Tests performed:
- The diagnostics app page and individual app diagnostics pages have
app names.
- When the app name is missing (the apache app), app id is shown instead.
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
Fixes the problem when the app throws an error when running diagnostics,
the app's diagnostics page shows an html 500 error and on the diagnostics
app page, only an excpetion message is shown without other apps diagnostics.
(I encountered this when the network app diagnostics threw an exception
because of a particular network configuration.)
Tests performed:
- Checked that an app diagnostics page and the diagnostics app shows
all info correctly.
- Modified the networks app diagnostics code so that it throws an exception.
Checked that the app diagnostics page shows an exception message and
the diagnostics module shows all the apps and the networks app section
shows an exception message.
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
[sunil: Re-add removed relevant comment]
[sunil: Remove ability to dismiss the exception message, not much gain for user]
[sunil: Remove unnecessary redundant if condition in template]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Skip setup the snapshots app if the filesystem type is btrfs
but / is not a btrfs subvolume. For example, this may happen in
containers where / is a bind mounted btrfs filesystem.
Closes#1994
Tests performed:
- Install freedombox on a lxc container inside Pioneer-FreedomBox.
(In a container, / is a bind mounted btrfs filesystem). The snapshot app
setup is skipped.
- Install freedombox inside dev container (which uses btrfs filesystem
image). The snapshot app setup succeeds.
- Install freedombox inside container that uses a host directory as a base
and the filesystem is ext4. The snapshot app setup is skipped.
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
[sunil: Add comment explaining the check, fix a flake8 message]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Closes: #1981
Closes also most of threads in !1952.
Signed-off-by: Fioddor Superconcentrado <fioddor@gmail.com>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Closes#1989
I checked that all Samba tests pass.
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
[sunil: Minor indentation and styling fixes in template]
[sunil: Prevent multiple HTML attributes with same name in case of vfat]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Related to
https://salsa.debian.org/freedombox-team/freedombox/-/merge_requests/1957
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
[sunil: Fix name of the fixture method copied from other code]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
A new function called `user_group_view` has been added to
restrict access to only users in the groups "vpn" and "admin".
Some changes are made in AdminRequiredMiddleware to handle this.
Signed-off-by: Joseph Nuthalapati <njoseph@riseup.net>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
This is the first functional test which tests the permissions of a
non-administrator user in a group.
Some changes had to be made in the form shown in users module for this
to work. The id of each checkbox in the "Permissions" section is now
predictable based on the name of the group. For example, the id of the
checkbox for the group "vpn" is `id_group_vpn`. Changes are also made in
`CheckboxSelectMultipleReadOnly` form class for consistency, though it
is not being used by this functional test.
Some utility functions for functional tests have been moved out of users
module to be usable by other app modules for testing group permissions.
One additional utility function to skip creating user if it already
exists has been added. Not using this function wouldn't break the test
but using it saves some time.
Changed password format string to use `S` instead of `w` to support
special characters in password.
Signed-off-by: Joseph Nuthalapati <njoseph@riseup.net>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
A user in this user group will be able to download and use an .ovpn
profile to connect to the OpenVPN server on the FreedomBox.
Signed-off-by: Joseph Nuthalapati <njoseph@riseup.net>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Helps: #1938
It also corrects the transliteration of another tooltip.
Signed-off-by: Fioddor Superconcentrado <fioddor@gmail.com>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Setup is now run as a post installation step.
Signed-off-by: Joseph Nuthalapati <njoseph@riseup.net>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Debian Buster has easyrsa 3. Since we're nearing Bullseye now, it is
safe to asssume that most users are already using easyrsa 3.
The code to do the upgrade is 2 years old already. Removing it.
Signed-off-by: Joseph Nuthalapati <njoseph@riseup.net>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Moved uwsgi and uwsgi-plugin-python3 from radicale and searx to apache.
Fixes: #1501
Signed-off-by: Onurb <onurb8966@gmail.com>
[jvalleroy: Move uwsgi managed service to apache app]
[jvalleroy: Also update bepasty app]
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Set domain name during app setup
- Improve tests for settings. Prefer to call functions in plinth which invoke
actions than test actions directly.
- Also, '$wgServer' is not a domain name since it also includes the protocol.
- Add domain selection form. Make server url a text input field.
- Added a functional test to set the value of server url to the value provided
by FREEDOMBOX_URL before doing running any other tests.
- Make server url setting a pre-requisite.
Signed-off-by: Joseph Nuthalapati <njoseph@riseup.net>
[sunil: Squash commits as they were fixing themselves]
[sunil: Simplify configuration reading]
[sunil: Use 'server_url' terminology consistently]
[sunil: cosmetic: Minor styling]
[sunil: Update test_settings.py to use fixture pattern]
[sunil: Remove seemingly incorrectly used aria-describedby attribute]
[sunil: Don't rely solely on env variable value in functional tests]
[sunil: Fix issue with http/https mismatch when checking site availability]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Tests:
- When running on unstable, the form is disabled.
- When can_dist_upgrade() returns True, the option is selectable again.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
- Setting is stored in kvstore.
- Enable for new installs, and once when upgrading from version
without flag.
- Split action subcommands for activating backports and for performing
dist upgrade.
Tests:
- Dist upgrade is enabled by default in stable container.
- Dist upgrade is disabled by default in testing container.
- Enable dist upgrade. Dist upgrade is attempted periodically.
- Disable dist upgrade. Dist upgrade is no longer attempted.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
[sunil: kvstore need to be locally imported anymore, import as usual]
[sunil: Minor changes to comments for PEP compliance]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Helps: #1938.
- Translate various states passed in by Network Manager:
- Device state
- Device state reason
- Device type
- Firewall zone
- IPv4/IPv6 connection method
- Wireless mode
- forms.py: Move zones list to network.py, reuse in views.py.
Testing:
- Yapf applied.
- Flake8 without errors or warnings for changed files.
- (Unit) tests run without errors.
- Screnshots attached to #1938.
Signed-off-by: Fioddor Superconcentrado <fioddor@gmail.com>
[sunil: Add strings for many more states]
[sunil: Don't allow None to be selected as firewall zone]
[sunil: Drop forced_literals.py as it reduces modularity of the code]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- It is incorrect to say that group membership is needed to administer calibre.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- This is the link open by the desktop application when donate button is hit.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Helps: #1938.
Fixed application of available translations in daemon.py and apache,
diagnostics, networks, firewall and users modules.
diagnostics:
- __init__.py: return the app name along its results.
- diagnostics.html: display the app name instead of its id.
- diagnostics_results.html:
- mark for translation,
- apply class to results <td> HTML tag.
main.css: center-align the results.
Locale files excluded. Will be regenerated automatically and translations to be
done via Weblate.
original testing (rebased later):
- Yapf applied.
- Flake8 without errors or warnings for changed files.
- (Unit) tests run without errors.
Signed-off-by: Fioddor Superconcentrado <fioddor@gmail.com>
[sunil: Translate 'None' app name]
[sunil: Don't translate tests strings second time in template]
[sunil: Tweak the center rule]
[sunil: Don't split a translation string]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Closes: #1939.
- Force a delay before returning the upgrade result to allow upgrade to kick in.
Otherwise when the flow returns, get_context_data() creates the context too
early and finds the upgrade not yet busy, causing the refresh loop to miss it.
The page renders static and the user gets no clue to the upgrade executing in
the background.
Signed-off-by: Fioddor Superconcentrado <fioddor@gmail.com>
[sunil: Retain the styling for the remainder of the page]
[sunil: Re-style the status section as a simple web-page]
[sunil: Drop unused running-status CSS styles]
[sunil: Rename CSS variables, minor changes to color values]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
[sunil: Undo a minor isort refactor in searx]
[sunil: Change the menu label to 'Donate']
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Containers specific case: if total memory taken from cgroups is lower
than system memory taken from psutil, calculate memory usage based on
information from cgroups. The formula idea is taken from
https://github.com/moby/moby/issues/40727#issuecomment-604155288Closes#1780
Tests performed:
- In a non-container environment, filled the memory 90%
```
stress-ng --vm-bytes $(awk '/MemAvailable/{printf "%d\n", $2 * 0.9;}' \
< /proc/meminfo)k --vm-keep -m 1
```
and ensured that correct notification is shown.
- In a container, if no memory limitations are set, notifications are
based on host memory usage
- In a container, if memory limits are set
```
systemctl set-property systemd-nspawn@fbx-testing.service MemoryMax=200M
```
ensured that the notification is shown and is calculated based on
cgroups.
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
[sunil: Fix i18n for notification message]
[sunil: Drop unnecessary type conversion]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Process can be tested by upgrading to testing:
$ sudo ./actions/upgrades --develop --test-upgrade
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
[sunil: cosmetic: isort fixes]
[sunil: Restore BACKPORTS_REQUESTED_KEY that was accidentally removed]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- Trying to create another admin user using the first boot wizard will certainly
fail.
- Show the list of admin users in the system so that they an be deleted and
creation of admin by first boot wizard can continue.
- If existing account can already work (such as when Plinth and LDAP entries
exist) allow skipping the step.
- Since the scenario is mostly like encountered only during advanced usage and
not for most regular users, the technical nature of solutions is okay.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
This change prevents the plinth user to become a superuser without
knowing an admin password.
Users module and action script:
- User credentials are now required for the subcommands: create-user,
set-user-password, add-user-to-group (if the group is admin),
remove-user-from-group (if the group is admin), set-user-status,
remove-user (if the removed user is the last admin user.
Note: the web UI doesn't allow to delete last admin user).
- subcommand remove-users requires authentication if the user is last
admin user. Password must be provided through standard input.
- subcommand remove-group: do not allow to remove group 'admin'
- User credentials must be provided using the argument
--auth-user and a passsword must be provided through standard input.
- If there are no users in the admin group, no admin password is
required and if the --auth-user argument is required, it can be an
empty string.
Users web UI:
- An admin needs to enter current password to create and edit a user
and to change user's password.
- Show more detailed error text on exceptions when submitting forms.
- Show page title on the edit and create user pages.
Users unit and functional tests:
- Added a configuration parameters to the pytest configuration file
to set current admin user/password.
- Added a configuration parameter 'ssh_port' to the functional tests.
You can overwrite this with the FREEDOMBOX_SSH_PORT environment
variable. Modified HACKING.md accordingly.
- Added an unit test:
- test changing the password as a non-admin user.
- test invalid admin password input.
- test that removing the admin group fails.
- Capture stdout and stderr in the unit tests when calling an action
script to be able to see more info on exceptions.
- Added functional tests for setting ssh keys and changing passwords
for admin and non-admin users.
- Added a functional test for setting a user as active/inactive.
Changes during review [sunil]:
- Move uncommon functional step definitions to users module from global. This is
keep the common functional step definitions to minimal level and promote when
needed.
- Minor styling changes, flake8 fixes.
- Don't require pampy module when running non-admin tests. This allows tests to
be run from outside the container on the host machine without python3-pam
installed.
- Call the confirm password field 'Authorization Password'. This avoid confusion
with a very common field 'Confirm Password' which essentially means retype
your password to ensure you didn't get it wrong. Add label explaining why the
field exists.
- Don't hard-code /tmp path in test_actions.py. Use tmp_path_factory fixture
provided by pytest.
- Remove unused _get_password_hash() from actions/users.
- Undo splitting ldapgid output before parsing. It does not seem correct and
could introduce problems when field values contain spaces.
Tests performed:
- No failed unit tests (run with and without sudo).
- All 'users' functional tests pass.
- Creating an admin user during the first boot wizard succeeds.
- Creating a user using the web UI with an empty or wrong admin
password fails and with the correct admin password succeeds.
- Editing a user using the web UI with an empty or wrong admin
password fails and with the correct admin password succeeds.
- Changing user's password using the web UI with an empty or wrong
admin password fails and with the correct admin password succeeds.
- Above mentioned user action script commands can't be run without
correct credentials.
- Adding the daemon user to the freedombox-share group succeeds when
installing certain apps (deluge, mldonkey, syncthing, transmission).
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
[sunil: Move uncommon functional step definitions to users module from global]
[sunil: Minor styling changes, flake8 fixes]
[sunil: Don't require pampy module when running non-admin tests]
[sunil: Call the confirm password field 'Authorization Password']
[sunil: Don't hard-code /tmp path in test_actions.py]
[sunil: Remove unused _get_password_hash() from actions/users]
[sunil: Undo splitting ldapgid output before parsing]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Tests:
- Without these changes, with Quassel not-installed, change the domain name.
Notice that certificate events for Quassel fails due to missing domain
information.
- With these changes, with Quassel not-installed, change the domain name. Notice
that certificate events for Quassel don't result in any actions.
- With these changes, when Quassel is installed, certificate is properly setup
for a domain.
- With these changes, with Quassel installed, change the domain name. Notice
that certificate events for Quassel succeed.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Without these changes, with Coturn not-installed, change the domain name.
Notice that certificate events for Coturn fails due to missing domain
information.
- With these changes, with Coturn not-installed, change the domain name. Notice
that certificate events for Coturn don't result in any actions.
- With these changes, when Coturn is installed, certificate is properly setup
for a domain.
- With these changes, with Coturn installed, change the domain name. Notice that
certificate events for Coturn succeed.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
