- Drop all the bash code.
- Run the update URL code with same logic as before. Don't need to use action
code for it.
- Completely new way to handle configuration: using key/value store. Import old
configuration once and delete it.
- Use a glib scheduler instead of creating a cron job.
- Store and show status from key/value store.
- Handle multiple domains when getting/setting configuration and status. The UI
still shows a single configuration form. To be improved later.
- Catch and report all errors during the update process.
- Drop all NAT detection code.
- Drop selfhost.bz. German only, no free account, no proper TLS on domain, no
easy to test. Existing accounts will continue to work with "other" as the
service type.
- For gnudip update code, add a timeout of 10 seconds, set a buffer size of two
powers and fix handling error messages from server.
Tests:
- GnuDIP:
- Upon submission of the form, the IP is updated if app is enabled. IP is not
updated if app is disabled.
- Every 5 minutes, check is made again and IP is updated.
- If IP lookup URL is available, update calls are not made if the DNS is
already up-to-date.
- If IP lookup URL is not available, update calls are made unconditionally
every 5 minutes.
- For each of noip.com, freedns.afraid.org and other service:
- Upon submission of the form, the IP is updated if app is enabled. IP is not
updated if app is disabled.
- Every 5 minutes, check is made again and IP is updated.
- If IP lookup URL is available, update calls are not made if the DNS is
already up-to-date.
- If IP lookup URL is not available, update calls are made unconditionally
every 5 minutes.
- Form validation:
- Domain field is always mandatory.
- When type is selected as gnudip, the fields server, username, and password
are mandatory.
- When type is selected other than gnudip, the field update URL is mandatory.
The rest are optional.
- When the update URL contains a field contains <User>, username is mandatory.
For <Pass>, password is mandatory. For <Ip>, ip_lookup_url is mandatory.
- When use HTTP basic auth is checked, the fields username and password are
mandatory.
- Password is optional only if a previous password exists. If configuration is
deleted from kvstore, password is mandatory.
- Configuration import:
Install dynamicdns without the patch. Add configuration with each of the
service types. For GnuDIP service type, set two configurations with one with
and without IP lookup URL. Update to code with the patch. Setup should run.
- All fields in the configuration should be imported properly.
- If the previous configuration is disabled, app should be disabled after
import. Enabled otherwise.
- Updating the IP address should work immediately after import.
- Enable/Disable: when enabled, IP URL should be enabled every 5 minutes.
When disabled, updates should not happen.
- Status:
- When status is removed from the DB, it should show that no status is
available yet.
- When the form is updated or update happens via the timer, the status is
shown. It should show success for a proper update. Proper external IP address
should be shown.
- Set the server to localhost and submit. Status should show 'Server refused
connection' message. IP address should be '-'.
- Set the server to an unknown domain. Status should show 'Could not find
server' message. IP address should be '-'.
- Set the server to a known domain. Status should show 'Connection timed out'
message. IP address should be '-'.
- Last update time should keep increasing as time passes.
- Backup/restore:
- Functional tests.
- Javascript:
- When GnuDIP is selected as the type, the fields server, username, password,
domain, show password, and IP lookup URL should be shown while other fields
should be hidden. Same on page load with GnuDIP as pre-selected type.
- When GnuDIP is not selected as the type, the fields update URL, accept all
SSL certificates, use basic HTTP auth, domain name, username, password, show
password, IP lookup URL and use IPv6 fields should be shown and rest of the
fields should be hidden. Same on page load with non-GnuDIP as pre-selected
type.
- When show password is checked, password should be shown and when it is
unchecked, password is masked.
- When other service types are selected, the update URL values changes to the
respective service's URL.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Implemented within the backup component. Scope for implementing database
backup/restore in similar way.
- Add new 'settings' key in the backup manifest to allow keys to backed up and
restored.
- Implement by dumping/loading settings from DB into the file.
Tests:
- Unit tests.
- Backup/restore tests for dynamicdns workss.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Add Python implementation of GnuDIP client.
Tests:
- In testing container, configure Dynamic DNS with a (previously
offlined) freedombox.rocks account. FreedomBox interface shows that
the address has been updated. GnuDIP server also shows the correct
IP address.
- Running "gnudip update" and "dynamicdns update" actions produce the
expected results.
When this option is enabled, it would make the interface easy to work with. This
is likely what most users would want. Don't break things for users who have
already installed roundcube and ensure that local only is disable for them.
Tests:
- Install roundcube without the patch. Disable the app. Apply patch. Restart
service. Notice that roundcube is not re-enabled.
- Install roundcube without the patch. Apply patch. Restart service. Notice that
roundcube configuration /etc/roundcube/config.inc.php file has been updated and
include_once() at the end has been added. The file
/etc/roundcube/freedombox-config.php has been added. Local only option is
disabled.
- Install roundcube freshly with the patch. Local only option is enabled. Open
interface. Notice that server option is not presented.
- Disable local only option and notice that server field is shown in the
interface.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
[jvalleroy: Fix comment]
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Closes: #2081.
Tests:
- In the create user form, edit user form and change password form, the message
is shown as expected.
- The create user form, edit user form and change password form work as expected.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Closes: #2178.
- Don't bother with the redirection to the next page using the ?next= URL
parameter. Always redirect to the home (index) page.
- Show a message that logout was successful.
- Ensure that SSO cookie is removed.
Tests:
- Logout and notice that redirection has been performed to the home page.
- "Logged out successfully." message is shown.
- When logged as a user with a language set, logging out preserves the language
of the user who was just logged out.
- Login. Click logout while having browser developer tool open. Notice that
Logout request has SSO cookie. The response does not have the cookie set. The
next request is to the home page and it does not have SSO cookie in the request.
- Login to tt-rss app that needs SSO to work. Logout from FreedomBox interface
using another page. Refresh the tt-rss page and notice that user was logged out
and redirect to FreedomBox login page.
- Logout. Again, manually visit the URL
https://10.42.0.203/plinth/accounts/logout/. The page is still required to home
page and success is still shown even though the user is already logged out.
- Repeat the logout test as non-admin user.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Fixes: #2069.
Without a listening port, coturn will try to enumerate the non-local IP
addresses and try to listen on them. If coturn is started before network is
fully setup, it finds no usable IP addresses and fails. Furthermore, if IPs are
added to the system, it does not automatically listen on them.
A better approach as advised by systemd NetworkTarget documentation is to listen
on a wildcard address. This does not require network to be online and works well
for IP addresses being added/removed from the system. coturn is itself unable to
make changes to its default listening behavior for backward compatibility.
Tests:
- Freshly install coturn. Observe that listening-ip is properly set in the
configuration file. coturn is listening on 3478, 3479, 5349, 5350. coturn is
listening on ::1 and * addresses instead of individual IP addresses.
- Install coturn without the patch. Apply the patch and restart FreedomBox.
coturn setup will run. listening-ips get added to the configuration file. The
static-auth-secret is not changed from earlier. coturn will be restarted. coturn
is listening on 3478, 3479, 5349, 5350. coturn is listening on ::1 and *
addresses instead of individual IP addresses.
- Install coturn without the patch. Disable coturn. Apply the patch and restart
FreedomBox. coturn setup will run. coturn will not be enabled. coturn will be
running after setup.
- Functional tests pass.
- All ports able to connect using netcat (nc command) with IPv4 (-4 option) and
IPv6 (-6 option).
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Add HTML classes to help with functional testing.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Fixes: #2174.
When HSTS is set, there is no way to override the certificate warnings. LE does
not yet issue certificates for .onion domains. Certificate warnings are
certainly show there. Although browsers don't accept HSTS headers when the
certificate is invalid, it is best be safe and not set them for .onion domains.
Tests:
- Without the patch, on normal and .onion domains, HSTS is set only when using
HTTPS.
- With the patch, HSTS is set only when using HTTPS but only for normal domains
but not .onion domains.
- The patch works when tested with .onion and .ONION hosts.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Cockpit uses WebSockets which won't work without HTTPS. For .onion domains, we
are not explicitly redirecting to HTTPS since TLS is not necessary. Ensure that
Cockpit continues to work with .onion domains by explicitly redirecting to
HTTPS.
Tests:
- Without the patch, on a normal/Onion domain run curl -kv
http://{DOMAIN}/_cockpit/. Redirection does not happen.
- With the patch, on a normal/Onion domain run curl -kv
http://{DOMAIN}/_cockpit/. Redirection happen to https:// occurs.
- Redirection is a with HTTP status code 302, the temporary redirection code.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Fixes: #2173.
When a wget process fails to download an image from Debian wiki for any reason,
fail the whole fetching process so that the users notices it and reruns the
process. Earlier, these were failing silently leading to zero sized images.
Tests:
- Without the change, notice that when wget process is killed during fetching of
images, it leads to incorrect image files (partially downloaded or zero sized
files).
- With or without the changes, killing wget process at other times leads to
fetch process halting indicating that wget in normal cases fails correctly.
- With the change, killing the wget process will lead to an error and the
fetching process stops.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
