- Set domain name during app setup
- Improve tests for settings. Prefer to call functions in plinth which invoke
actions than test actions directly.
- Also, '$wgServer' is not a domain name since it also includes the protocol.
- Add domain selection form. Make server url a text input field.
- Added a functional test to set the value of server url to the value provided
by FREEDOMBOX_URL before doing running any other tests.
- Make server url setting a pre-requisite.
Signed-off-by: Joseph Nuthalapati <njoseph@riseup.net>
[sunil: Squash commits as they were fixing themselves]
[sunil: Simplify configuration reading]
[sunil: Use 'server_url' terminology consistently]
[sunil: cosmetic: Minor styling]
[sunil: Update test_settings.py to use fixture pattern]
[sunil: Remove seemingly incorrectly used aria-describedby attribute]
[sunil: Don't rely solely on env variable value in functional tests]
[sunil: Fix issue with http/https mismatch when checking site availability]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
The temporary file is sometimes not flushed to disk by the time the PHP
command is called. This makes the password file empty and breaks the
installation.
Signed-off-by: Joseph Nuthalapati <njoseph@riseup.net>
- Setting is stored in kvstore.
- Enable for new installs, and once when upgrading from version
without flag.
- Split action subcommands for activating backports and for performing
dist upgrade.
Tests:
- Dist upgrade is enabled by default in stable container.
- Dist upgrade is disabled by default in testing container.
- Enable dist upgrade. Dist upgrade is attempted periodically.
- Disable dist upgrade. Dist upgrade is no longer attempted.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
[sunil: kvstore need to be locally imported anymore, import as usual]
[sunil: Minor changes to comments for PEP compliance]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Process can be tested by upgrading to testing:
$ sudo ./actions/upgrades --develop --test-upgrade
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
[sunil: cosmetic: isort fixes]
[sunil: Restore BACKPORTS_REQUESTED_KEY that was accidentally removed]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
This change prevents the plinth user to become a superuser without
knowing an admin password.
Users module and action script:
- User credentials are now required for the subcommands: create-user,
set-user-password, add-user-to-group (if the group is admin),
remove-user-from-group (if the group is admin), set-user-status,
remove-user (if the removed user is the last admin user.
Note: the web UI doesn't allow to delete last admin user).
- subcommand remove-users requires authentication if the user is last
admin user. Password must be provided through standard input.
- subcommand remove-group: do not allow to remove group 'admin'
- User credentials must be provided using the argument
--auth-user and a passsword must be provided through standard input.
- If there are no users in the admin group, no admin password is
required and if the --auth-user argument is required, it can be an
empty string.
Users web UI:
- An admin needs to enter current password to create and edit a user
and to change user's password.
- Show more detailed error text on exceptions when submitting forms.
- Show page title on the edit and create user pages.
Users unit and functional tests:
- Added a configuration parameters to the pytest configuration file
to set current admin user/password.
- Added a configuration parameter 'ssh_port' to the functional tests.
You can overwrite this with the FREEDOMBOX_SSH_PORT environment
variable. Modified HACKING.md accordingly.
- Added an unit test:
- test changing the password as a non-admin user.
- test invalid admin password input.
- test that removing the admin group fails.
- Capture stdout and stderr in the unit tests when calling an action
script to be able to see more info on exceptions.
- Added functional tests for setting ssh keys and changing passwords
for admin and non-admin users.
- Added a functional test for setting a user as active/inactive.
Changes during review [sunil]:
- Move uncommon functional step definitions to users module from global. This is
keep the common functional step definitions to minimal level and promote when
needed.
- Minor styling changes, flake8 fixes.
- Don't require pampy module when running non-admin tests. This allows tests to
be run from outside the container on the host machine without python3-pam
installed.
- Call the confirm password field 'Authorization Password'. This avoid confusion
with a very common field 'Confirm Password' which essentially means retype
your password to ensure you didn't get it wrong. Add label explaining why the
field exists.
- Don't hard-code /tmp path in test_actions.py. Use tmp_path_factory fixture
provided by pytest.
- Remove unused _get_password_hash() from actions/users.
- Undo splitting ldapgid output before parsing. It does not seem correct and
could introduce problems when field values contain spaces.
Tests performed:
- No failed unit tests (run with and without sudo).
- All 'users' functional tests pass.
- Creating an admin user during the first boot wizard succeeds.
- Creating a user using the web UI with an empty or wrong admin
password fails and with the correct admin password succeeds.
- Editing a user using the web UI with an empty or wrong admin
password fails and with the correct admin password succeeds.
- Changing user's password using the web UI with an empty or wrong
admin password fails and with the correct admin password succeeds.
- Above mentioned user action script commands can't be run without
correct credentials.
- Adding the daemon user to the freedombox-share group succeeds when
installing certain apps (deluge, mldonkey, syncthing, transmission).
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
[sunil: Move uncommon functional step definitions to users module from global]
[sunil: Minor styling changes, flake8 fixes]
[sunil: Don't require pampy module when running non-admin tests]
[sunil: Call the confirm password field 'Authorization Password']
[sunil: Don't hard-code /tmp path in test_actions.py]
[sunil: Remove unused _get_password_hash() from actions/users]
[sunil: Undo splitting ldapgid output before parsing]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
This change prevents the plinth user to set the ssh-keys without
knowing the user password.
- Debian: added new dependency python3-pampy to authenticate users.
- Added additional required parameter --auth-user to the
'actions/ssh set-keys' command. A password should be
provided through STDIN.
Tests performed:
- running 'actions/ssh set-keys' with empty or wrong admin credentials
fails.
- running 'actions/ssh set-keys' with correct admin credentials
succeeds.
- running 'actions/ssh set-keys' with correct non-admin credentials
succeeds if the --username is the same user.
- running 'actions/ssh set-keys' with correct non-admin credentials
fails if the --username is a different user.
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Certificate can be setup for a single domain at a time in Mumble. So, allow the
user to choose the domain purely for this propose even though Mumble can work
with multiple domains. Tell Let's Encrypt to work with this domain.
Tests:
- Without Mumble installed, change the domain name. Notice the mumble related
certificate events are ignored.
- Install Mumble, a TLS domain is automatically selected. Certificate is setup
for that domain.
- Ensure at least two domains are setup in the system. See the list in the
Mumble app page. Choose a non-default domain. Domain should change and cert
should be setup for that domain.
- Go to config app and change the domain. Mumble domain should get set to a
different domain and cert should get updated.
- Install mumble without these changes. Apply the changes and start FreedomBox.
Mumble app should get upgraded and certificate should get setup for a domain.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Allow read access by URL by default.
Tests:
- Installing bepasty fresh show the default permissions as read.
- Upgrading bepasty from older version when default permissions are none sets
the default permissions to read.
- Upgrading bepasty from older version when default permissions are not none
retrains the permissions.
Signed-off-by: Joseph Nuthalapati <njoseph@riseup.net>
[sunil: Don't relocate setup() method]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Tested-by: Sunil Mohan Adapa <sunil@medhas.org>
- This will allow us to remove the code needed for force upgrading. Upgrade code
can be dropped after a while.
- This will ensure that all our users have a single configuration format which
will make future testing easier.
- We can notify the users of a single overwrite now and be assured that in
future, the overwrites of configuration will not happen.
- We don't have to monitor for changes to configuration files in future version
of the package.
- Keep old configuration as a backup file and restore a pristine copy with
--reinstall and --force-confmiss.
Tests:
- Install the app freshly. Configuration file is unchanged, new config snippets
are created. App is running.
- Install the app with code before new configuration changes. Notice that old
configuration format is used. Then switch the code to a branch with current
changes. Setup is automatically executed. The package is reinstalled. After
re-installation, the main config file is restored. Configuration snippets exist.
value of public registration and domain is preserved. Backup file exists with
previous configuration contents.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Tested-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Also add ability restore missing configuration files during reinstall.
- Reinstall is useful for restoring the original configuration files of the
package.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Now it is possible to change default branch when editing a repository.
Gitweb site shows default branch as a main branch and the 'git clone'
command checks out to default branch.
Added unit and functional tests. Splitted one large 'test_actions'
into multiple tests.
Tests performed:
- All gitweb unit and functional tests pass.
- Created a repository from a remote repository which has default
branch other than master. Confirmed that the 'Edit repository'
page shows correct branch and gitweb site shows this branch as
a default branch
Closes#1925
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Prevent leaking private info through Tor onion service or Pagekite.
Tests:
- When starting plinth, apache setup is run. Status module is
disabled, and apache2 is restarted.
- sunil: After upgrade, status page is not available.
- sunil: mod_status is available in stable (2.4.38-3+deb10u3) and
testing/unstable (2.4.46-1).
Closes: #1935.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Tested-by: Sunil Mohan Adapa <sunil@medhas.org>
- Stick to a subset of allowed configuration file syntax (full syntax). Only KEY
= VALUE statements are allowed. Values can be full JSON (valid python).
- Use augeas to read as key/value pairs and then parse the values in JSON.
- Add convenience methods to read and write configuration files.
- Read the entire configuration file in a single action.
- Internationalize the permission strings displayed to the user.
- Pass password during remove-password operation via stdin instead of command
line.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Joseph Nuthalapati <njoseph@riseup.net>
- Since a password without any permissions is not useful.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Joseph Nuthalapati <njoseph@riseup.net>
Since radicale 1.x is only in Stretch (oldstable), remove code that
was added to support that version and migration from 1.x to newer
versions.
Keep the fix for missing log path as the fix is not available in Buster yet.
Tests:
- Ran functional tests in testing container. Manually tested logging
in to web interface and creating a calendar.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
[sunil: Add back the fix for missing log path]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
GPT scheme has two mostly identical partition table headers. One at the
beginning of the disk and one at the end. When an image is written to larger
disk, the second header is not at the end of the disk. Fix that by moving second
partition to end of the disk before attempting partition
Tests:
- Unit tests run as root work.
- On A64-OLinuXino board, boot with eMMC and UEFI image. The partition does not
expand on initial setup. Trying to manually expand in storage app fails. Apply
patch. Manual expansion works.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Also, set 'username' and 'keys' arguments for the ssh action
script as required.
Tests performed:
- Setting and deleting ssh keys for the 'tester' user via
web interface works.
- trying to set keys for the root user
`./actions/ssh set-keys --username root --keys abc`
fails with an error.
- trying to get root user keys fails
`./actions/ssh get-keys --username root`
- running ./actions/ssh get-keys and set-keys without parameters
shows required arguments.
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
I tested that ikiwiki functional tests pass and running the command
`sudo ./actions/ikiwiki delete --name '../'`
returns an error and does not delete any directory.
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
New API was introduced in ruamel.yaml 0.15.0:
https://yaml.readthedocs.io/en/latest/api.html
Set allow_duplicate_keys to true to avoid error when parsing
ejabberd.yaml.
Tested ejabberd install on unstable, testing, and stable.
Closes: #1888.
Additional tests:
- Install the app. It will contain configuration related to LDAP and SSL
certificates.
- Add a domain to FreedomBox it will show up in the configuration.
- Add a domain that is already present in the configuration file. It will not be
added again.
- Enable/disable MAM. The configuration is updated accordingly.
- Login via JSXC and send simple messages across two users.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Tested-by: Sunil Mohan Adapa <sunil@medhas.org>
Tests:
- Run with new code. Setup is run for upgrades modules.
/etc/apt/preferences.d/51-freedombox-apps.pref contains the changes for
python3-attr.
- On stable. apt policy python3-attr shows version 19.3.0-3~bpo10+1 is the
preferred version.
- On stable, installing matrix-synapse leads to installation of python3-attr
=19.3.0-3~bpo10+1.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- On unstable and testing:
- Ran functional tests for upgrades.
- Ran actions "upgrades setup" and "upgrades setup-repositories".
- On testing:
- In develop mode, activated backports.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- 50freedombox4.pref handles freedombox package from current
backports. Whenever upgrading to a new Debian release, backports can
be activated for the new release, and will always include the
freedombox package at the start.
- 51freedombox-apps.pref handles apps, and each entry is particular to
a Debian release. For example, after bullseye release, entries from
bullseye-backports can be added, and entries from buster-backports
can be removed.
Tests:
- In testing container, run setup in development mode. Apt preferences
files have the expected content.
- In stable vagrant box, install deb with these changes. Apt
preferences files have the expected content.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- If backports is for older release, then it can be activated again to
upgrade to latest release. (Plan is to make this automatic, but
leave the manual option as a fallback.)
- Security notice still shown if older backports are enabled.
Tests:
- On Buster system, change distribution in
/etc/apt/sources.list.d/freedombox2.list to
stretch-backports. Updates page shows button to activate backports
again. Activate and check the source list to confirm that it has
buster-backports again.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Tests:
- Build deb and install in buster image. Manually remove backports
sources file. Security page does not show backports notice. Updates
page shows button to activate backports.
- Activate backports from updates page. Success message is shown and
button to activate backports is removed. Security page shows
backports notice.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Uses lsb-release which is a dependency of unattended-upgrades.
Closes: #1844.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
[sunil: Minor change to the printed message]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Run `apt-get --fix-broken install` before installing package or manual
update. This will attempt to correct broken dependencies.
Tests:
- Install a package without its dependencies using `dpkg -i`.
- Both app install and manual update successfully recover from this
situation.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Not all disks can be ejected. For example, SATA disks can't be ejected. However,
they can be removed as long as all filesystems are unmounted properly. Ignore
errors during ejecting of a disk.
Closes: #1597.
Tests performed:
- In VirtualBox, attach a SATA disk, format it with two partitions. See them
auto-mounted by FreedomBox. Eject one of the partitions, both partitions are
unmounted but operation does not fail despite SATA disks not being eject-able.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
In ed09028fcd2c850c3b87b65de66187b214190150, when eject was made to run as
superuser inside storage action, parsing of the error messages was not handled
properly. Fix it to show simple error messages about why the eject was not
successful.
Tests performed:
- In a terminal, switch to the directory where a disk is mounted to keep the
mount point busy. Attempt to eject the disk. A large stack trace is shown
without the patch and a clean error message is shown with it.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Do not enable/start service during package install/upgrade
- Configure needrestart to skip restarting service
Closes: #1638.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
[sunil: Provide proper regex string in needrestart configuration with qr()]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- Avoid introducing dependency on dpkg-vendor.
Tested:
- Install a base-files package from Ubuntu. Change
/etc/dpkg/origins/default to point to it. Running the
setup-repositories action does not create the backports list in apt
sources.
Closes: #1654.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
