After a user enables/disables MAM, use ejabberd's reload_config instead
of restarting ejabberd.
Please let me know how this looks? Could reload_config also be of use
when adding/dropping a Let's Encrypt certificate?
Fixes#1010
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Edit user form fails because a 'wiki' group entry exists in the database
though the ikiwiki app hasn't been installed yet.
- Register group when a user group is created by an application, so that a
plinth restart can be avoided.
Signed-off-by: Joseph Nuthalapati <njoseph@thoughtworks.com>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- More user-friendly treatment of groups and their permissions
Closes#690
Signed-off-by: Joseph Nuthalapati <njoseph@thoughtworks.com>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Change sso refresh url to refresh-pubtkt since refresh was conflicting with
captcha's image refresh url.
- Fix datetime.timedelta calculation for refresh interval. Now validity of
ticket is 30 seconds as it was intended to be. It was wrongly set to 30 days
earlier.
Signed-off-by: Joseph Nuthalapati <njoseph@thoughtworks.com>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
All users can login. Only admin users can see logs and make changes.
LIMITATION: Only certain functions such as service management is possible.
Functions such as networking and user management is read-only. This problem does
not occur for user belonging to the 'sudo' group.
- Move to system section from applications section.
- Rename action script to cockpit instead of cockpit.
- Deal with .socket/.service correctly.
- Implement hooks on domain name changes and update configuration correctly.
- Host the application under /_cockpit instead of /cockpit because it is
reserved.
- Update description.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Apply the patch present in Debian packaging:
James Valleroy: When testing new image builds, I found users created through
plinth could not login through console or SSH. The reason is that slapd and
nslcd services were not enabled and not running. I don't know what is causing
this situation, so this is just a workaround.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
This does not effect the first install but is necessary when upgrading to newer
Plinth module version.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
- Also wrote unit tests in users/tests/test_actions
Signed-off-by: Joseph Nuthalpati <njoseph@thoughtworks.com>
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
API access is required to use tt-rss from the official Android app
Closes#1060
Signed-off-by: Joseph Nuthalapati <njoseph@thoughtworks.com>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Only add a connection for a device if a connection with that name is not already
associated with that device.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Signed-off-by: Joseph Nuthalpati <njoseph@thoughtworks.com>
When network-manager restarts, it leaves the existing connections intact. When
it start again, it somehow restores that active connection. So, restarting
network-manager is not a solution to activate all newly created connections.
Explicitly activate all connections and don't restart network-manager. Do
connection activation in background so that failed activation does not lead to
failed setup of remaining connections.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Signed-off-by: Joseph Nuthalpati <njoseph@thoughtworks.com>
The changes made for system login will not be effective until a restart. This
includes SSH login, console login, getent answers, etc.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Signed-off-by: Joseph Nuthalapati <njoseph@thoughtworks.com>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Closes#928
- Adds shell and python APIs adding/removing LDAP groups
Signed-off-by: Rahul De <rahul080327@gmail.com>
Reviewed-by: Joseph Nuthalapati <njoseph@thoughtworks.com>
This does not change the order of any of the current devices. Only device
supported currently that has multiple interfaces is APU.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Signed-off-by: Joseph Nuthalapati <njoseph@thoughtworks.com>
- For a user who installed using FreedomBox disk image, when Plinth upgrades to
a release containing this change, don't run network setup. This is ensured by
not incrementing the version number of the networks module.
- For a user who installed using freedombox-setup Debian package, when Plinth
upgrades to a release containing this change, don't run network setup. This is
ensured by not incrementing the version number of the networks module.
- For a user who installed using freedombox-setup Debian package, when Plinth is
run for the first time, don't run network setup. This is ensured by checking
for the file /var/lib/freedombox/is-freedombox-disk-image which will not
exist.
- For a user who installed using FreedomBox disk image, when Plinth runs for the
first time, setup process executes and triggers the script due networks module
being an essential module.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Signed-off-by: Joseph Nuthalapati <njoseph@thoughtworks.com>
* Fixing wrong function calls leading to error 500.
* Merging enable/disabling/status into single action, to improve
handling in cli, and reduce code duplication.
* Fixing order of restart and enabling of public registration option.
* Minor, cosmetic fixes of code and user-facing strings.
* Overall code design now almost identical to Ejabberd service page.
Signed-off-by: Johannes Keyser <johanneskeyser@posteo.de>
There is no need to restart firewalld after the setup steps run.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- using latest version of lib-apache2-mod-authpubtkt
- upgraded keys to 4096-bit RSA
- upgraded hashing algorithm to sha512
Plinth needs dependency on libapache2-mod-auth-pubtkt >= 0.11
Signed-off-by: Joseph Nuthalpati <njoseph@thoughtworks.com>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- This avoids an issue where it would try to enable the apache conf
possibly before it is generated.
- Added an explicit enable statement since it was missing.
Reviewed-by: Joseph Nuthalpati <njoseph@thoughtworks.com>
Run sudo-required action via actions.superuser_run
Actions related to services those require `sudo` permissions need to
be executed via actions.superuser_run.
NOTE:
If plinth service is started via `sudo ./run --debug` (in dev mode)
all actions will be executed silently. But plinth in user machines
won't be executed with sudo permissions.
