- Show them in multiple lines using <pre> like before.
Tests:
- Multiple endpoints are shown in the one line each using <pre> tag.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Fixes: #2563.
Also see
https://salsa.debian.org/freedombox-team/freedombox/-/merge_requests/2740
Test:
- Functional tests for gitweb pass.
- Without the patch, install gitweb and enable it. Restart FreedomBox service.
The error message in #2563 is reproduced. With the patch, the error disappears.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Fixes: #2566.
Thanks to joeDoe for helping with identifying the bug and confirming a fix.
- Currently, when multiple domains are configured, only one certificate is
setup. One domains properly and other domains will end up using the certificate
for the configured domain. This leads to domain validation errors on the
client-side.
- Copy certificates for all domains to /etc/ejabberd/letsencrypt directory
whether they are configured for ejabberd or not.
- Use the new certfiles: directive to provide multiple certificates. Don't use
and remove the old s2s_certfile: directive. Migrate old configuration.
Tests:
- Functional tests for ejabberd work.
- Installing ejabberd freshly works. s2s_certfile: is not present in the
configuration file. certfiles: is present with wildcard for LE certs.
- Install ejabberd without the patch. s2s_certfile: is present and certfiles:
does not contain the wildcard for LE certificates. Apply the patch. Setup is
re-run for ejabberd app and succeeds. s2s_certfile: is removed from
configuration file. certfiles: contains wildcard for LE certificates.
/etc/ejabberd/letsencrypt/ contains certificates for all the configured domains
on the system.
- Adding domain works. Certificate for newly configured domain is copied into
the ejabberd LE cert directory. ejabberd daemon is reloaded. hosts: list is updated.
- Removing domain works. Certificate for the old domain is retained in the
ejabberd LE directory. ejabberd daemon is not reloaded.
- Setting the list of domains works. Old certificates are retained in the
ejabberd LE directory. ejabberd daemon is reloaded. hosts: list is updated.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Run 'make build install'. The new binary is available as
/usr/bin/freedombox-change-password. Running 'freedombox-change-password
tester2' works as expected.
- Providing wrong username show proper error message.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
The HTML attributes of the translation must be the same as English string. Newly
inserted characters lead to 404 page not found errors.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Fixes: #2560.
The HTML attributes of the translation must be the same as English string. Newly
inserted characters lead to 404 page not found errors.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
- Currently, when adding a server, we have an option for 'default route' but
unchecking it does not work. This is due to allowed_peers always containing
::0/0 and 0.0.0.0/0. Fix this by setting the allowed_peers to a value containing
only the IP of the WireGuard network.
Tests:
- When default routing it checked, routing table shows default route for
wireguard device. Traceroute confirms routing through WireGuard network.
- When default routing it unchecked, routing table does not show default route
for wireguard device. Traceroute confirms routing through regular network.
Signed-off-by: Frederico Gomes <fredericojfgomes@gmail.com>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- When an error page is shown during installation/uninstallation, no automatic
refresh of the page happens. Fix this by reloading the page when error is shown.
- When error page is shown, the document.readyState is "interactive" (meaning
that page load is completed but other resources such as images are being
loaded). So, checking for error page is never happening.
- Also when reloading an error page, WebDriverException may happen so use the
wait_for_page_update() utility to perform the page reloads.
Tests:
- Run functional tests for bepasty. When installing the app, stop apache web
server. Let an error page be shown. Then start the server again. Without the
patch, the error page is never reloaded. With the patch, the error page is
reloaded and tests succeed.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Currently when HTMX tries to fetch a page and fails, it silently fails and
does not perform any further operations. So, the installation page is stuck.
This is also leading to functional test case failures.
- Handle errors in page response and errors while making requests and reload the
entire page. This will result in browser showing appropriate error page. User
will understand that the operation has failed.
- Also add HTMX event listeners on the body as shown in HTMX documentation.
Tests:
- Press install. After installation process has started, stop Apache web server.
Without the patch, HTMX fails silently and the installation progress is shown
indefinitely.
- With the patch applied, the connection error page is properly shown.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- If functional tests run fast, daemon will be stopped and started many times.
This is hitting rate limit for some daemons.
Tests:
- Configuration file is created as expected. systemd read the value as shown by
'systemctl show'.
- Mumble functional tests pass without having to insert sleeps.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
- Change theme to 'Book' based on Sphinx pydata theme. It supports dark/light
modes. Looks more modern and better defaults/options.
- Add logo on the top left corner.
- Add menu to go to repository, view page source, edit page source, and report
issue on current page.
- Don't repeat 'FreedomBox Authors' in authors text and copyright text. Show
only once as suggested by the theme.
- Use theme option to show license link instead of overriding the template.
Tests:
- After building the theme, all options work as expected.
- Footer appears as expected.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
- When there is an error writing to certificate files, the umask is not reset
properly. Fix this my using umask context manager from action utils. This could
be core reason behind: #2564.
Tests:
- Changing the domain name creates the file /var/lib/quassel/quasselCert.pem
with the proper permissions of 0o600. If in Quassel app's Let's Encrypt component
the certificate file path is changed, then two files are created on domain name
change. Private key is created with 0o600 permissions and certificate file is
created with 0o644 permissions.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Closes: #2564
Tests:
- Changing the domain name in quassel app page set the expected file
permissions. Changing the value in the code results in file getting created with
changed permissions.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- When we set umask we typically want to change it back to original value after
the operation. Implement a context manager to help with this.
Tests:
- Unit tests pass.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Originally aimed to show server info (public key, endpoints) in a table.
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
[jvalleroy: Remove trailing spaces]
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- When /var/lib/plinth/.ssh is deleted and add remote repository form is
visited, the directory along with SSH key files are created. The .pub file has
the expected comment freedombox@configured_domain.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Tests:
- Provide incorrect passphrase when adding a remote repository. Should show a
message that passphrase is incorrect and redirect back to add remote repository
form.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
- As a safe guard although it should exist because of a prior verification of
SSH key.
- Minor refactor to make the method flatter.
Tests:
- Remove /var/lib/plinth/.ssh and visit add remote repository form. The public
key is displayed in the form. The files in /var/lib/plinth/.ssh are created with
expected permissions.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
- Integrate SSH error handling into borg error handling.
- Move logic to migrate SSH keys into lower levels (Repository class) so that it
can performed at more instances such as when initializing repository. It also
provides better abstraction keeping the view logic simpler.
- Drop ability to mount repository using password. This is important next step
for mounting using systemd unit files.
- Use exceptions to eliminate return value checking.
- Create a special exception for exceptions raised during SSH operations. Raise
this at lower levels and handle these using the common error handler.
Tests:
- Adding a remote repository with key and password authentication works with and
without encryption. Adding works with SSH host key pre-verified works too.
- Trying to add a remote repository with incorrect passpharse fails with the
simplified error message. Redirect happens to add remote repository page. Error
message with SSH host key pre-verified works too. Repository is removed.
- Trying to provide wrong SSH password fails with a simplified error message.
Redirect happens to add remote repository page. Repository is removed.
- Mounting a repository after unmounting it works.
- Mounting a repository with SSH password in its configuration works. Migration
is performed and SSH password is replaced with SSH key file path.
- A schedule for a repository with SSH password runs successfully. An archive is
created. Migration is performed and SSH password is replaced with SSH key file
path.
- SSH identity files are created with plinth:plinth ownership. Private key file
is created with 0o600 permissions and public key file is created with 0o644
permissions.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Tests:
- Adding a remote repository with key and password authentication works with and
without encryption.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
- This makes the functional test focus more on the repository that is added
rather than all remote repositories.
Tests:
- Functional tests for backups app works.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
- Use bootstrapform templates where possible to reduce code.
- Fix incorrect tag for radio button for password authentication.
- Drop borders and instead:
- Style each group as a section. This includes encryption section and
repository path section.
- Utilize the simplicity as passwords fields are not displayed.
- Retain <label> tag so that clicking on it works and it also easier for
accessibility tools.
Tests:
- The option for password authentication works are expected. The fields for
encryption passphrase, ssh password work as before.
- Clicking on form labels focuses the form element.
- Adding a repository with key and password authentication works with and
without encryption.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
- Unlike the case of network forms, for example, there is nothing the user could
infer from a disabled form element. If they see a disabled DNS field, they would
understand that it is an editable value but has been disabled due to other
option values. It is important to allow users to discover this. However, in case
of password fields, they are not needed to be shown to the user unless the
appropriate option is selected.
Tests:
- In the add remote repository form, selecting the authentication type radio
options shows and hides the password field. Selecting the value for encryption
type shows and hides the encryption password field.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Tests:
- In remote repository add form, selecting radio options for authentication
types does not throw an error. The password field is shown/hidden as expected.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Tests:
- Make a privileged method throw and exception after spewing output to stdout
and stderr. The exception caught on the service daemon contains the expected
stdout and stderr messages.
- Sending SIGTERM to privileged daemon shuts down the daemon.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Tests:
- On main branch, add a remote repository with SSH password. Unmount
the remote location.
- Switch to branch with this change. Mount the remote location. Logs
show that it is migrated from password to key authentication. Plinth
database no longer contains password for this remote.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
- Use javascript to disable or enable password fields.
- If SSH key auth is selected, then try the connection.
- If SSH password auth is selected, then copy the key.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
- After copying the SSH client public key to the remote host, replace
the SSH password credential with keyfile.
- Also use SSH key when checking that remote directory exists.
Tests:
- Add remote backup location "tester@localhost:~backups". Test various
operations like create backup, download backup, unmount and
mount. Confirm that SSH password is no longer present in plinth
sqlite database.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- In development VM, add a remote backup location of "tester@localhost:~/backups".
Verify the SSH host key. plinth@freedombox key is listed in
/home/tester/.ssh/authorized_keys.
- Remove the remote backup location, and delete /home/tester/.ssh/authorized_keys.
Add the same remote backup location again. plinth@freedombox key is again
listed in /home/tester/.ssh/authorized_keys.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
