Closes: #2178.
- Don't bother with the redirection to the next page using the ?next= URL
parameter. Always redirect to the home (index) page.
- Show a message that logout was successful.
- Ensure that SSO cookie is removed.
Tests:
- Logout and notice that redirection has been performed to the home page.
- "Logged out successfully." message is shown.
- When logged as a user with a language set, logging out preserves the language
of the user who was just logged out.
- Login. Click logout while having browser developer tool open. Notice that
Logout request has SSO cookie. The response does not have the cookie set. The
next request is to the home page and it does not have SSO cookie in the request.
- Login to tt-rss app that needs SSO to work. Logout from FreedomBox interface
using another page. Refresh the tt-rss page and notice that user was logged out
and redirect to FreedomBox login page.
- Logout. Again, manually visit the URL
https://10.42.0.203/plinth/accounts/logout/. The page is still required to home
page and success is still shown even though the user is already logged out.
- Repeat the logout test as non-admin user.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Fixes: #2069.
Without a listening port, coturn will try to enumerate the non-local IP
addresses and try to listen on them. If coturn is started before network is
fully setup, it finds no usable IP addresses and fails. Furthermore, if IPs are
added to the system, it does not automatically listen on them.
A better approach as advised by systemd NetworkTarget documentation is to listen
on a wildcard address. This does not require network to be online and works well
for IP addresses being added/removed from the system. coturn is itself unable to
make changes to its default listening behavior for backward compatibility.
Tests:
- Freshly install coturn. Observe that listening-ip is properly set in the
configuration file. coturn is listening on 3478, 3479, 5349, 5350. coturn is
listening on ::1 and * addresses instead of individual IP addresses.
- Install coturn without the patch. Apply the patch and restart FreedomBox.
coturn setup will run. listening-ips get added to the configuration file. The
static-auth-secret is not changed from earlier. coturn will be restarted. coturn
is listening on 3478, 3479, 5349, 5350. coturn is listening on ::1 and *
addresses instead of individual IP addresses.
- Install coturn without the patch. Disable coturn. Apply the patch and restart
FreedomBox. coturn setup will run. coturn will not be enabled. coturn will be
running after setup.
- Functional tests pass.
- All ports able to connect using netcat (nc command) with IPv4 (-4 option) and
IPv6 (-6 option).
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Add HTML classes to help with functional testing.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Fixes: #2174.
When HSTS is set, there is no way to override the certificate warnings. LE does
not yet issue certificates for .onion domains. Certificate warnings are
certainly show there. Although browsers don't accept HSTS headers when the
certificate is invalid, it is best be safe and not set them for .onion domains.
Tests:
- Without the patch, on normal and .onion domains, HSTS is set only when using
HTTPS.
- With the patch, HSTS is set only when using HTTPS but only for normal domains
but not .onion domains.
- The patch works when tested with .onion and .ONION hosts.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Cockpit uses WebSockets which won't work without HTTPS. For .onion domains, we
are not explicitly redirecting to HTTPS since TLS is not necessary. Ensure that
Cockpit continues to work with .onion domains by explicitly redirecting to
HTTPS.
Tests:
- Without the patch, on a normal/Onion domain run curl -kv
http://{DOMAIN}/_cockpit/. Redirection does not happen.
- With the patch, on a normal/Onion domain run curl -kv
http://{DOMAIN}/_cockpit/. Redirection happen to https:// occurs.
- Redirection is a with HTTP status code 302, the temporary redirection code.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Fixes: #2173.
When a wget process fails to download an image from Debian wiki for any reason,
fail the whole fetching process so that the users notices it and reruns the
process. Earlier, these were failing silently leading to zero sized images.
Tests:
- Without the change, notice that when wget process is killed during fetching of
images, it leads to incorrect image files (partially downloaded or zero sized
files).
- With or without the changes, killing wget process at other times leads to
fetch process halting indicating that wget in normal cases fails correctly.
- With the change, killing the wget process will lead to an error and the
fetching process stops.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Fail a functional test using assert False. Notice that the screenshot is taken
in ./screenshots directory.
- Pass --splinter-screenshot-dir=foo and notice that the screenshot is taken in
./foo directory.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
pytest_splinter has an issue with creating screenshots when using
session_browser instead of a browser fixture. Implement a workaround.
See: https://github.com/pytest-dev/pytest-splinter/pull/157
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Closes: #2157.
Original author of the app J. Carlos Romero <juancarlos.romero@gmail.com> has
been contacted to see if there is interest in continuing to maintain the app.
There has been no response.
Since the app is not available even in the current stable (Bullseye), few users
are presumably using it on a supported FreedomBox distribution. Any users are
advised to maintain the manually instead of relying on FreedomBox for it.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Without the patch, run torsocks curl -kv http://DOMAIN.onion. Observe that
redirection to https happens.
- Without the patch, run curl -kv http://localhost. Observe that redirection to
https happens.
- With the patch, run torsocks curl -kv http://DOMAIN.onion. Observe that
redirection to https does not happen.
- With the patch, run curl -kv http://localhost. Observe that redirection to
https happens.
[sunil: Perform case insensitive match]
[sunil: Remove capture of domain name match]
[sunil: Strictly check that domain ends with .onion]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Tested-by: Sunil Mohan Adapa <sunil@medhas.org>
Fixes: #2171.
Since systemd version 250, journalctl does not print the header line '-- Journal
begins... --'. To accommodate those changes, read the status log lines
accurately and check that they are not empty.
Tests:
- Run help functional tests on stable, testing and unstable.
- Modify code to not print status logs and notice that the functional test
fails.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Looking for .btn-primary could yield two results when a notification is active
with an action button of type primary. This results in form not getting
submitted properly and test failing with wait timeout. Fix this by making the
lookup for submit button more specific.
Tests:
- Run matrix-synapse functional tests on a fresh container.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
matrix-synapse 1.47.0-2 requires python3-frozendict 1.2-3 or higher. This is
only available in bullseye-backports, testing and unstable but not bullseye.
Allow python3-frozendict to be installed from buster-backports. Further there is
no longer any need to allow packages from buster-backports (on the master
branch). So, drop all those.
Tests:
- On stable/testing, without matrix-synapse and its dependencies installed, run
matrix-synapse functional tests.
- On stable, with older version of matrix-synapse and python3-frozendict, run
unattened-upgrade and notice that matrix-synapse upgrades to latest version.
- Without this patch, run service. Notice the contents of
/etc/apt/preferences.d/51freedombox.pref. When this patch is applied and service
is restarted, upgrades app is setup again and the files contents will change as
expected.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Fixes: #2170.
Starting with Django 2.2.25, re_path behavior has changed. When the regular
expression ends with a '$', a full match is performed with the regular
expression. This breaks the behavior of how we are currently matching the locked
URLs for CAPTCHA based login forms.
Tests:
- All tests are done on Debian stable with Django 2.2.25 and on Debian unstable
with Django 3.2.10.
- Go to home page, click on login link. Enter wrong password three times.
CAPTCHA page is show with URL ending with /locked. Type the correct password and
login will be successful.
- Install tt-rss. Logout. Go to /tt-rss/, redirection will happen to login page.
Enter wrong password three times. CAPTCHA page is show with URL ending with
/locked. Type the correct password and login will be successful.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Install tt-rss. Logout. Visit the /tt-rss link. We will be redirected to the
login page. Login with wrong password 3 times. CAPTCHA is shown. Login with
correct password. Login will be successful.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Currently, with recent version of systemd on host machine, running './container
up' results in the following warning thrown many times. Fix this.
Console mode 'pipe' selected, but standard input/output are connected to an
interactive TTY. Most likely you want to use 'interactive' console mode for
proper interactivity and shell job control. Proceeding anyway.
Tests:
- With systemd version 248 on host machine, run './container up' and notice that
warning is no longer printed.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
In CI tests, when running 'run --list-dependencies', init for ikiwiki fails with
the following error. Fix that.
Exception while running init for <module 'plinth.modules.ikiwiki' from '/builds//freedombox/plinth/modules/ikiwiki/__init__.py'>: Action must exist in action directory.
Traceback (most recent call last):
File "/builds//freedombox/plinth/app.py", line 536, in _initialize_module
module.app = app_class()
File "/builds//freedombox/plinth/modules/ikiwiki/__init__.py", line 61, in __init__
self.refresh_sites()
File "/builds//freedombox/plinth/modules/ikiwiki/__init__.py", line 102, in refresh_sites
sites = actions.run('ikiwiki', ['get-sites']).split('\n')
File "/builds//freedombox/plinth/actions.py", line 95, in run
return _run(action, options, input, run_in_background, False)
File "/builds//freedombox/plinth/actions.py", line 147, in _run
raise ValueError('Action must exist in action directory.')
ValueError: Action must exist in action directory.
Tests:
- Shortcuts for ikiwiki show up properly on the front page after FreedomBox
daemon is restarted.
- Salsa CI no longer show the above error during --list-dependencies.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Closes: #2169.
python3-coverage >= 6.0 requires python3-tomli to be installed when using
pyproject.toml. There is no hard dependency on tomli for the coverage package
perhaps due to its optional nature.
However, python3-toml is not available in Bullseye. So, require a version of
python3-coverage that does not require python3-tomli.
Tests:
- Run git-pbuilder for stable and unstable. Builds were successful.
- Run autopkgtest for stable and unstable. Dependencies were satisfied but there
was an unrelated error during test collection.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- It is reported on the mailing list that first setup operation on the help app
fails. The logs indicate that /usr/share/freedombox/manual directory is not
present on the system. Although this situation does not occur on a normal
installation, catch, log and ignore this error to be safe.
- Also ensure that this static files component is added in post_init so that
basic setup is not at all affected by it.
Tests:
- In the development directory, move doc/manual to doc/manual.bak. Observe that
the error message is printed during initialization but the process continues.
- With the manual directory properly restored, the full help manual is displayed
properly with images.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
