These URLs are meant for supporting the upstream development of apps rather than
for FreedomBox (which has its own page). postfix, dovecot and clamav don't seem
have a donation mechanism. So, add rspamd's donation URL.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
This allows diagnosis of listening on all ports instead just the ports exposed
to outside.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Reduces translation burden, more consistency with other apps and allows generic
implementation in framework in the future.
Tests:
- Install and update configuration for minetest. See message 'Configuration
updated'. If configuration is not updated, 'Settings unchanged' message is
shown.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Drop all the bash code.
- Run the update URL code with same logic as before. Don't need to use action
code for it.
- Completely new way to handle configuration: using key/value store. Import old
configuration once and delete it.
- Use a glib scheduler instead of creating a cron job.
- Store and show status from key/value store.
- Handle multiple domains when getting/setting configuration and status. The UI
still shows a single configuration form. To be improved later.
- Catch and report all errors during the update process.
- Drop all NAT detection code.
- Drop selfhost.bz. German only, no free account, no proper TLS on domain, no
easy to test. Existing accounts will continue to work with "other" as the
service type.
- For gnudip update code, add a timeout of 10 seconds, set a buffer size of two
powers and fix handling error messages from server.
Tests:
- GnuDIP:
- Upon submission of the form, the IP is updated if app is enabled. IP is not
updated if app is disabled.
- Every 5 minutes, check is made again and IP is updated.
- If IP lookup URL is available, update calls are not made if the DNS is
already up-to-date.
- If IP lookup URL is not available, update calls are made unconditionally
every 5 minutes.
- For each of noip.com, freedns.afraid.org and other service:
- Upon submission of the form, the IP is updated if app is enabled. IP is not
updated if app is disabled.
- Every 5 minutes, check is made again and IP is updated.
- If IP lookup URL is available, update calls are not made if the DNS is
already up-to-date.
- If IP lookup URL is not available, update calls are made unconditionally
every 5 minutes.
- Form validation:
- Domain field is always mandatory.
- When type is selected as gnudip, the fields server, username, and password
are mandatory.
- When type is selected other than gnudip, the field update URL is mandatory.
The rest are optional.
- When the update URL contains a field contains <User>, username is mandatory.
For <Pass>, password is mandatory. For <Ip>, ip_lookup_url is mandatory.
- When use HTTP basic auth is checked, the fields username and password are
mandatory.
- Password is optional only if a previous password exists. If configuration is
deleted from kvstore, password is mandatory.
- Configuration import:
Install dynamicdns without the patch. Add configuration with each of the
service types. For GnuDIP service type, set two configurations with one with
and without IP lookup URL. Update to code with the patch. Setup should run.
- All fields in the configuration should be imported properly.
- If the previous configuration is disabled, app should be disabled after
import. Enabled otherwise.
- Updating the IP address should work immediately after import.
- Enable/Disable: when enabled, IP URL should be enabled every 5 minutes.
When disabled, updates should not happen.
- Status:
- When status is removed from the DB, it should show that no status is
available yet.
- When the form is updated or update happens via the timer, the status is
shown. It should show success for a proper update. Proper external IP address
should be shown.
- Set the server to localhost and submit. Status should show 'Server refused
connection' message. IP address should be '-'.
- Set the server to an unknown domain. Status should show 'Could not find
server' message. IP address should be '-'.
- Set the server to a known domain. Status should show 'Connection timed out'
message. IP address should be '-'.
- Last update time should keep increasing as time passes.
- Backup/restore:
- Functional tests.
- Javascript:
- When GnuDIP is selected as the type, the fields server, username, password,
domain, show password, and IP lookup URL should be shown while other fields
should be hidden. Same on page load with GnuDIP as pre-selected type.
- When GnuDIP is not selected as the type, the fields update URL, accept all
SSL certificates, use basic HTTP auth, domain name, username, password, show
password, IP lookup URL and use IPv6 fields should be shown and rest of the
fields should be hidden. Same on page load with non-GnuDIP as pre-selected
type.
- When show password is checked, password should be shown and when it is
unchecked, password is masked.
- When other service types are selected, the update URL values changes to the
respective service's URL.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Implemented within the backup component. Scope for implementing database
backup/restore in similar way.
- Add new 'settings' key in the backup manifest to allow keys to backed up and
restored.
- Implement by dumping/loading settings from DB into the file.
Tests:
- Unit tests.
- Backup/restore tests for dynamicdns workss.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Add Python implementation of GnuDIP client.
Tests:
- In testing container, configure Dynamic DNS with a (previously
offlined) freedombox.rocks account. FreedomBox interface shows that
the address has been updated. GnuDIP server also shows the correct
IP address.
- Running "gnudip update" and "dynamicdns update" actions produce the
expected results.
When this option is enabled, it would make the interface easy to work with. This
is likely what most users would want. Don't break things for users who have
already installed roundcube and ensure that local only is disable for them.
Tests:
- Install roundcube without the patch. Disable the app. Apply patch. Restart
service. Notice that roundcube is not re-enabled.
- Install roundcube without the patch. Apply patch. Restart service. Notice that
roundcube configuration /etc/roundcube/config.inc.php file has been updated and
include_once() at the end has been added. The file
/etc/roundcube/freedombox-config.php has been added. Local only option is
disabled.
- Install roundcube freshly with the patch. Local only option is enabled. Open
interface. Notice that server option is not presented.
- Disable local only option and notice that server field is shown in the
interface.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
[jvalleroy: Fix comment]
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Closes: #2081.
Tests:
- In the create user form, edit user form and change password form, the message
is shown as expected.
- The create user form, edit user form and change password form work as expected.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Closes: #2178.
- Don't bother with the redirection to the next page using the ?next= URL
parameter. Always redirect to the home (index) page.
- Show a message that logout was successful.
- Ensure that SSO cookie is removed.
Tests:
- Logout and notice that redirection has been performed to the home page.
- "Logged out successfully." message is shown.
- When logged as a user with a language set, logging out preserves the language
of the user who was just logged out.
- Login. Click logout while having browser developer tool open. Notice that
Logout request has SSO cookie. The response does not have the cookie set. The
next request is to the home page and it does not have SSO cookie in the request.
- Login to tt-rss app that needs SSO to work. Logout from FreedomBox interface
using another page. Refresh the tt-rss page and notice that user was logged out
and redirect to FreedomBox login page.
- Logout. Again, manually visit the URL
https://10.42.0.203/plinth/accounts/logout/. The page is still required to home
page and success is still shown even though the user is already logged out.
- Repeat the logout test as non-admin user.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Fixes: #2069.
Without a listening port, coturn will try to enumerate the non-local IP
addresses and try to listen on them. If coturn is started before network is
fully setup, it finds no usable IP addresses and fails. Furthermore, if IPs are
added to the system, it does not automatically listen on them.
A better approach as advised by systemd NetworkTarget documentation is to listen
on a wildcard address. This does not require network to be online and works well
for IP addresses being added/removed from the system. coturn is itself unable to
make changes to its default listening behavior for backward compatibility.
Tests:
- Freshly install coturn. Observe that listening-ip is properly set in the
configuration file. coturn is listening on 3478, 3479, 5349, 5350. coturn is
listening on ::1 and * addresses instead of individual IP addresses.
- Install coturn without the patch. Apply the patch and restart FreedomBox.
coturn setup will run. listening-ips get added to the configuration file. The
static-auth-secret is not changed from earlier. coturn will be restarted. coturn
is listening on 3478, 3479, 5349, 5350. coturn is listening on ::1 and *
addresses instead of individual IP addresses.
- Install coturn without the patch. Disable coturn. Apply the patch and restart
FreedomBox. coturn setup will run. coturn will not be enabled. coturn will be
running after setup.
- Functional tests pass.
- All ports able to connect using netcat (nc command) with IPv4 (-4 option) and
IPv6 (-6 option).
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Add HTML classes to help with functional testing.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Cockpit uses WebSockets which won't work without HTTPS. For .onion domains, we
are not explicitly redirecting to HTTPS since TLS is not necessary. Ensure that
Cockpit continues to work with .onion domains by explicitly redirecting to
HTTPS.
Tests:
- Without the patch, on a normal/Onion domain run curl -kv
http://{DOMAIN}/_cockpit/. Redirection does not happen.
- With the patch, on a normal/Onion domain run curl -kv
http://{DOMAIN}/_cockpit/. Redirection happen to https:// occurs.
- Redirection is a with HTTP status code 302, the temporary redirection code.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Closes: #2157.
Original author of the app J. Carlos Romero <juancarlos.romero@gmail.com> has
been contacted to see if there is interest in continuing to maintain the app.
There has been no response.
Since the app is not available even in the current stable (Bullseye), few users
are presumably using it on a supported FreedomBox distribution. Any users are
advised to maintain the manually instead of relying on FreedomBox for it.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Fixes: #2171.
Since systemd version 250, journalctl does not print the header line '-- Journal
begins... --'. To accommodate those changes, read the status log lines
accurately and check that they are not empty.
Tests:
- Run help functional tests on stable, testing and unstable.
- Modify code to not print status logs and notice that the functional test
fails.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
matrix-synapse 1.47.0-2 requires python3-frozendict 1.2-3 or higher. This is
only available in bullseye-backports, testing and unstable but not bullseye.
Allow python3-frozendict to be installed from buster-backports. Further there is
no longer any need to allow packages from buster-backports (on the master
branch). So, drop all those.
Tests:
- On stable/testing, without matrix-synapse and its dependencies installed, run
matrix-synapse functional tests.
- On stable, with older version of matrix-synapse and python3-frozendict, run
unattened-upgrade and notice that matrix-synapse upgrades to latest version.
- Without this patch, run service. Notice the contents of
/etc/apt/preferences.d/51freedombox.pref. When this patch is applied and service
is restarted, upgrades app is setup again and the files contents will change as
expected.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Fixes: #2170.
Starting with Django 2.2.25, re_path behavior has changed. When the regular
expression ends with a '$', a full match is performed with the regular
expression. This breaks the behavior of how we are currently matching the locked
URLs for CAPTCHA based login forms.
Tests:
- All tests are done on Debian stable with Django 2.2.25 and on Debian unstable
with Django 3.2.10.
- Go to home page, click on login link. Enter wrong password three times.
CAPTCHA page is show with URL ending with /locked. Type the correct password and
login will be successful.
- Install tt-rss. Logout. Go to /tt-rss/, redirection will happen to login page.
Enter wrong password three times. CAPTCHA page is show with URL ending with
/locked. Type the correct password and login will be successful.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Install tt-rss. Logout. Visit the /tt-rss link. We will be redirected to the
login page. Login with wrong password 3 times. CAPTCHA is shown. Login with
correct password. Login will be successful.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
In CI tests, when running 'run --list-dependencies', init for ikiwiki fails with
the following error. Fix that.
Exception while running init for <module 'plinth.modules.ikiwiki' from '/builds//freedombox/plinth/modules/ikiwiki/__init__.py'>: Action must exist in action directory.
Traceback (most recent call last):
File "/builds//freedombox/plinth/app.py", line 536, in _initialize_module
module.app = app_class()
File "/builds//freedombox/plinth/modules/ikiwiki/__init__.py", line 61, in __init__
self.refresh_sites()
File "/builds//freedombox/plinth/modules/ikiwiki/__init__.py", line 102, in refresh_sites
sites = actions.run('ikiwiki', ['get-sites']).split('\n')
File "/builds//freedombox/plinth/actions.py", line 95, in run
return _run(action, options, input, run_in_background, False)
File "/builds//freedombox/plinth/actions.py", line 147, in _run
raise ValueError('Action must exist in action directory.')
ValueError: Action must exist in action directory.
Tests:
- Shortcuts for ikiwiki show up properly on the front page after FreedomBox
daemon is restarted.
- Salsa CI no longer show the above error during --list-dependencies.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- It is reported on the mailing list that first setup operation on the help app
fails. The logs indicate that /usr/share/freedombox/manual directory is not
present on the system. Although this situation does not occur on a normal
installation, catch, log and ignore this error to be safe.
- Also ensure that this static files component is added in post_init so that
basic setup is not at all affected by it.
Tests:
- In the development directory, move doc/manual to doc/manual.bak. Observe that
the error message is printed during initialization but the process continues.
- With the manual directory properly restored, the full help manual is displayed
properly with images.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Closes: #2162.
Something changed in Debian packaging and systemd-timesyncd was not
automatically being installed.
Tests:
- Run functional tests for datatime app.
- Run ./run --list-dependencies and note that systemd-timesyncd is listed.
- packages.debian.org shows that systemd-timesyncd package is available in
Bullseye, Bookworm and sid.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- The term 'Update' without a context is not easy to understand. This is
especially true during first setup wizard.
- This makes our UI similar to Android and lot of other OSes.
Tests:
- Trigger a update notification by incrementing FreedomBox version. In there,
the name of the app in the first line shows 'Software Update'.
- During first setup wizard, the title of the wizard step is 'Software Update'
initially and also when upgrades are running.
- In the System page, the title on the card is 'Software Update'. So is the
title on the app page.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
