Fixes error 500 when trying to open Samba app page when at least
one of the users in freedombox-share group doesn't exist.
Tests performed in both stable and testing containers:
- Installed Samba app.
- Installed Deluge app (Plinth install/setup fails but the Debian
package itself was installed).
- Did `apt remove --purge deluged` from command line.
- Checked that the debian-deluged user doesn't exist (`getent passwd`)
and the user is in the freedombox-share group (`getent group`).
- Checked that the Samba app page opens without errors.
- Checked that all the Samba tests pass.
Fixes#2411.
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Helps: #2410.
- Ensure that diagnostics methods and parameters are type checked so that we can
catch any potential issues.
- Move plinth/modules/diagnostics/check.py to plinth/diagnostic_check.py to
avoid many circular dependencies created. This is due to
plinth.modules.diagnostics automatically imported when
plinth.modules.diagnostics.check is imported. Also app.py is already (type)
dependent on diagnostic_check due to diagnose() method. To make the Check
classes independent of diagnostic module is okay.
Tests:
- Run make check-type.
- Run full diagnostics with following apps installed: torproxy, tor.
- Test to netcat to 9051 in tor works.
- Test 'port available for internal/external networks' in firewall works.
- Test 'Package is latest' works.
- Test 'Access url with proxy' in privoxy works.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
[jvalleroy: Also move tests for diagnostic_check]
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
- This is so that the methods will be checked by mypy. This should help identify
any incorrect initialization of components.
- Remove unused self.repos in GitwebApp.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Fixes an issue where the LDAP user 'tester' was removed after testing
test_views.py. It happened when there were two admin users present.
Tested with both stable and testing containers that all the users
module tests pass and a user 'tester' is not removed when
two admin users exists.
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Fixes: #2409.
When creating a user if one or more groups is selected, creation fails. This
is because the fields contains group choices as (name, label) tuples instead
of (group_id, label) tuples as expected by the many-to-many field mapping
mechanism in ModelField class. Fix this by using the same mechanism used in
UserUpdateForm, which is to reuse the base class form field (but adjust some
properties).
Tests:
- During first boot
- Django groups are fully created when form is accessed with blank database
- In user creation/modify form:
- Label appears are 'Permissions'
- Choices appear fully and as 'Description (Group name)'
- Help text is correct.
- Choices are sorted on group name.
- Django groups are fully created when form is accessed when a new group is
added to code.
- User can have no groups
- Widget is multiple checkbox widget. Multiple groups can be selected.
- User is added to proper ldap groups after submission
- In user modify form:
- If the user is last admin user, admin checkbox is checked and disabled.
- Current list of groups is accurate shown when form is displayed.
- Add remove of groups works as expected
- Functional tests for gitweb and users apps pass
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
Display and log an error, including contents of current_results.
Clear the contents of current_results.
Tests:
- View the diagnostics results as normal.
- Introduce a TypeError before the results are copied. See the error message
shown in the interface. (The error details are cleared when the page is
refreshed.)
Helps: #2410
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
[sunil: Fix a mypy error]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Fixes#2408.
- When app is disabled, continue to update the app shortcut's login required
property. Otherwise, the value is current after the app is re-enabled.
- When public access is enabled, the gitweb-freedombox-auth.conf configuration
must be disabled. This can be done even if the configuration is already disabled
or does not exist. So, continue doing this.
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
[sunil: Perform enable public access even if app is disabled]
[sunil: Perform shortcut update in all cases even if app is disabled]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Closes: https://bugs.debian.org/1063968.
- Due to a changed behavior in pytest 8.x, any imports with 'setup_module' name
will be treated as a method to setup the module in the style of unittest/nose.
pytest tries to call this as a method and will fail.
- Rename the import to 'setup_module_' instead of 'setup_module' to fix this issue.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- It removes this warning. plinth/modules/backups/tests/test_ssh_remotes.py:62: PytestRemovedIn9Warning: Marks applied to fixtures have no effect.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Closes: #2396.
New configuration options were introduced from 1.3.x to 2.1.x. This cause
configuration file prompt due to our existing changes to the configuration file.
Changes to the configuration file were investigated in #2396.
Tests:
- Install firewalld 1.3.x. Ensure that firewalld configuration changes are
present as intended by FreedomBox. Change priority of the .deb package to allow
installing 2.1.x. Run apt update and notice that force upgrade has been
performed to 2.1.x.
- firewalld upgrade has also been tested as part of this patch series.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- This prevents the test from failing if install has not run yet.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
The option is stored in kvstore. If no value is set, it is assumed to be
enabled.
Tests:
- Disable daily run. In development mode, diagnostic are not run after several
minutes.
- Enable daily run. In development mode, diagnostics are run after several
minutes.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
[sunil: Minor refactoring and update messages in UI]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
I tested both fresh install and updating an existing installation.
When updating an existing instance, the app had to be manually enabled,
so I added:
```
elif old_version < 2:
self.enable()
```
Fixes: #2345
Signed-off-by: Benedek Nagy <contact@nbenedek.me>
[sunil: Change the config name to zoph-freedombox.php]
[sunil: Enable the config during update only if app is already enabled]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
It is best to have obtained the results lock when counting the severe failures
in diagnostic results.
Tests:
- When some packages are outdated, notification is shown with warning severity.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Tests:
- Unit tests pass.
- Run full diagnostics tests and see that results and app name are translated
when language preference is not English.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Tests:
- Run diagnostics. Restart plinth, and check that the diagnostics results are
still available to view.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Tests:
- Enable all apps, and run diagnostics. Diagnostic descriptions are formatted
as expected.
- Change the language to Spanish, and view the diagnostic results. Diagnostic
descriptions are translated as expected.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Tests:
- Change the partition to test to '/mnt'. Mount a loopback filesystem on /mnt.
'dd if=/dev/zero of=/test-file bs=1M count=100; mkfs.ext4 /test-file; mount -o
loop /test-file /mnt'. Turn it to read-only with 'mount -o remount,ro /mnt'.
Wait about 3 minutes for the notification to show up.
- The notification shows icon, title and message as expected. The button power
app appears and works as expected.
- When the filesystem is mount rw again, the notification goes away in 3
minutes. 'mount -o remount,rw /mnt'.
[sunil: Let glib.schedule decide time when debugging]
[sunil: Perform exact matching in partition mount options]
[sunil: Simplify notification message. Minor grammar change]
[sunil: Minor refactoring for styling]
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- This includes the envelope size, so the actual size of the message and
attachments is somewhat lower.
Tests:
- Install the app freshly with the patch. Notice that message_size_limit is set
to 102400000 by running 'postconf message_size_limit'.
- Install the app without the patch. Apply patche and notice that the app is
updated. Notice that message_size_limit is set to 102400000 by running 'postconf
message_size_limit'.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- If the STUN/TURN configuration is not managed by FreedomBox, the parameters
are left unchanged.
Tests:
- Install app after installing Coturn. Notice that STUN URI doesn't have a
'transport' parameter.
- Install app without the patches after installing Coturn. Notice that STUN URIs
have 'transport' parameter. Then apply patches. Setup is run. 'transport'
parameter is removed and only one STUN URI is present. matrix-synapse server
restarts successfully and don't have show any errors/warnings regarding
STUN/TURN configuration during startup.
- Install app without patches and set custom STUN/TURN URIs. Apply patches.
Setup is run. The URIs are not changed.
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- If the STUN/TURN configuration is not managed by FreedomBox, the parameters
are left unchanged.
Tests:
- Install app after installing Coturn. Notice that STUN URI doesn't have a
'transport' parameter.
- Install app without the patches after installing Coturn. Notice that STUN URIs
have 'transport' parameter. Then apply patches. Setup is run. 'transport'
parameter is removed and only one STUN URI is present. matrix-synapse server
restarts successfully and don't have show any errors/warnings regarding
STUN/TURN configuration during startup.
- Install app without patches and set custom STUN/TURN URIs. Apply patches.
Setup is run. The URIs are not changed.
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Closes: #2362.
Passing ?transport= parameter in STUN URIs is invalid. It always uses UDP.
Chrome and perhaps Firefox has recently started enforcing the correct syntax
leading to failures using the Coturn server URIs we set in Janus. This also
likely effects matrix-syanpse and ejabberd clients.
Links:
1) https://www.rfc-editor.org/rfc/rfc7064#section-3.1
2) https://bugs.chromium.org/p/chromium/issues/detail?id=1385735
Tests:
- Install Coturn. Observe that STUN URIs shown don't contain the 'transport'
parameter.
- Install Janus and launch the meeting room. Notice that the STUN URIs in the
room page don't have 'transport' parameter.
- Install ejabberd and notice that the auto-configured STUN URIs don't have
'transport' parameter.
- Install matrix-synapse and notice that the auto-configured STUN URIs don't
have 'transport' parameter.
- Install ejabberd and matrix-synapse. Ensure that STUN URIs manually. They are
not allowed to 'transport' parameter for the STUN URIs but must have transport
parameter for TURN URIs.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- We stop services before backup and restart them when backup is completed.
However, if backup fails, we are not restarting the services. With this change,
ensure that stopped services are restarted even if backup process fails.
- Similarly for restore operation.
Tests:
- Backup and restore of an app work.
- Functional tests for matrix-synapse work.
- Run the following two tests without the patch to ensure that the reported bug
is reproducible.
- Make a backup operation fail by raising an exception in the privileged code
that takes backup. Enable matrix-synapse app. Run backup including the
matrix-synapse app. Backup fails and shows an error. The service is
stopped before backup and restarted after backup failure.
- Make a restore operation fail by raising an exception in the privileged code
that does restore. Enable matrix-synapse app. Run backup including the
matrix-synapse app and try to restore it. Restore fails and shows an error. The
service is stopped before restore and restarted after restore failure.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Fixes: #2384
- This was missed during the original transition to DiagnosticCheck class for
returning diagnostic results.
Tests:
- In vagrant container, test that the diagnostic test result shows up in
datetime app and it passes.
- Running full diagnostics on the system works.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- When running diagnostics for an app, if there are any failures or warnings,
then show a button to re-run setup.
- When showing all diagnostics results, if there are any failures or warnings
for an app, then show a button to re-run setup for that app.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
[sunil: Use Result class instead of strings for comparison]
[sunil: Use flex box's justify-content-between to improve button styling]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Kiwix content packages should be publicly accessible by default. Allow
the frontpage shortcut to be accessed without logging in.
Added a functional test to check that Kiwix library can be accessed
without logging in.
Signed-off-by: Joseph Nuthalapati <njoseph@riseup.net>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Tests:
- Print the interval time in schedule() method and verify that the times are as
expected in develop mode and production mode.
- Notification shows up for RAM usage if the check hardcoded to True.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
We already have one in /usr/share/freedombox/modules-enabled.
Tests:
- Run ./setup.py install and ensure that app shows up in the UI.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
- Fix icon paths in copyright file.
- Minor refactoring.
- Add Kiwix library link to app page as well as users may want to see the
content available before installing the app.
- Consolidate terminology to 'content package' for UI and just 'package'
internally.
- Drop unused SYSTEM_USER constant.
- Simplify the ExecStart= in systemd service file.
- Fix incorrect i18n caused by non-lazy formatting of strings.
- Confirm that xml parsing is not vulnerable as expat library of required
version is used in Debian bookworm.
- Don't start the kiwix daemon when managing library if app is disabled.
- Ignore errors when removing files during uninstallation.
- Handle failures more gracefully when library XML file does not have required
attributes.
- Update SVG/PNG icons to adhere to FreedomBox guidelines.
- Trim block translations in templates.
- Drop comments/deadcode inside translation strings.
- Drop a comment inside add content page that only makes sense with multiple
methods for adding content.
- tests: Don't use pkg_resources library as it is deprecated. We can use
importlib.resources library in future if we run tests on zip installations.
- Fix potential security issues while writing file to tmp directory.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
- It does not look like matrix-synapse will ever support changing domain name.
- Our only recourse is to uninstall and install the app. Mention this solution
to users and its consequences upfront.
Tests:
- Test that message got updated during setup after installation.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Update the outdated apt preferences file that still refers to
bullseye-backports instead of bookworm-backports.
- Perform matching using n= instead of a= for matching distribution codename.
- Drop preferences for libraries that were only required in bullseye-backports
and not in bookworm-backports.
Tests:
- Install matrix-synapse app in testing container and stable container.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- When running full diagnostics manually, we can use the Operation class. This
allows us to use many of its features.
- Ensure only one task is running at any time. No need to use running_task
global variable and a lock for it.
- Don't run the operation if app install/uninstall or other potentially
contentious tasks are running.
- Since Operation object creates a thread, don't create another one with
glib.schedule(). Don't wait unnecessarily for the operation to finish in the
glib thread (or glib created thread).
- Since the app will show progress of operations when an operation is running,
it would not be possible to show progress of diagnostics running. So, create a
separate page for diagnostics results.
Tests:
- Run diagnostics and see redirection happens to diagnostics results page.
Results page shows ongoing tests. It refreshes automatically. When tests are
completed, 'Re-run diagnostics' button is shown.
- When visiting /diagnostics/full/ URL is visited without running the test. Only
the re-run button is shown. No results are shown. If tests have been run, re-run
button along with results are shown.
- On the app page, if the tests have been run, a button for viewing results is
shown. Otherwise, the button is not shown.
- In development mode, background diagnostics are run after 3 minutes (change
the time to 150 seconds if database locked errors show up). Results are
available in the results page.
- Make a diagnostic test fail by changing code or disabling a daemon. Run
diagnostics and notice that a notification is shown with the button to go to the
results. Clicking on the button shows the results page. Clicking dismiss removes
the notification.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Ensure that each diagnostic test category can be identified by easy prefix
matching on the test ID.
- Give a different unique IDs each different kind of test. More specific tests
of a type get a different kind of ID.
- Make comparison of diagnostic test results in test cases more comprehensive.
- Simplify code that shows the number if issues identified.
- In many languages, there is complex logic to write plural forms. Plurals
can't be handled by assuming singular = 1 item and plural is > 1. Translation of
messages in Notification does not support plurals properly. Avoid this for now
by using sometimes incorrect plural form.
- For i18n we should avoid joining phrases/words. Words don't always maintain
order after translation.
- Notify about the total number of issues in diagnostics and not just the most
severe category. This is likely to draw more attention and avoid i18n
complexity.
- Dismiss the diagnostic notification if the latest run succeeded completely.
Tests:
- Unit tests pass.
- Diagnostics for following apps works: networks (drop-in config),
apache (daemon, listen address, internal firewall, external firewall),
tor (netcat), torproxy (internal only firewall, torproxy url, torproxy using
tor), privoxy (privoxy url, package available, package latest),
- Untested: Is release file available method in upgrades app.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Helps in retrieving an operation that is currently running.
- Prevent starting an operation that is already running.
Tests:
- Unit tests work.
- Installing, uninstalling an app works.
- For upgrading an app works.
- Running background diagnostics works.
- Updating tor configuration works.
- Updating torproxy configuration works.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Set unique check_id for each diagnostic check.
- Result is a string-based enumeration. The default value (NOT_DONE) can be
used for diagnostic checks that have not been completed yet.
- Result is StrEnum so that the return value of check_url can still be used
directly as a diagnostic result.
Closes: #2375
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- One notification is shown with a count of the highest severity issues.
- Un-dismiss the notification, so it is shown even if previously dismissed.
- Add link to see the results, which are stored in a global variable.
- Add a lock for running_task.
Tests:
- Notification with 2 warnings shown on stable container due, to packages not
upgraded.
- Change the firewalld default zone to public. After the next run, the
notification changes to an error, and shows 1 failure.
Helps #2366.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
borg throws and warning "Warning: Attempting to access a previously unknown
unencryped repository!\nDo you want to continue?" and then fails while asking
for a manual confirmation. Avoid this by telling borg not to prompt (and confirm
yes).
This commit provides a fix for the issue described here:
https://discuss.freedombox.org/t/how-do-i-restore-freedombox/2022/10
[sunil: Drop the part about handling the error message]
Signed-off-by: Benedek Nagy <contact@nbenedek.me>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
During installation of email app, sievec is run on
/etc/dovecot/freedombox-sieve-after/sort-spam.sieve file to produce a binary
version of the file. However, this file is not available until after the app is
enabled. This is due to the newly introduced drop-in configuration mechanism. To
fix this, during setup, enable the drop-in configuration component responsible
for this file. The component is newly split from the component that deals with
all drop-in components so that not all the drop-in configuration files are
symlinked.
There is no change needed to the app when the drop-in configuration component is
split into multiple components. This is true for all three state of the app;
not-installed, installed-enabled, and installed-disabled.
Tests:
- Install latest code with ./setup.py install. Install the app and it works.
- Uninstall the app and reinstall. It works. There are no warnings that config
file have been replaced with symlinks.
- /etc/dovecot/freedombox-sieve-after has the sort-span.svbin binary sievec
compiled file.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- mypy does not show any errors.
- Installing ejabberd app works. Privileged actions run fine.
- Unit tests work.
- No additional testing was done as type annotations don't have any effect at
runtime.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
