- Currently, there is a bug with section header with Bootstrap 5 migration in
stable. It causes the section headers not to have underline in Debian stable but
only in Debian testing. This is due to the variable --bs-secondar-border-subtle
being defined only in Bootstrap 5.3 (testing) but not in Bootstrap 5.2 (stable).
- The removal of the border is actually reducing visual noise. So, commit to it
by removing the border even on testing. To Increase contrast to the section
headers, increase their font size (but reduce font weight).
Tests:
- In testing and stable VMs, the style is same and as expected.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
Closes: #2484
Tests:
- Functional tests for users app works.
- When updating the user if the delete user is not checked, delete confirmation
dialog is not shown.
- When updating the user if the delete user is checked, delete confirmation
dialog is shown. It can be dismissed and re-shown many times. When confirm
button is clicked, the form is submitted and user is deleted.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Enabling/disabling public share shows and hides the list of groups in share
edit page.
- When loading the share page, if public share is enabled, list of groups is
hidden.
- When loading the share page, if public share is disabled, list of groups is
shown.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Modify or remove the sslCert/sslKey lines in mumble-server.ini. The
diagnostic is failed. After repair, the expected lines are restored,
and the diagnostic is passed.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Tests:
- In testing container, install Mumble. /etc/mumble/mumble-server.ini
has settings for ssl cert and key.
- In stable container, install Mumble. /etc/mumble-server.ini has
settings for ssl cert and key.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
See the spam score for an email sent with these settings:
https://www.mail-tester.com/test-jy6unbdzu
Tests done:
1. Install the email app with version 4, then check out the files:
```
ls -la /var/lib/rspamd/dkim/ ; cat /etc/rspamd/local.d/dkim_signing.conf
total 4
dr-x------ 1 _rspamd _rspamd 50 Jan 1 19:14 .
drwxr-x--- 1 _rspamd _rspamd 16936 Jan 1 20:21 ..
-r-------- 1 root root 1704 Jan 1 19:14 freedombox.local.dkim.key
cat: /etc/rspamd/local.d/dkim_signing.conf: No such file or directory
```
2. Apply the patches and update the app:
```
ls -la /var/lib/rspamd/dkim/ ; cat /etc/rspamd/local.d/dkim_signing.conf
total 4
dr-x------ 1 _rspamd _rspamd 50 Jan 1 19:14 .
drwxr-x--- 1 _rspamd _rspamd 16936 Jan 1 20:22 ..
-r-------- 1 _rspamd _rspamd 1704 Jan 1 19:14 freedombox.local.dkim.key
allow_username_mismatch = true;
sign_authenticated = true;
use_domain = "header";
domain {
freedombox.local {
path = "/var/lib/rspamd/dkim/freedombox.local.dkim.key";
selector = "dkim";
}
}
```
3. Configure example.com as a domain under Name Services, then also change the primary domain in the email app and confirm it completes without errors.
Also see:
```
ls -la /var/lib/rspamd/dkim/ ; cat /etc/rspamd/local.d/dkim_signing.conf
total 8
dr-x------ 1 _rspamd _rspamd 90 Jan 1 21:15 .
drwxr-x--- 1 _rspamd _rspamd 16936 Jan 1 21:17 ..
-r-------- 1 _rspamd _rspamd 1704 Jan 1 21:15 example.com.dkim.key
-r-------- 1 _rspamd _rspamd 1704 Jan 1 19:14 freedombox.local.dkim.key
allow_username_mismatch = true;
sign_authenticated = true;
use_domain = "header";
domain {
example.com {
path = "/var/lib/rspamd/dkim/example.com.dkim.key";
selector = "dkim";
}
}
```
4. Uninstall the app and perform a fresh install, confirm it completes succesfully.
The configurations in /etc/rspamd/local.d/dkim_signing.conf have been
verified to work on a throw-away VPS setup.
Once merged, this should be mentioned here: https://discuss.freedombox.org/t/solved-email-messages-not-signed-with-dkim/2387
Signed-off-by: Benedek Nagy <contact@nbenedek.me>
[sunil: Add comment explaining allow_username_mismatch option]
[sunil: Drop an unused variable, added docstrings]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
The last confirmed issue we had was fixed in Nov 2024, no new issues
have been repoerted since.
Signed-off-by: Benedek Nagy <contact@nbenedek.me>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- Currently, when trying to create PPPoE connection, we get an exception that
dns_over_tls key is not found in the form's cleaned_data. Fix this by not
expecting the field to be present only for PPPoE connections.
Tests:
- Edit a regular Ethernet connection and change the value of DNS-over-TLS to all
the different values and notice that the value is updated as expected.
- Create a regular Ethernet connection with non-default value for DNS-over-TLS.
The value for DNS-over-TLS on the connection set as expected.
- Create/edit/delete of a PPPoE connection works.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- This extra margin was accidentally introduced when migrating to Bootstrap 5
and a generic rule was introduced to add spacing before each section that is not
the first one.
Tests:
- In app pages, icon and title are at the same level.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- So that on slow machines, the tests don't fail.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Closes: #2218.
- When borg can't acquire a lock due to it being busy, any borg operation can
fail. Show a readable message instead of a generic error.
- Also handle errors for archive already existing and archive to be deleted not
existing.
Tests:
- Functional tests for backup app work.
- Creating archive works with proper message. Providing the name of existing
archive shows proper error.
- Deleting archive works with proper message. Open two tabs by clicking on the
delete archive button. Then delete with one and try to delete the it again with
the next one. Proper error message is shown.
- While downloading an archive, delete an archive. Proper error message that
borg is busy is shown.
- Upload archive works. A proper success message is shown.
- Restore backup from archive works. A proper success message is shown.
- Restore backup from file upload works. A proper success message is shown after
upload and after restoration.
- Adding local repository works. A proper success message is shown.
- Adding remote repository works. A proper success message is shown when SSH key
is verified and repository is added.
- Removing repository works. A proper success message is shown.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Closes: #1603.
- This introduces seconds and timezone in the name of the archive. When seconds
are not used in the name, taking backups too quickly on after the other fails as
the names clash.
Tests:
- Taking a backup works and creates the name in the expected ISO time format.
- Changing the timezone and restarting service creates timestamps in that
timezone.
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- When archives are listed using list_archives() method, return datetime objects
instead of pre-formatted strings. datetime objects can be compared easily and
shown in a more human readable format.
Tests:
- Unit tests pass.
- Backups with a future date are ignored when considering recent backup
times (when they logged to console).
- Most recent scheduled backup times are retrieved correctly (when they logged
to console).
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Sending GET requests to the two views by opening theirs URLs in the browser
show a blank page. Actions are not performed.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Currently, in the repository class, if an operation fails, the error messages
from borg are interpreted and re-raised. Everywhere else, the errors are
interpreted. Fix this by wrapping privileged methods at the privileged module
level instead of a context manager at the place of calling.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- So that we write decorators that can handle errors as needed by backups app.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Fixes#2460
Signed-off-by: Joseph Nuthalapati <njoseph@riseup.net>
[sunil: Update the style to provide spacing after tags lines]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
sunil:
- Add explicit dependency on libjs-jquery in janus even though another
dependency brings it in.
- Fix looking for elements before DOMContentLoaded is fired. Since most of the
scripts are added at the end of the page, it might work now, but doing this
properly after DOMContentLoaded allows us to relocate the scripts to the header
of the page and add 'defer' attribute on them.
- Fix issue with IPv6 method getting selected as 'dchp' in networks.js.
- Don't focus on the first element in the form after the page loads. This is bad
for accessibility.
- Fix issue with setting the readonly/required states of IPv4/IPv6 fields on
page load.
- Password fields can now be changed to text fields and vice versa without a
problem. Simplify.
- Fix incorrect repetition of code setting 'show' class in onInvalidEvent().
- Prefer exception getting raised instead of functionality silently failing when
expected elements are not found.
- Use 'const' instead of 'var' wherever possible.
- Prefer .closest() to get to ancestors instead of .parentNode;
- Don't CSS transitions when showing an element, 'transition' CSS property does
not work on 'display' property. Instead they have to implemented on 'height',
'opacity', etc.
- Minor styling changes. Consistent casing. Use arrow styled functions.
Signed-off-by: Joseph Nuthalapati <njoseph@riseup.net>
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Closes: #2476.
- The collapse click logic is triggered when clicking on the schedule button (or
the other buttons). In case of other buttons they do activate eventually but
the schedule button does not activate.
- Solve this properly by making sure that collapse logic is not triggered when
the buttons are clicked.
Tests:
- On stable and testing containers, ensure that collapse works. Collapse/expand
icon works. The three buttons work. And mobile view looks good.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- In current stable and testing, verifying SSH remote hosts using RSA is not
working. After selecting the verified RSA fingerprint, paramiko fails to connect
- A change introduced in paramiko 2.9 lead to failures when connecting to hosts
that have a verified RSA host key[1][2][3]. To fix the issue,
disabled_algorithms must be used to drop some of the other algorithms supported
by the server to force paramiko behavior. A better solution to the problem was
introduced in paramiko 3.2. Both these solutions require careful update to the
code. Considering the utility paramiko provides, the regression annoyance,
effort required for this fix, and the security implications (it is an completely
independent SSH implementation), the library does not seem to be worth the
effort in our case.
- Switch to using sshpass command line utility instead of paramiko library. The
only reason to use paramiko seems that 'ssh' command by default does not allow
us to input password easily while paramiko does.
- Another place where paramiko is being used is to check if a host is already
verified in the known_hosts file. This has been trivially replaced with
'ssh-keygen -F'.
- Exit codes provided by sshpass can replace the specific exception raised by
paramiko.
Links:
1) https://www.paramiko.org/changelog.html
2) https://github.com/paramiko/paramiko/issues/2017
3) https://github.com/paramiko/paramiko/issues/1984
Tests:
- Add a remote backup repository with and without encryption.
- Add remote backup repository with all three types of algorithms.
- Add a remote repository again with wrong password. Authentication error is
properly shown.
- Add a remote backup repository and remove it. Host remains verified. Add a
repository again.
- Add a remote backup repository and remove it. Host remains verified. Change
the fingerprint the /var/lib/plinth/.ssh/known_hosts file. Add a repository
again. A proper error is shown that remote host could not be verified.
- Add a remote backup repository and remove it. Host remains verified. Stop SSH
server on the remote host. A generic error is shown that ssh command on remote
host failed.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- The output of ssh-keyscan scan contain comments that start with '#'. When
these are present, they are incorrectly assumed to be valid keys. Ignore these
lines.
Tests:
- Output of ssh-keyscan with latest OpenSSH in Debian testing contains comments.
Trying to verify the identity of the remove host without the patch fails when
adding remote backup repository. When patch is applied, it works (except RSA
key).
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Currently, if an error occurred during diagnostics, just error
message (without traceback details) was supposed to be shown on the results
page. However, due to a bug in code related to showing repair button, a separate
exception is raised.
- Simplify the code by dropping all custom error display. Instead allow the
generic error display mechanism in the middleware to handle the error. This
keeps the code simple.
Tests:
- Raise an exception in diagnose() method of the 'users' app. Run the
diagnostics for the users app. Notice that Diagnostics app page is shown with
error alert containing full traceback details.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- Show a different message for them.
Test:
- Try to visit page like /plinth/apps/sharing/foo/edit/ where a share named
'foo' does not exist. The common error handling middleware is triggered and an
alert message 'Page not found' with exception trace back is shown.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- These could happen when a user tries to reload a page that only allows POST
requests.
- Or when the generic exception handling logic in the middleware redirects the
user to a page that only allows POST.
Tests:
- Insert a exception in the diagnose() of the 'users' app. Without the patch,
running diagnostics on the users app leads to a blank page. With the patch, the
user is redirected to Diagnostics app page and the original error is shown as a
alert message.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- In addition to the OperationalError, also handle all generic exceptions during
page submit and page load. Redirect to the same page or parent using
breadcrumbs.
- Log exceptions handled by common error middleware so that they are also part
of the system logs.
- Update kiwix test as needed.
- Refactor some test code that is setting up the menu items.
Tests:
- When an error occurs during form POST, the same page is show but with an error
message.
- When an error occurs in an app page during GET, the browser is redirected to
the parent section.
- When an error occurs in apps page during GET, the browser is redirected to the
home page.
- When an error occurs in home page during GET, the error is not handled and
default 500 handle is triggered.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
