This introduces flake8 and fixes a bunch of flake8 errors.
flake8 is run with: ./venv/bin/flake8 plinth
if you're using a python3 venv.
We can eventually further integrate this with gitlab ci.
https://salsa.debian.org/freedombox-team/plinth/issues/58
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- Implement listening for CacheUpdated notification.
- Configuration to allow only root to trigger the notification.
- Trigger the notification from an apt update hook.
- Retrieve the list of packages available for upgrade and print them to log.
- Add dependency on libglib2.0-bin for the gdbus command line tool.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
This will keep web server de-coupled with service that want to shutdown on exit.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
This will help with modularizing the code as well as abstracting out CherryPy
for potential later replacement.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
While capturing stdout and stderr and automatically logging that to system
logging daemon provides basic information, a lot of information lost in the
process.
This change logs to systemd journal directly so that rich information such as
code file, code function, code line, etc, can be captured in a structured way.
To avoid double logging, discard stdout and stderr in the systemd unit file.
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Instead log only to the console and let daemon wrapper (systemd in Debian) take
the logs from the console and log them to system log. There are many advantages
for logging to system log instead of handling files on our own:
- No need to handle log file rotation. This can be configured in many ways and
we don't have to support that. System's log daemon handles this. Closes#1353.
- Remaining system logs such as sudo and audit logs can be along with FreedomBox
logs for better debugging.
- It is possible to do remote logging based on system logger.
- It is possible to make the logs tamper resistant based on system logger
configuration.
Since timestamp is automatically logged by system log daemon, remove timestamps
from log format. When running on console, timestamps are not very useful.
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Access log is not populated by cherrpy anymore.
- CherrPy does not log WSGI handler requests at all. So the request for HTML
pages actually is never logged. Only static file requests which are hardly
useful are logged.
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
The default upload limit (request size) of cherrypy is 100MB.
When uploading backup archives we need larger files too.
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Use the directory for service custom static files only if it exists.
- This fixes issue with lintian complaining of installing files in /var/www.
Closes#1399
Signed-off-by: Joseph Nuthalapati <njoseph@thoughtworks.com>
- Static files are directly served by the CherryPy web server.
- .gitignore file placed as a placeholder to be able to commit the directory
Signed-off-by: Joseph Nuthalapati <njoseph@thoughtworks.com>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
And re-activate cfg.get_config_paths() for easier testing
Signed-off-by: Michael Pimmer <info@fonfon.at>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Newer versions of Django axes have newly way to get the IP address of a client
using ipware library. This has multiple security issues
https://github.com/jazzband/django-axes/issues/286 . Workaround them by
controlling the X-FORWARDED-FOR header sent from Apache to FreedomBox and by
limiting the headers that ipware uses.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
This is the final change required for Django 2.0 support. Instead of using
MIDDLEWARE_CLASSES use MIDDLEWARE setting. Support for new style middleware was
provided in version 0.3.0, so depend on that version. Django built-in middleware
already supports new style and plinth middleware will now support new style.
The actual semantics of the middleware don't need changes. See:
https://docs.djangoproject.com/en/2.0/topics/http/middleware/#upgrading-pre-django-1-10-style-middleware
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
(django-axes + django-simple-captcha) with sso is working at this point.
Signed-off-by: Joseph Nuthalpati <njoseph@thoughtworks.com>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- clearing ip address correctly is not implemented yet
- currently clearing all ip addresses
Signed-off-by: Joseph Nuthalpati <njoseph@thoughtworks.com>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
User will be shown captcha in the second attempt to login if login
fails in the first attempt.
Signed-off-by: Joseph Nuthalpati <njoseph@thoughtworks.com>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Added all default Django password validators.
Not enforcing special characters.
https://blog.codinghorror.com/password-rules-are-bullshit/
Signed-off-by: Joseph Nuthalpati <njoseph@thoughtworks.com>
Reviewed-by: Johannes Keyser <johanneskeyser@posteo.de>
- Essential modules would be installed by apt as they are already
dependencies of plinth.
- Plinth trying to trigger an installation is unnecessary.
- Plinth installing deb packages might also cause problems with plinth
startup if automatic upgrades are running.
- Added back the --setup option
- setup doesn't run when something else like diagnostics is invoked
Signed-off-by: Joseph Nuthalpati <njoseph@thoughtworks.com>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Capture all Python warnings so that they can shown as part of logging system
on console and in log file.
- Also capture deprecation warnings into logging system if debug mode is
enabled. Current versions of Python disable deprecation warnings by default.
Django 1.11 also follows this approach now.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Johannes Keyser <johanneskeyser@posteo.de>
- Removed key generation for mod_auth_pubtkt from first boot.
- Running setup every time plinth starts so that new essential modules
can be setup properly.
Partially fixes#875
- Remove apps and system modules and merge their views into main views.
- Move main_menu from cfg into menu.py.
- Remove dependencies of other modules on apps and system modules.
- Update tests.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
- Rename AdminMiddleware to AdminRequiredMiddleware to be consistent
with stronghold/Django terminology
- Simplify .gitignore pattern
- Format single line docstrings as per PEP8.
- Add missing docstrings.
- Restrict lines to 79 characters.
