- As a safe guard although it should exist because of a prior verification of
SSH key.
- Minor refactor to make the method flatter.
Tests:
- Remove /var/lib/plinth/.ssh and visit add remote repository form. The public
key is displayed in the form. The files in /var/lib/plinth/.ssh are created with
expected permissions.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
- Integrate SSH error handling into borg error handling.
- Move logic to migrate SSH keys into lower levels (Repository class) so that it
can performed at more instances such as when initializing repository. It also
provides better abstraction keeping the view logic simpler.
- Drop ability to mount repository using password. This is important next step
for mounting using systemd unit files.
- Use exceptions to eliminate return value checking.
- Create a special exception for exceptions raised during SSH operations. Raise
this at lower levels and handle these using the common error handler.
Tests:
- Adding a remote repository with key and password authentication works with and
without encryption. Adding works with SSH host key pre-verified works too.
- Trying to add a remote repository with incorrect passpharse fails with the
simplified error message. Redirect happens to add remote repository page. Error
message with SSH host key pre-verified works too. Repository is removed.
- Trying to provide wrong SSH password fails with a simplified error message.
Redirect happens to add remote repository page. Repository is removed.
- Mounting a repository after unmounting it works.
- Mounting a repository with SSH password in its configuration works. Migration
is performed and SSH password is replaced with SSH key file path.
- A schedule for a repository with SSH password runs successfully. An archive is
created. Migration is performed and SSH password is replaced with SSH key file
path.
- SSH identity files are created with plinth:plinth ownership. Private key file
is created with 0o600 permissions and public key file is created with 0o644
permissions.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Tests:
- Adding a remote repository with key and password authentication works with and
without encryption.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
- This makes the functional test focus more on the repository that is added
rather than all remote repositories.
Tests:
- Functional tests for backups app works.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
- Use bootstrapform templates where possible to reduce code.
- Fix incorrect tag for radio button for password authentication.
- Drop borders and instead:
- Style each group as a section. This includes encryption section and
repository path section.
- Utilize the simplicity as passwords fields are not displayed.
- Retain <label> tag so that clicking on it works and it also easier for
accessibility tools.
Tests:
- The option for password authentication works are expected. The fields for
encryption passphrase, ssh password work as before.
- Clicking on form labels focuses the form element.
- Adding a repository with key and password authentication works with and
without encryption.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
- Unlike the case of network forms, for example, there is nothing the user could
infer from a disabled form element. If they see a disabled DNS field, they would
understand that it is an editable value but has been disabled due to other
option values. It is important to allow users to discover this. However, in case
of password fields, they are not needed to be shown to the user unless the
appropriate option is selected.
Tests:
- In the add remote repository form, selecting the authentication type radio
options shows and hides the password field. Selecting the value for encryption
type shows and hides the encryption password field.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Tests:
- In remote repository add form, selecting radio options for authentication
types does not throw an error. The password field is shown/hidden as expected.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Tests:
- Make a privileged method throw and exception after spewing output to stdout
and stderr. The exception caught on the service daemon contains the expected
stdout and stderr messages.
- Sending SIGTERM to privileged daemon shuts down the daemon.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Tests:
- On main branch, add a remote repository with SSH password. Unmount
the remote location.
- Switch to branch with this change. Mount the remote location. Logs
show that it is migrated from password to key authentication. Plinth
database no longer contains password for this remote.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
- Use javascript to disable or enable password fields.
- If SSH key auth is selected, then try the connection.
- If SSH password auth is selected, then copy the key.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
- After copying the SSH client public key to the remote host, replace
the SSH password credential with keyfile.
- Also use SSH key when checking that remote directory exists.
Tests:
- Add remote backup location "tester@localhost:~backups". Test various
operations like create backup, download backup, unmount and
mount. Confirm that SSH password is no longer present in plinth
sqlite database.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- In development VM, add a remote backup location of "tester@localhost:~/backups".
Verify the SSH host key. plinth@freedombox key is listed in
/home/tester/.ssh/authorized_keys.
- Remove the remote backup location, and delete /home/tester/.ssh/authorized_keys.
Add the same remote backup location again. plinth@freedombox key is again
listed in /home/tester/.ssh/authorized_keys.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Click on Add Remote Backup Location. Logs show that SSH client key is
generated. The private key is readable only by plinth user.
- Go back, and click on Add Remote Backup Location again. Logs show that SSH
client key already exists.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- When a notification dismiss button is clicked, first it fades and collapses
at the same time.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Joseph Nuthalapati <njoseph@riseup.net>
Tests:
- Through code changes, ensure that dist upgrade notification, updated to new
release notification, privacy notification, and app installed notification show
up. Ensure that they have correct hx- attributes and URL property for dismiss
button. Clicking dismiss button works as expected.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Joseph Nuthalapati <njoseph@riseup.net>
- Delete only the <li> of the notification using HTMX.
- Notifications list stays open. User can dismiss another notification.
- Decrement notification counter using JavaScript after removing
notification from the list.
- Added HTMX to every kind of notification.
- Tested dismissing notifications from the top, middle and bottom of the
list.
Signed-off-by: Joseph Nuthalapati <njoseph@riseup.net>
[sunil: Update comment format in .js file]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Tests:
- When app install button is clicked, the new page shows that app is being
installed. However, when app installation is complete, the notification still
shows that app is being installed. With the patch, the issues is resolved.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Display the WireGuard server endpoint (ip_address:listen_port)
alongside the public key on the main WireGuard page,
so users configuring clients can copy both values directly.
Signed-off-by: Frederico Gomes <fredericojfgomes@gmail.com>
[sunil: Keep the docstring]
[sunil: Adjust markup to eliminate <p> inside <p>]
[sunil: Produce a single <pre> tag instead of multiple for multiple domains]
[sunil: Minor refactoring for more concise code]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Tests:
- Install WireGuard and start the server. Uninstall the app and re-install.
Without the patch, the connection remain after uninstall. With the patch, the
connections are removed after uninstall and return to pristine state after
re-install.
- Functional tests succeed.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Display the next available IP address that will be
automatically assigned when adding a new client.
Helps admins know what client IP to provide when configuring client
connections back to this server.
Signed-off-by: Frederico Gomes <fredericojfgomes@gmail.com>
[sunil: Turn the IP address styling into a form element]
[sunil: Update the comment style for consistency]
[sunil: Update the label for clarity]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Container usage docs have been updated to be in line with
merged request !2731.
Signed-off-by: Frederico Gomes <fredericojfgomes@gmail.com>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Adds explicit UI flow to generate server keypair and interface.
- New EnableServerView
- Conditional 'Start Server' button on main page when no wg0
- Button switches to 'Add Client' after server setup
Solves circular dependency UX issue when connecting two FBs
EDIT: Following review feedback, I removed the intermediate
confirmation page.
The “Start WireGuard Server” button now sends a POST
directly from the main page.
Signed-off-by: Frederico Gomes <fredericojfgomes@gmail.com>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
[jvalleroy: Change from TemplateView to View]
[jvalleroy: Remove redundant import]
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
