- This is so that the methods will be checked by mypy. This should help identify
any incorrect initialization of components.
- Remove unused self.repos in GitwebApp.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Set renewal period to 3 years before expiry so that users not inconvenienced
too much.
- Renew server certificate if possible.
- There are openvpn server setups where the expiry of the server certificate has
been set to 2 years due to a bug in our code. Triggering a setup call will renew
these certificates without effecting any clients. Even during the bug, CA certs
were still be valid for 10 years. So, they are unaffected.
- When downloading profile, if client certificate is renewable, renew
before providing profile for download. Old certificates will still be valid
until their expiry.
Tests:
- Without the patches, install openvpn app. Server certificate will be created
with a validity of 2 years. Download the client profile. Apply patches, setup
will be rerun. OpenVPN will be restarted. Server certificate will be renewed and
show 10 years expiry. Old client profile will continue to connect successfully.
It will have expiry of 2 years. Download the client profile again. It will an
expiry of 10 years and will successfully to the server.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Could not test: rerun setup after disabling the app. App is not enabled.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Remove /etc/openvpn when the app is uninstalled
* Tests:
1. Uninstall app and manually check if /etc/openvpn gets removed
2. Sucessfully install app
3. Functional tests: passed
4. In case we choose to purge packages in the future: I checked purging openvpn and it will not
remove /etc/openvpn.
Signed-off-by: nbenedek <contact@nbenedek.me>
[sunil: Update docstrings]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- RSA to ECC migration was introduced in October 2020 is available to
Buster (via backports) and to Bullseye users. Dropping the code will make it
easy to test regular maintenance code updates.
- A two step setup process of first installing and then setting up the
certificates is no longer necessary. (New installs already don't use this). The
certificate generation process does not take hours but minutes. We also have a
good progress indication during install+setup process.
Tests:
- Functional tests pass.
- Initial setup completes successfully and does not take very long time.
- Profiles can be downloaded successfully and imported.
- A client an use them to connect.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Functional tests pass.
- Initial setup completes successfully and does not take very long time.
- Profiles can be downloaded successfully and imported.
- A client an use them to connect.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
module.app property usage is greatly reduced because setup() and force_upgrade()
method are now part of App class instead of at the module level. Remove the
remaining minor cases of usage and drop the property altogether.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Primary purpose is to complete the App API and allow for multiple apps to be
present in a module without a single clashing setup() method. Secondary
objective is to get rid of SetupHelper instance simple use App instance instead.
- This brings us closer to not needing to implement setup() method for some of
the typical apps.
- Remove default value None for old_version parameter.
- A valid integer value is always passed to this call.
- The value of None is undefined.
- Simplifies the App API slightly.
- Drop setting 'pre', 'post' values to indicate the stage of setup for the App.
- Simplifies the setup methods significantly. Eliminates a class of
bugs (some of them seen earlier).
- The UI can show a simple 'installing...' or progress spinner instead of
individual stages.
- There are currently many inconsistencies where many operations are not
wrapped in helper.call() calls.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
This is recommended by PEP-0597: https://peps.python.org/pep-0597/
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Closes: #1797.
Tests:
- For each affected app, install the app, visit frontpage. Select the shortcut.
Notice that Learn More... link is shown and clicking on the link takes us to the
manual page of the app.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- For zoph, drop dependency on php7.4 as it will cause issues for future
versions of php. The dependency was a hack and not needed for Bullseye and
higher.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Signed-off-by: Joseph Nuthalapati <njoseph@riseup.net>
[sunil: isort all files]
[sunil: Remove component in datetime component as managed_packages is empty]
[sunil: Minor refactor in minidlna for consistency]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- ugettext functions will be removed in Django 4.0. Each use emits a warning
when running with Django 3.2. Since we have warnings enabled in developer mode,
we see quite a few messages because of this.
- ugettext is already a simple alias of gettext. So, no regressions are
expected.
Tests:
- Accessing an affected app in UI with Django 3.2 and Django 2.2 works fine.
- Using Django 3.2 there are no warnings related to removal of ugettext
functions.
- Ran regular unit tests.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
A new function called `user_group_view` has been added to
restrict access to only users in the groups "vpn" and "admin".
Some changes are made in AdminRequiredMiddleware to handle this.
Signed-off-by: Joseph Nuthalapati <njoseph@riseup.net>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
A user in this user group will be able to download and use an .ovpn
profile to connect to the OpenVPN server on the FreedomBox.
Signed-off-by: Joseph Nuthalapati <njoseph@riseup.net>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Setup is now run as a post installation step.
Signed-off-by: Joseph Nuthalapati <njoseph@riseup.net>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Debian Buster has easyrsa 3. Since we're nearing Bullseye now, it is
safe to asssume that most users are already using easyrsa 3.
The code to do the upgrade is 2 years old already. Removing it.
Signed-off-by: Joseph Nuthalapati <njoseph@riseup.net>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Start showing port ranges properly.
- Fixes issue with Coturn TURN relay ports not being shown.
Closes: #1851.
Tests:
- Visit each of affected apps and see the port forwarding information. The
information is same as before.
- HTTP and HTTPS ports are not shown.
- Coturn app shows additional port ranges for TURN relay ports.
- Shadowsocks app does not show port forwarding information as it is internal
only.
- Visit one of the apps not effected by the patch. There is no section related
to port forwarding.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
Tests performed:
- When app is not setup, app toggle button is not shown. Running status of the
app is also not present in the page. Profile download is not shown. Setup button
is shown.
- When app is being setup, app toggle button is not shown. Running status of the
app is also not present in the page. Page keeps refreshing every 3 seconds
during setup. Profile download is not shown. A progress spinner is shown that
setup is currently running.
- When app setup has completed, app toggle button is shown. Running status is
shown. When daemon is stopped, a message that daemon is not running is show.
Profile download is shown.
- Transition from being setup into setup completed is done with a single page
refresh. Message that setup is completed is shown.
- Port forwarding information is always shown (before, during and after setup).
- Run functional tests for OpenVPN.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Joseph Nuthalapati <njoseph@riseup.net>
- Remove the need to pass all the individual information elements to the AppView
separately. This eliminates many issues with elements that were mistakenly not
sent to AppView. Also reduces a lot of code duplication.
- Create App classes for power and sso for consistency.
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- add and use "icon_filename" property to almost all of the modules
being displayed in the apps page
- sharing and tor modules do not seem to be using setup.html template
file and so the variable is not added to their __init__.py files,
therefore the icon will not be displayed on these app pages.
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Turn frontpage shortcut into an App component. Add tests and full
documentation.
- Overridden implementations for tahoe, diaspora, mediawiki shortcuts to handle
special cases. Special handling for ikiwiki.
- Extend App API for removing and retrieving a component.
- Add clients information into shortcuts to avoid hacks when presenting
shortcuts to Mobile devices via API.
- Fixed unnecessary stripping and adding of '/' when setting home page redirect
URLs. This fixes problem with setting Cockpit as home page.
- Replaced the use of term 'app' in favor of 'shortcut' as the term when setting
frontpage shortcuts as home page.
- JSXC shortcut does not require login.
- Don't show shadowsocks for anonymous users.
- Simplify showing selected shortcut details.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
- Introduce base class for all apps that will contain components. With
unittests.
- Introduce base classes for components. With unittests.
- Turn Menu class into an app component.
- Further cleanup Menu class.
- Update tests.
- Maintain a global list of menu items and look them up easily. Generalize
such that subsubmenus can later be merged into Menu class.
- Cleanup scope of main menu initialization.
- Use None instead of empty strings for various values. Ensure that
printing short_description does not show 'None' in output.
- Use enable/disable instead of promote/demote.
- Use menu component in all apps.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
- Add 'secondary' flag to menu items.
- Mark apps as 'secondary' when disabled.
- Extend TemplateView for apps index.
- Add card-container for disabled apps.
Closes#1309
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- Adjust the template so that it uses glyphicons for sys page and logos for the app page
- Add logos for missing apps (tor and sharing) and their licences
Signed-off-by: Hemanth Kumar Veeranki <hems.india1997@gmail.com>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Closes#930
- Make targets to download wiki pages of each service
- Add post-processor script for DocBook file processing
Signed-off-by: Joseph Nuthalapati <njoseph@thoughtworks.com>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Earlier only openvpn@.service file was available. Currently, Debian is using
openvpn-server@.service and openvpn-client@.service. Start using this and
upgrade our current users to this approach. This fixes the problem with
incorrect enabling/disabling of OpenVPN app in Plinth.
Tested primarily three cases:
- Install version 2 of the app directly. Make sure daemon runs,
enabling/disabling the app works.
- Install version 1 of the app. Disable it. Upgrade to version 2 make sure
everything is upgraded but disabled. Enabling make the app work properly.
- Install version 1 of the app. Enable it. Upgrade to version 2 make sure
everything is upgraded, app is enabled and running.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
