Tests:
- Run affected privileged actions through UI and notice that secret strings are
not logged.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Run affected privileged actions through UI and notice that secret strings are
not logged.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Perform effected actions and ensure that secrets are not logged on the
console.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Method parameters marked with secret_str will not be logged.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
When older version is already built and later code is updated to newer version
and built multiple .whl files are present in dist/ directory. This confuses the
install script that assumes only one .whl is present. Pip refuses to install
multiple versions of the same package. This error was seen when bringing up the
'stable' container.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
TiddlyWiki uses almost the same Apache configuration as Feather Wiki,
with one difference - disabling gzip for the `HEAD` request.
The FreedomBox app for TiddlyWiki is identical to Feather Wiki in
every other aspect.
- Proxy download through freedombox.org. This serves two purposes:
1. Upstream's website cannot track the IP addresses of FreedomBox users.
2. We can update the versions of the empty quine files without making
code changes in FreedomBox.
[sunil]
- Update description to correct the list of users who can access the app.
- Update logo to adhere to the logo guidelines.
- Minor styling fix.
- Update the copyright on the logo based on information from upstream git
repository.
Signed-off-by: Joseph Nuthalapati <njoseph@riseup.net>
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
This serves two purposes:
1. Upstream's website cannot track the IP addresses of FreedomBox users.
2. We can update the versions of the empty quine files without making
code changes in FreedomBox.
Signed-off-by: Joseph Nuthalapati <njoseph@riseup.net>
[sunil: Update description to reflect the change in upstream URL]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.or>g
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- Uninstall deletes wikis & extensions
- Use Skylark (v1.8.0)
- Add option to upload existing wiki
- Open wiki links in new tab. Since Feather Wiki modifies browser history, it
takes several clicks to go back and reach the FreedomBox app for Feather Wiki if
the user wants to switch to another wiki file. Opening in a new tab also makes
it easy for the user to move text between wikis (i.e. the Refile use case).
- Improve HTML file path handling. Extract only the HTML file name from the URL.
Return a 404 status if the file cannot be found
- Place featherwiki_nest.cgi file in /usr/lib/cgi-bin. The file is installed as
part of the FreedomBox package, rather than a step in the installation of
Feather Wiki.
[sunil]
- Reorganized description to complete the introduction before talking about
FreedomBox implementation.
- Update description to say that only users of 'wiki' group can access.
- Update description to talk about where the wiki is downloaded from how to
upgrade it.
- Update short description to 'Personal Notebooks'.
- Add UsersAndGroups component and to reuse 'wiki' group properly.
- Reorder component to resemble other apps (could prove useful in future).
- Restrict frontpage shortcut to 'wiki' group users.
- Minor styling updates. Run isort.
- Use pathlib.Path object where possible instead of os.path.
- Perform sanitization in privileged methods instead of callers. This leads
better security if the service is compromised.
- Perform duplicate checking in privileged methods instead of callers.
- Check in privileged action that uploaded file originates from temporary
directory. Otherwise, arbitrary files can moved into DAV directory.
- Switch storage path to /var/lib/ which is an application data folder from
/var/www which is a user data folder.
- Add extra security to the DAV folder by explicitly rejecting .htaccess
directives, forcing mime type and removing all options.
- Update SVG/PNG logo icons to adhere to our guidelines.
- Minor template updates. Add required attributes. Improve i18n. Avoid <p>
inside <p>.
- Refactor tests for more code reuse and fewer globals.
Signed-off-by: Joseph Nuthalapati <njoseph@riseup.net>
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- DAV can simplify hosting the Feather Wiki app.
- It can also potentially be used to share folders over HTTP to clients such a
GNOME/KDE file mangers.
- Enabling the modules by default should have few disadvantages other than
slight increase in memory. It needs to be enabled with 'DAV on' directive on the
specific directories.
Tests:
- Running the service after patch run apache setup and the modules are enabled.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
- The library performs a large number of tests to determine if various features
are available in the browser. In Debian most tests seem to be present unlike
other methods of distribution where users select which tests they want and build
a customized library for their app. This leads to increased page load time.
- The only functionality we use from Modernizr library are the .js and .no-js
classes we use in our CSS styling. Modernizr is not needed by Bootstrap library.
We don't use 'Modernizr.' properties in Javascript.
- A bug in the test to determine if an <input> element with type="number" allows
localization or not causes the page to scroll down to the end. This behavior
appeared in version 3.x of modernizr and despite the bug report and the fix, it
is not gone. Dropping modernizr fixes this issue.
Tests:
- The logout link in the header bar is visible only when Javascript is disabled.
- The dropdown icons next to header menus only appear when Javascript is
enabled.
- For each feature detection provided by Modernizr library, search if our
project is using that in CSS styling.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
When an app installs a python module as a dependency and imports it. CherryPy
will start monitoring it for changes. When the app is uninstalled, the module is
removed from the system leading to change detected by CherryPy. The entire
service is then restarted if it is in development mode. This could cause a
temporary failure in requests served leading to failures in functional tests.
Workaround this by preventing auto-reloading for some python modules.
Tests:
- Without changes, in develop mode, uninstall nextcloud and notice that
FreedomBox service is restarted. With changes, it does not restart.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Without the changes, typing https://<domain>/nextcloud does not work. With the
changes it redirects to https://<domain>/nextcloud/.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
For test cases implemented in derived classes, autouse=True does not seem to
work. These test cases can explicitly request this fixture with the name.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Sometimes <input type='submit'> are used as submit buttons and at other times
<button type='submit'> is used.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- /etc/gitweb-freedombox.conf is a drop-in configuration file. It is provide in
/usr and linked into /etc/. It is overwritten when freedombox package is
upgraded. So, it is incorrect to backup/restore the file.
Tests:
- Run functional tests that include backup/restore.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
In some cases in the backup page, when trying to restore a backup, the button is
obscured and trying to click it fails. Handle such situations by scrolling the
element into view first and try to click on the element again. Ensure that our
navigation header does not obscure the element when scrolling it into view.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
When a click fails because the element is obscured or out of scroll port, the
fails with ElementClickInterceptedException. This normally fails the test
properly. However, when waiting for a page update, the wait loop silently
swallows the error causing the click failure to be ignored. This later leads to
a timeout waiting for page to be updated.
Handling this error separately and re-raising it ensures that the test fails
with the correct error allowing us to fix the problem.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Run functional tests on miniflux app.
- Run backup and restore on ttrss app manually and notice that data is restored
and there are no errors.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Joseph Nuthalapati <njoseph@riseup.net>
- When the password is changed during the reset-password test, running other
tests in a different test run fails the tests.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Joseph Nuthalapati <njoseph@riseup.net>
- Check the exitstatus and signalstatus as seen from the ptyprocess module.
- Avoid accessing 'log' before is it initialized.
- When creating admin user, don't expect JSON message for all other types of
errors. They are simple strings.
Tests:
- Try to modify the password of a non-existent account. Notice the error message
is shown. Modify the password of an existing account and it succeeds.
- Create an account with username that already exists. Notice that error is
shown. Otherwise, it succeeds.
- Allow the UI to enter short passwords and notice that error is shown properly
during user creation and reset password.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Joseph Nuthalapati <njoseph@riseup.net>
Tests:
- Reset the password of an account successfully. No error is shown.
- Reset the password of a non-existent account. Error is shown.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Joseph Nuthalapati <njoseph@riseup.net>
GitLab wrongly identifies the license of FreedomBox as the non-free
Server Side Public License. A mention of the license in the README
can be useful to clarify this.
Signed-off-by: Joseph Nuthalapati <njoseph@riseup.net>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Both postgres and postgres-contrib package seem to pull the postgres-16 package
ultimately.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Joseph Nuthalapati <njoseph@riseup.net>
[sunil's changes]
- Add copyright information the logo.
- Deluge: undo an unintended change.
- Drop wrapper calls over privileged methods. The new privileged method
decorators make is easy to avoid these.
- Styling updates: docstrings, single quotes for strings, casing for UI strings.
- Drop "DO NOT EDIT" comment for files located in /usr as they are not expected
to be editable by the user.
- Fix 'miniflux' to 'Miniflux' in web client name.
- Overwrite FreedomBox settings onto the existing configuration file when setup
is re-run. This is to ensure that FreedomBox settings take priority.
- Use return value of the miniflux command to raise errors.
- Use pathlib module where possible.
- Move message parsing into the privileged module from views module.
- Resize SVG and PNG logo files for consistency with icon styling.
- Use hypens instead of underscores in URLs and Django URL names.
- Rename miniflux_configure.html to miniflux.html.
- Use base method for minor simplification in backup functional test. Ensure
that the test can be run independently when other tests are not run.
- Update tests to reflect code changes.
- Avoid concatenating internationalized strings so that they can be translated
properly.
Signed-off-by: Joseph Nuthalapati <njoseph@riseup.net>
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
This fixes the problem of running over the limit of ARG_MAX of /bin/sh in the
dev container when copying the files of plinth modules.
Signed-off-by: Joseph Nuthalapati <njoseph@riseup.net>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
