- Currently, if an error occurred during diagnostics, just error
message (without traceback details) was supposed to be shown on the results
page. However, due to a bug in code related to showing repair button, a separate
exception is raised.
- Simplify the code by dropping all custom error display. Instead allow the
generic error display mechanism in the middleware to handle the error. This
keeps the code simple.
Tests:
- Raise an exception in diagnose() method of the 'users' app. Run the
diagnostics for the users app. Notice that Diagnostics app page is shown with
error alert containing full traceback details.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- In addition to the OperationalError, also handle all generic exceptions during
page submit and page load. Redirect to the same page or parent using
breadcrumbs.
- Log exceptions handled by common error middleware so that they are also part
of the system logs.
- Update kiwix test as needed.
- Refactor some test code that is setting up the menu items.
Tests:
- When an error occurs during form POST, the same page is show but with an error
message.
- When an error occurs in an app page during GET, the browser is redirected to
the parent section.
- When an error occurs in apps page during GET, the browser is redirected to the
home page.
- When an error occurs in home page during GET, the error is not handled and
default 500 handle is triggered.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
Fixes an issue where the nslcd configuration option pam_authz_search is not
in effect after the users module setup.
Tests:
- Remove the pam_authz_search configuration option from /etc/nslcd.conf,
restart nslcd service, delete plinth.sqlite database to run first setup
after plinth start, start plinth. Do it twice:
1) before applying patch, users::test_user_states functional test fails.
2) after applying patch, users::test_user_states functional test pass.
- After applying patch, the nslcd service is restarted during module
upgrade.
- All the users module tests pass.
Relates to
https://salsa.debian.org/freedombox-team/freedombox/-/merge_requests/2594#note_565614.
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- It was never intended that breadcrumbs be shown in these pages.
Tests:
- When running first wizard, the busy page, the welcome page, user account
create page, and the next steps page are all shown without breadcrumbs. Same for
login page.
- Other pages which had breadcrumbs earlier continue to show them, that is, app
pages, system pages, help pages, and pages under those.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
Tests:
- All users tests pass.
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
[sunil: Update to reflect the new utility function name]
[sunil: Update some more cases to use the utility]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
This was needed temporarily when migrating from Tor to Tor Proxy
app. But now we should preserve the user's existing configuration
during app upgrade.
Tests:
- Install Tor Proxy version 1. "Download software packages over Tor"
is enabled. Upgrade to Tor Proxy version 2. "Download software
packages over Tor" is still enabled.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Mask disabled Tor systemd services to prevent services starting by the Tor
master service after system reboot.
Also:
- Fix torproxy app always enabled after setup.
- Minor privileged code cleanup - removed unused functions.
Tests performed on Debian stable and testing:
- Installed and disabled the apps, rebooted the system, then applied the patch.
Ensured that apps are upgraded successfully and apps are disabled after
upgrade. Ensured that tor@default, tor@plinth and tor@fbxlocal services are
masked and not running.
- After 1)enabling and 2)disabling both apps and 3)rebooting the system:
- Ensured that the tor@default service is not running and is masked.
- Ensured that tor@plinth or tor@fbxproxy service states match the states
of the app.
- Uninstalled the apps, ensured that only the tor@default service masked
state remains in the systemd.
- All the tor and torproxy tests pass.
Closes#2369, #2454.
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Since Minetest 5.8.0, there is no longer a "default" game, so the
--gameid argument must be used to select a game (from the list at
https://content.luanti.org/packages/?type=game).
Set minetest_game as the default game for FreedomBox. In the future,
we can consider providing a list of popular game IDs, or allow a
custom game ID.
Work around for Debian bug #1090067.
Closes: #2445.
Tests:
- Install Minetest on Debian testing. The service is running. Able to
connect a client to the server.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- Don't show them on section pages: home, apps, system and help pages.
- Tweak the appearance so that home icon is bigger, spacing between crumbs is
larger and to use '>' as separator.
- Change the name of the help menu item to show the value in breadcrumbs.
- Change the URLs for anchors in the help page so that they don't appear as part
of the breadcrumbs.
Tests:
- Section pages: home, apps, system and help pages don't have breadcrumbs.
- Visit various pages. Breadcrumbs are shown and all the links in the
breadcrumbs work as expected.
- Mobile view looks good.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
Closes: #1528.
Closes: #2041.
Closes: #2438.
- In Bullseye and Bookworm the app is not available.
- i2pd (written is C++) is available in Debian, but it is not a drop-in
replacement for i2p. First, it is only a client. Then has a differently
philosophy of not integrating apps inside it and let outside apps connect to it.
If i2pd is ever added to FreedomBox, it has to be added as a new app with no
possibility of migration from an unlikely old setups.
- Updated wiki pages to remove references to I2P.
Tests:
- Looked for all string references to 'i2p'.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Closes: Debian bug #1088760.
- OpenSSL.crypto.sign has been deprecated and in the current version of
python3-openssl in Debian testing, it has been dropped. The recommended
alternative is cryptography.hazmat.primitives. So, use this instead.
- The entire OpenSSL.crypto module is planned to be deprecated in the future.
So, stop using it entirely by using cryptography.hazmat.primitives.
- sso app does not use openssl anymore, so drop dependency on it. Other apps
such as Let's Encrypt do depend on it and but they have their own dependency
declared. The freedombox package on the overall retains on 'openssl' package.
- We are not using the python OpenSSL module anywhere else, so drop dependency
on it.
- Use pathlib to simplify some code.
- Ensure proper permissions on private and public keys as they are being written
to.
Tests:
- Freshly setup container and ensure that first run succeeds. Permission on the
public/private key files and the parent directly are correct. Users are able
login to FreedomBox. SSO works when accessing apps such as transmission.
- Without patches, setup freedombox container. Apply patches. Permission for
keys directory is updated but keys are not overwritten. Login to FreedomBox
works. SSO works when accessing apps such as transmission.
- Run code to perform signatures using old code and ensure that newer code
generates bit-identical signatures.
- Running ./run --list-dependencies show 'openssl' and python3-cryptography.
- Running unit tests works.
- Building debian package works.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Joseph Nuthalapati <njoseph@riseup.net>
- OpenVPN app uses openssl command line. Even though easy-rsa has dependency on
openssl, declare this explicitly.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Joseph Nuthalapati <njoseph@riseup.net>
- Let Encrypt app uses openssl to determine the expiry date of a certificate.
So, declare and explicit dependency on it.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Joseph Nuthalapati <njoseph@riseup.net>
- Use various action utilities to simplify daemon management.
- Instead of writing systemd service file to /etc ship an override file in
/usr/lib/systemd/system/*.d/. deluged and deluge-web both have systemd unit file
shipped. They are very close to what we want from them. Drop the old service file.
- Don't write /etc/default/deluged, it is not used in the systemd unit file.
- App's setup version has not been incremented as it has already been
incremented for the next release.
Tests:
- Fresh install of the app works in testing container. Functional tests work as
expected.
- /var/lib/deluged/config/web.conf is created when deluge-web is started
confirming that the correct configuration path is being used. Also app works on
/deluge web path.
- Old systemd unit file is removed when the setup is run when it is present to
due to deluge installation attempt previously.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- Drop unnecessary code. Bootstrap does not style a:hover or table roes like
before.
- Use default table color variables from Bootstrap to work well with dark mode.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- Custom CSS variables were declared with Bootstrap 4 since it did not use CSS
variables itself. In Boostrap 5, CSS variables are available. Use them to
eliminate custom color definitions. This means that when Bootstrap colors are
changed, custom colored elements will not look different.
- Use color utilities from Bootstratp instead of .processing, .warning, and
.normal.
- Collect more repeated colors into variables. This will make themeing easier.
- Using Bootstrap variables also makes implement dark mode easier.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- In Bootstrap 5, .table-responsive does not seem to set 'width: 100%;'. This
leads to tables getting laid out between the disk name and disk free progress
bar since they are both floating elements. Fix this by using flex layout
instead.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- Bootstrap 5 underlines all links by default. Allow this change without
reverting as this is likely done to improve accessibility.
- In Networks diagram and firewall page, provide exception and remove the
underlining.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- Wrap each app's results in a <section>. Style section to maintain gap with
previous sections.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- A 'row' class is more suitable when we want to use the Bootstrap's 'Grid'
system. Bootstrap 5 sets 'width: 100%' on all children of a .row. So, use a
simpler 'display: flex' instead.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- Also place the body content in <p> for improved semantics and suggested by
Bootstrap.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- Ensure that .sr-only is replaced with newer classes.
- Ensure that icons are present for all alerts.
- Use flex-box for display of icons on the left center of the alert.
- .close has been renamed to .btn-close.
- × is no longer required for close buttons.
Tests:
- Visually verify all the changes by triggering them with code changes.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- We no longer print any passwords in the logs. Remove the wording in the notice
that indicates that we do.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- The form does not have DNS-over-TLS field and trying to set initial value for
it fails.
Tests:
- Load the PPPoE creation form. Without the patch, it fails with an exception.
With the patch it succeeds.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- Keep the badge-{severity} classes as they are meant for convenience of mapping
severity to style.
- Match bootstrap colors to maintain consistency and contrast.
Tests:
- Visually confirm that all the changes effective.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- Check for availability of access_point.strength before using
access_point.strength.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
Closes: #2322.
On Debian stable, mark deluge app as not available because deluge-web is not
working in this distribution.
- Default deluged configuration directory location changed. I didn't do
migration from the old location because deluge app hasn't been working on
Debian stable.
- Make deluge-web systemd service start after deluged service to prevent
Connection Manager popup in deluge-web after system reboot.
Tests performed:
- On Debian stable:
- Deluge app is not installable from the app page.
- All functional tests are skipped.
- On Debian testing:
- All tests pass.
- After reboot, deluge-web service started after deluge service and there
is no Connection Manager popup in deluge web UI.
- Changing torrent download directory works.
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
[sunil: Add type signature to an overridden method]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- So that the page appearance can be easily customized in CSS.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Run diagnostics for nextcloud and notice that there is not check to reach
docker.com.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Should fix issues related to rate limiting on docker.io and improve privacy
for our users.
Tests:
- Install nextcloud, install succeeds. 'podman image list' shows that image is
from registry.freedombox.org.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- When the box shadows are dropped, the cards overlay on those backgrounds is
not pleasant.
Tests:
- MediaWiki functional tests pass.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- When a link on 'Nearby Wi-Fi Networks' page is clicked, a new Wi-Fi connection
page is shown. In this form, the DNS-over-TLS and IPv6 method radio buttons are
not pre-selected with default value. Fix this by setting default values for
them.
Tests:
- On a system with Wi-Fi device, click on 'Nearby Wi-Fi Networks', click on a
Wi-Fi network and go to new Wi-Fi connection creation page. Notice that values
for DNS-over-TLS and IPv6 connection method are filled in. Simply clicking
'Submit' creates the connection.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
Fixes: #1725.
- Show multiple Wi-Fi devices in separate tables so that users can pick them
understanding what they are. Also avoids some confusion related to why APs are
duplicated.
- Request scanning if the last scan time was long ago.
- Show the last scanned time.
- Refresh page in 10 seconds if scan has been requested so that the results of
scan can be shown without user explicitly refreshing the page. Show spinner when
scan has been requested and we are awaiting results.
- Refresh page every 60 seconds in other cases.
- When an SSID can't be decoded into a string, don't show it.
- Don't show hidden networks with no SSID set.
- Improve the styling for signal strength.
- Show a message when no Wi-Fi devices are present.
- Show a message when no Wi-Fi networks are found for a device.
Tests:
- Test on a machine with Wi-Fi device available.
- When page is loaded is for the first time, spinner is shown and refresh
happens in 10 seconds. After refresh if the scan has not completed, again,
spinner is shown and page is reloaded in 10 seconds. Otherwise, spinner is not
shown and page is reloaded in 60 seconds.
- Hidden networks are not shown.
- On a machine with no Wi-Fi devices, 'No Wi-Fi device detected.' message is
shown.
- Clicking on a network takes us to new Wi-Fi network connection page with
'connection name', 'network interface' and SSID filled in correctly.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Tests:
- With a locale that has translation for the 'FreedomBox' source string, check
the following locations have translated string for 'FreedomBox':
- Default backup repository label.
- Firewall app description.
- Network forms for: topology, internet connection type, and router
configuration.
- RSS-Bridge app description.
- TiddlyWiki app description.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- Currently, strength and channel information is not shown for Wi-Fi connections
in connection information page. This is a regression related to handling SSID as
a binary string. Fix this.
- Also fix the styling to not make signal strength too prominent.
Tests:
- On a machine with Wi-Fi network device. Viewing the Wi-Fi connection
information does not signal strength and channel without patch but show with the
patch.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
Fixes: #2447.
- When editing an existing wireless connection, SSID field shows as "b'myap'"
instead of "myap". Fix this.
Tests:
- On a machine with a wireless connection, edit the connection. Without the
patch, form show SSID incorrectly. With the patch, it shows the correct value.
- Unit tests in test_network.py pass when run as root.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
Fixes: #2464.
- This page will act as replacement for the footer links in the home page.
- Remove link to FreedomBox Foundation and add link to Weblate project. We
already have a donate link to the foundation website.
Tests:
- About page is shown as expected. Old 'Learn more' button is no more. So is the
last paragraph.
- Styling is as expected. All the section have equal width.
- All links work.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
