Helps: #1938.
Fixed application of available translations in daemon.py and apache,
diagnostics, networks, firewall and users modules.
diagnostics:
- __init__.py: return the app name along its results.
- diagnostics.html: display the app name instead of its id.
- diagnostics_results.html:
- mark for translation,
- apply class to results <td> HTML tag.
main.css: center-align the results.
Locale files excluded. Will be regenerated automatically and translations to be
done via Weblate.
original testing (rebased later):
- Yapf applied.
- Flake8 without errors or warnings for changed files.
- (Unit) tests run without errors.
Signed-off-by: Fioddor Superconcentrado <fioddor@gmail.com>
[sunil: Translate 'None' app name]
[sunil: Don't translate tests strings second time in template]
[sunil: Tweak the center rule]
[sunil: Don't split a translation string]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Closes: #1939.
- Force a delay before returning the upgrade result to allow upgrade to kick in.
Otherwise when the flow returns, get_context_data() creates the context too
early and finds the upgrade not yet busy, causing the refresh loop to miss it.
The page renders static and the user gets no clue to the upgrade executing in
the background.
Signed-off-by: Fioddor Superconcentrado <fioddor@gmail.com>
[sunil: Retain the styling for the remainder of the page]
[sunil: Re-style the status section as a simple web-page]
[sunil: Drop unused running-status CSS styles]
[sunil: Rename CSS variables, minor changes to color values]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
[sunil: Undo a minor isort refactor in searx]
[sunil: Change the menu label to 'Donate']
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Containers specific case: if total memory taken from cgroups is lower
than system memory taken from psutil, calculate memory usage based on
information from cgroups. The formula idea is taken from
https://github.com/moby/moby/issues/40727#issuecomment-604155288Closes#1780
Tests performed:
- In a non-container environment, filled the memory 90%
```
stress-ng --vm-bytes $(awk '/MemAvailable/{printf "%d\n", $2 * 0.9;}' \
< /proc/meminfo)k --vm-keep -m 1
```
and ensured that correct notification is shown.
- In a container, if no memory limitations are set, notifications are
based on host memory usage
- In a container, if memory limits are set
```
systemctl set-property systemd-nspawn@fbx-testing.service MemoryMax=200M
```
ensured that the notification is shown and is calculated based on
cgroups.
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
[sunil: Fix i18n for notification message]
[sunil: Drop unnecessary type conversion]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Process can be tested by upgrading to testing:
$ sudo ./actions/upgrades --develop --test-upgrade
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
[sunil: cosmetic: isort fixes]
[sunil: Restore BACKPORTS_REQUESTED_KEY that was accidentally removed]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- Trying to create another admin user using the first boot wizard will certainly
fail.
- Show the list of admin users in the system so that they an be deleted and
creation of admin by first boot wizard can continue.
- If existing account can already work (such as when Plinth and LDAP entries
exist) allow skipping the step.
- Since the scenario is mostly like encountered only during advanced usage and
not for most regular users, the technical nature of solutions is okay.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
This change prevents the plinth user to become a superuser without
knowing an admin password.
Users module and action script:
- User credentials are now required for the subcommands: create-user,
set-user-password, add-user-to-group (if the group is admin),
remove-user-from-group (if the group is admin), set-user-status,
remove-user (if the removed user is the last admin user.
Note: the web UI doesn't allow to delete last admin user).
- subcommand remove-users requires authentication if the user is last
admin user. Password must be provided through standard input.
- subcommand remove-group: do not allow to remove group 'admin'
- User credentials must be provided using the argument
--auth-user and a passsword must be provided through standard input.
- If there are no users in the admin group, no admin password is
required and if the --auth-user argument is required, it can be an
empty string.
Users web UI:
- An admin needs to enter current password to create and edit a user
and to change user's password.
- Show more detailed error text on exceptions when submitting forms.
- Show page title on the edit and create user pages.
Users unit and functional tests:
- Added a configuration parameters to the pytest configuration file
to set current admin user/password.
- Added a configuration parameter 'ssh_port' to the functional tests.
You can overwrite this with the FREEDOMBOX_SSH_PORT environment
variable. Modified HACKING.md accordingly.
- Added an unit test:
- test changing the password as a non-admin user.
- test invalid admin password input.
- test that removing the admin group fails.
- Capture stdout and stderr in the unit tests when calling an action
script to be able to see more info on exceptions.
- Added functional tests for setting ssh keys and changing passwords
for admin and non-admin users.
- Added a functional test for setting a user as active/inactive.
Changes during review [sunil]:
- Move uncommon functional step definitions to users module from global. This is
keep the common functional step definitions to minimal level and promote when
needed.
- Minor styling changes, flake8 fixes.
- Don't require pampy module when running non-admin tests. This allows tests to
be run from outside the container on the host machine without python3-pam
installed.
- Call the confirm password field 'Authorization Password'. This avoid confusion
with a very common field 'Confirm Password' which essentially means retype
your password to ensure you didn't get it wrong. Add label explaining why the
field exists.
- Don't hard-code /tmp path in test_actions.py. Use tmp_path_factory fixture
provided by pytest.
- Remove unused _get_password_hash() from actions/users.
- Undo splitting ldapgid output before parsing. It does not seem correct and
could introduce problems when field values contain spaces.
Tests performed:
- No failed unit tests (run with and without sudo).
- All 'users' functional tests pass.
- Creating an admin user during the first boot wizard succeeds.
- Creating a user using the web UI with an empty or wrong admin
password fails and with the correct admin password succeeds.
- Editing a user using the web UI with an empty or wrong admin
password fails and with the correct admin password succeeds.
- Changing user's password using the web UI with an empty or wrong
admin password fails and with the correct admin password succeeds.
- Above mentioned user action script commands can't be run without
correct credentials.
- Adding the daemon user to the freedombox-share group succeeds when
installing certain apps (deluge, mldonkey, syncthing, transmission).
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
[sunil: Move uncommon functional step definitions to users module from global]
[sunil: Minor styling changes, flake8 fixes]
[sunil: Don't require pampy module when running non-admin tests]
[sunil: Call the confirm password field 'Authorization Password']
[sunil: Don't hard-code /tmp path in test_actions.py]
[sunil: Remove unused _get_password_hash() from actions/users]
[sunil: Undo splitting ldapgid output before parsing]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Tests:
- Without these changes, with Quassel not-installed, change the domain name.
Notice that certificate events for Quassel fails due to missing domain
information.
- With these changes, with Quassel not-installed, change the domain name. Notice
that certificate events for Quassel don't result in any actions.
- With these changes, when Quassel is installed, certificate is properly setup
for a domain.
- With these changes, with Quassel installed, change the domain name. Notice
that certificate events for Quassel succeed.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Without these changes, with Coturn not-installed, change the domain name.
Notice that certificate events for Coturn fails due to missing domain
information.
- With these changes, with Coturn not-installed, change the domain name. Notice
that certificate events for Coturn don't result in any actions.
- With these changes, when Coturn is installed, certificate is properly setup
for a domain.
- With these changes, with Coturn installed, change the domain name. Notice that
certificate events for Coturn succeed.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Certificate can be setup for a single domain at a time in Mumble. So, allow the
user to choose the domain purely for this propose even though Mumble can work
with multiple domains. Tell Let's Encrypt to work with this domain.
Tests:
- Without Mumble installed, change the domain name. Notice the mumble related
certificate events are ignored.
- Install Mumble, a TLS domain is automatically selected. Certificate is setup
for that domain.
- Ensure at least two domains are setup in the system. See the list in the
Mumble app page. Choose a non-default domain. Domain should change and cert
should be setup for that domain.
- Go to config app and change the domain. Mumble domain should get set to a
different domain and cert should get updated.
- Install mumble without these changes. Apply the changes and start FreedomBox.
Mumble app should get upgraded and certificate should get setup for a domain.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Without these changes, with Quassel not-installed, change the domain name.
Notice that certificate events for Quassel fails due to missing domain
information.
- With these changes, with Quassel not-installed, change the domain name. Notice
that certificate events for Quassel don't result in any actions.
- With these changes, with Quassel installed, change the domain name. Notice
that certificate events for Quassel succeed.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Without these changes, with Coturn not-installed, change the domain name.
Notice that certificate events for Coturn fails due to missing domain
information.
- With these changes, with Coturn not-installed, change the domain name. Notice
that certificate events for Coturn don't result in any actions.
- With these changes, with Coturn installed, change the domain name. Notice that
certificate events for Coturn succeed.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Install Tor and enable onion service. Restart FreedomBox. During
initialization the onion service domain is added. Check in Name Services.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Due to a minor regression with init() method refactoring:
- Pagekite tries to check if it is enabled even when it is not installed. This
is an unnecessary check.
- Pagekite tries to remove domains from name services even when it is not
installed. This could have unnecessary consequences.
Fix this by checking if Pagekite is installed and perform name services updating
only if service is enabled.
Tests:
- Enable pagekite and configure it. When FreedomBox is restarted, Pagekite kite
is announced as domain and shown in Name Services.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Closes: #1891.
As soon as the app is installed, the default configuration has NAME.pagekite.me.
This is incorrectly announced as a valid domain to the system. Avoid this
behavior by never announcing this default configured kite name.
Tests:
- Install Pagekite. Observe that the default kite name is not announced as a
domain (confirmed in Name Services). With the patch, it will.
- Change the domain to anything other than default. It is announced. LE tries to
obtain cert. Name Services list the domain.
- Change the domain back to default kite name. It is not announced. Old domain
is removed.
- Start FreedomBox with Pagekite configured with default domain. It is not
announced.
- Start FreedomBox with Pagekite configured with non-default domain. It is
announced.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Allow read access by URL by default.
Tests:
- Installing bepasty fresh show the default permissions as read.
- Upgrading bepasty from older version when default permissions are none sets
the default permissions to read.
- Upgrading bepasty from older version when default permissions are not none
retrains the permissions.
Signed-off-by: Joseph Nuthalapati <njoseph@riseup.net>
[sunil: Don't relocate setup() method]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Tested-by: Sunil Mohan Adapa <sunil@medhas.org>
Tests:
- Logout and see that the home page icon is not visible.
- Login as non-admin user and see that the home page icon is not visible.
- Login as admin user and see that the home page icon is visible.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Joseph Nuthalapati <njoseph@riseup.net>
Helps: #1938.
backups/forms.py:
- ChoiceField labeled to allow translation.
- Translation applied to hard coded literals.
config/forms.py:
Lazy translation applied to literals that were translated but still
displayed in english to non-english users.
diagnostics_results.html:
Apply translation to results. Use gettext_noop to mark for translation.
dynamicdns/forms.py:
Apply translation to choice literals.
i2p/views.py:
Lazy translation applied to literals that were translated but still
displayed in english to non-english users.
names.html:
Apply translation to table headers.
performance/__init__.py:
Apply translation to description literals.
radicale/forms.py:
ChoiceField labeled to allow translation.
users/forms.py:
CharField labeled to allow translation.
QA:
- Literals visually verified.
- No errors in py.test-3.
- Yapf applied (only) to changed files.
- No remarks by flake8 to changed file.
Signed-off-by: Fioddor Superconcentrado <fioddor@gmail.com>
[sunil: Separate out the translations]
[sunil: Fix i18n for diagnostics]
[sunil: dynamicdns: Also do i18n for string GnuDIP]
[sunil: searx: Revert an incorrect removal of import]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- This will allow us to remove the code needed for force upgrading. Upgrade code
can be dropped after a while.
- This will ensure that all our users have a single configuration format which
will make future testing easier.
- We can notify the users of a single overwrite now and be assured that in
future, the overwrites of configuration will not happen.
- We don't have to monitor for changes to configuration files in future version
of the package.
- Keep old configuration as a backup file and restore a pristine copy with
--reinstall and --force-confmiss.
Tests:
- Install the app freshly. Configuration file is unchanged, new config snippets
are created. App is running.
- Install the app with code before new configuration changes. Notice that old
configuration format is used. Then switch the code to a branch with current
changes. Setup is automatically executed. The package is reinstalled. After
re-installation, the main config file is restored. Configuration snippets exist.
value of public registration and domain is preserved. Backup file exists with
previous configuration contents.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Tested-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- This helps the case where an user installs FreedomBox on Buster and then after
finishing the first boot wizard and before repositories have been setup,
upgrades to latest FreedomBox version.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
It is confusing to combine the user's intent of wanting to have backports
activated with whether they have actually been configured in the system.
- Separate out checking for requested which is a key in the kvstore from enabled
which is about checking system configuration for backports.
- Implement convenience method for setting whether user requested backports.
- Do not base the status display (in security and upgrades modules) on the
configuration status and instead focus on user intent.
- If user requested backports but they have not been enabled yet due to not
being available, show as activated. System will keep trying the background and
configure eventually.
- If user requested backports but their configuration is outdated yet due to
newer release, show as activated. System will keep trying in the background
and configure latest settings eventually.
- In all places where backports enabling is being checked, split the logic for
'can be activated' from 'already activated' and 'user requested activation'
properly.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Closes: #1855.
Tests:
- On unstable, first boot step is not shown. Backports are not
enabled.
- On testing, tested enabling backports at first boot step. Backports
are enabled.
- On testing, tested not enabling backports. Backports are not enabled
and can be activated later.
- On testing, confirmed that functional tests can click through the
first boot step.
- On stable with backports, first boot step is not shown. Backports
are enabled.
- On stable, tested enabling backports at first boot step. Backports
are enabled.
- On stable, tested not enabling backports. Backports are not enabled
and can be activated later.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
[sunil: Avoid two different i18n strings with almost same content]
[sunil: Use box_name instead of hardcoded FreedomBox name]
[sunil: Use consistent terminology 'activate' instead of 'enable']
[sunil: Rename the wizard, form, view, url for consistency with existing code]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Backports are not enabled and cannot be activated on unstable.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
[sunil: Add statement that backports may not be necessary]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Now it is possible to change default branch when editing a repository.
Gitweb site shows default branch as a main branch and the 'git clone'
command checks out to default branch.
Added unit and functional tests. Splitted one large 'test_actions'
into multiple tests.
Tests performed:
- All gitweb unit and functional tests pass.
- Created a repository from a remote repository which has default
branch other than master. Confirmed that the 'Edit repository'
page shows correct branch and gitweb site shows this branch as
a default branch
Closes#1925
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- When port forwarding configuration is not required in the router, don't show
the ports information.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- API can be consumed by other apps.
- Consistently, get/set store keys and default values without repeated code.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- Start showing port ranges properly.
- Fixes issue with Coturn TURN relay ports not being shown.
Closes: #1851.
Tests:
- Visit each of affected apps and see the port forwarding information. The
information is same as before.
- HTTP and HTTPS ports are not shown.
- Coturn app shows additional port ranges for TURN relay ports.
- Shadowsocks app does not show port forwarding information as it is internal
only.
- Visit one of the apps not effected by the patch. There is no section related
to port forwarding.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
Solves #1907 for JSXC and Sharing pages. WireGuard is not yet included in the
manual and missing pages show an ugly error.
Signed-off-by: Fioddor Superconcentrado <fioddor@gmail.com>
[sunil: Formatted using yapf]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Prevent leaking private info through Tor onion service or Pagekite.
Tests:
- When starting plinth, apache setup is run. Status module is
disabled, and apache2 is restarted.
- sunil: After upgrade, status page is not available.
- sunil: mod_status is available in stable (2.4.38-3+deb10u3) and
testing/unstable (2.4.46-1).
Closes: #1935.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Tested-by: Sunil Mohan Adapa <sunil@medhas.org>
* Fixes the gitweb app initalization when there are no public
repositories and the apache2 configuration gitweb-freedombox-auth has
not been enabled before (this may happen when the git repositories or
apache2 configuration has been modified outside the plinth web UI).
* Fix comment in the gitweb-freedombox-auth.conf apache2 configuration
file.
Fixes#1928
Tests performed:
* The gitweb app unit and functional tests pass.
* Configured all gitweb repositories as private. Stopped the plinth
service. Disabled the apache2 configuration gitweb-freedombox-auth.
Then starting the plinth service succeeds and gitweb-freedombox-auth
configuration gets enabled.
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
Reviewed-by: Joseph Nuthalapati <njoseph@riseup.net>
The word "Manual" means 'user guide' in case of help and 'not automatically' in
case of networking app.
After change, POT file is produced as follows:
msgctxt "User guide"
msgid "Manual"
msgstr ""
msgctxt "Not automatically"
msgid "Manual"
msgstr ""
Closes: #1922.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Joseph Nuthalapati <njoseph@riseup.net>
Tests:
- Click on diagnostics menu item in any app. Notice that running status does not
show up.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Joseph Nuthalapati <njoseph@riseup.net>
