Tests:
- Initial setup of coturn succeeds
- Configuration file is created and required configuration is set.
- Coturn is restarted
- Coturn configuration is shown on app page.
- Changing the domain succeeds and coturn configuration reflects the new domain.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Running flake8 as in .gitlab-ci.yml works.
- Setting the domain name again to update /etc/hosts file after hostname change
works
- Setting the domain name from the text box works. New domain name is read back
and shown properly.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Running flake8 as in .gitlab-ci.yml works.
- Changes the hostname works and it is updated in /etc/hostname
- Avahi daemon is restarted
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Initial setup succeeds
- (not tested, functionality removed later) During initial setup, if
/etc/apache2/conf-available/freedombox.conf has home page other than /plinth,
it will be changed to /plinth.
- Setting the home page to Apache default, plinth, or an app works.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Unit and functional tests work.
- Creating a library works.
- An error while creating library shows as proper message.
- Deleting a library works.
- An error while deleting library shows as proper messages.
- Creating/deleting library reflects properly in the list of libraries.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Initial setup:
- Creates zones directory
- Write default configuration
- named is restarted
- Forwarders
- Setting forwarders works as expected.
- Current list of forwarders is shown as expected
- List of served domains is shown properly
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Functional tests
- Initial setup
- Sets the domain to freedombox.local (SITENAME)
- Default permissions are set to read
- Three passwords with varying permissions are create by default
- Current configuration is retrieved properly (default permissions, passwords)
- Adding passwords works, they are list as expected
- With or without comment
- Removing password works
- Setting default permissions works
- Untested:
- Upgrade from version 1
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Initial setup works when a new container is created
- When transmission is enabled/disabled, the web configuration for it is
enabled/disabled.
- When radicale is enabled/disabled, the uwsgi configuration for it is
enabled/disabled.
- Sharing web configuration is disabled during backup and re-enabled.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- When the action was converted from shell to python3, it was not removed from
the exclusion list.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
We depend on systemd for many things anyway and this code path is never tested.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
There is not much additional risk by doing this. This is needed in case of some
exceptional cases such as storage.validate_directory() which need to run as a
different user other than root.
Tests:
- Directory validation works in transmission and deluge.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Currently privileged actions use stdout for returning the results. If any of the
sub-processes accidentally output to stdout, decoding errors occur. Prevent this
by opening a pipe to the privileged action and returning the output in that
pipe.
Tests:
- Run unit tests
- Functional tests for other apps pass
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Currently, privileged actions are not allowed under top-level plinth module.
They are only allowed under each app module. Allow privileged actions under
plinth module.
- Currently, privileged actions are not allowed under a sub-module of
'privileged' package. They are allowed only in 'privileged' module. Allow
sub-modules under 'privileged' package.
Tests:
- Email app functional tests pass
- Functional tests for apps using package and service privileged methods pass
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- 'application-name' is not meant for regular web pages, just web apps.
FreedomBox qualifies as a web app. Browsers may use this over title.
- 'description' should rather talk about FreedomBox rather than just what role
the web interface plays in the FreedomBox project.
Tests:
- Verify formatting in output HTML.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- When a notification's message contains unexpected formatting characters such
as '{}', showing the notification and consequently the entire FreedomBox web
interface fails. Prevent that by make sure that that message formatting never
fails.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Signed-off-by: nbenedek <contact@nbenedek.me>
[sunil: Convert the PNG to SVG and use it for all sizes]S
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- I tested the changes with the VirtualBox image with a bridged network adapter.
After ten failed authentication attempts, my IP got blocked as expected.
- This setup uses apache's logs to filter the attempts. A wordpress
[plugin](https://wordpress.org/plugins/wp-fail2ban/) exists for redirecting the
logs to syslog, but that needs to be packaged.
Signed-off-by: nbenedek <contact@nbenedek.me>
[sunil: Drop logpath as logs are expected to go to journald]
[sunil: Update regex to match only failures and not successful logins]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- So that the new configuration file to disable
readme.html/xmlrpc.php/wp-cron.php takes effect.
Tests:
- Install wordpress without the security changes. Notice that the three URLs are
accessible. Apply the patch, run ./setup install and restart FreedomBox service.
Wordpress app is updated and the security changes take effect. The three URLs
are return forbidden response without manually restarting apache2.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Closes: #2244.
This patch disabled xmlrpc.php functionality entirely. For interacting with
WordPress using app, the new REST API functionality is recommended. However, for
the Pingback API XML-RPC is still a necessity. If this is an important feature
for FreedomBox users, we intend to re-enable XML-RPC functionality in WordPress.
Signed-off-by: nbenedek <contact@nbenedek.me>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
