-activate cfg.get_config_paths() for easier testing
Signed-off-by: Michael Pimmer <info@fonfon.at>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Newer versions of Django axes have newly way to get the IP address of a client
using ipware library. This has multiple security issues
https://github.com/jazzband/django-axes/issues/286 . Workaround them by
controlling the X-FORWARDED-FOR header sent from Apache to FreedomBox and by
limiting the headers that ipware uses.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
This is the final change required for Django 2.0 support. Instead of using
MIDDLEWARE_CLASSES use MIDDLEWARE setting. Support for new style middleware was
provided in version 0.3.0, so depend on that version. Django built-in middleware
already supports new style and plinth middleware will now support new style.
The actual semantics of the middleware don't need changes. See:
https://docs.djangoproject.com/en/2.0/topics/http/middleware/#upgrading-pre-django-1-10-style-middleware
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
(django-axes + django-simple-captcha) with sso is working at this point.
Signed-off-by: Joseph Nuthalpati <njoseph@thoughtworks.com>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
