Directory /etc/php/7.4 became available before php7.4-fpm became available.
Handle this by checking the run time socket of the fpm daemon instead of the
directory.
Discussed and tested in
https://discuss.freedombox.org/t/mediawiki-service-unavailable/711/23
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Get rid of tabs in the app page.
Tests performed:
- enable/disable app
- check that links to the external site work
- check that links to the external site are disabled if app is disabled
- i2p functional tests pass
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
If the user chooses to skip the network topology wizard, then there is no need
to show the router configuration wizard step. Skip it.
We may want to skip other wizard step too. However, those can be dealt later.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
If during the first wizard, the user selects that they are not behind a router,
then don't show the router configuration wizard.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
After user selects that they are behind the router, we need to show the router
configuration wizard step. Only after this should be show the Internet
connection type step.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Signed-off-by: Nektarios Katakis <iam@nektarioskatakis.xyz>
[sunil: Use the term 'network topology' consistently]
[sunil: Properly title case the <h1> title]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Signed-off-by: Nektarios Katakis <iam@nektarioskatakis.xyz>
[sunil: Use the term 'network topology' consistently]
[sunil: Minor grammer fix, and spacing for i18n]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
This should help with FreedomBox getting authorizations to access firewalld
D-Bus API for polkit versions > 0.105 where polkit local authority is not
available.
Helps #1728.
Tests performed:
- Install policykit-1 version 0.105. Something like apt install
policykit-1=0.105-26 libpolkit-agent-1-0=0.105-26 libpolkit-gobject-1-0=0.105-26
- Visit privoxy page. See internal networks warning with all the interfaces
listed properly.
- Visit firewalld page, view list of apps and services properly.
- Enable privoxy, see the port opened in firewalld page.
- Disable privoxy, see the port closed in firewalld page.
- Run diagnostics for privoxy see that ports' diagnostics results pass.
- Add Debian experimental to /etc/apt/sources.list. apt update. Then install
policykit-1 version 0.116. apt install -t experimental policykit-1.
- Repeat all above tests.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
Add a comment explaining when .pkla file is used and when the .rules file is
used.
Tests performed:
- Install policykit-1 version 0.105. Something like apt install
policykit-1=0.105-26 libpolkit-agent-1-0=0.105-26 libpolkit-gobject-1-0=0.105-26
- View list of network connections.
- Add a network connection.
- View a network connection's details page.
- Delete a network connection.
- Add Debian experimental to /etc/apt/sources.list. apt update. Then install
policykit-1 version 0.116. apt install -t experimental policykit-1.
- Repeat all above tests.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- Improves template security as methods of the app object can't be called from
within templates.
Tests performed:
- Visit a few app pages.
- For each of the following template files, ensure that 'app' variable is not
used:
- app.html
- All templates that extend app.html
- Templates included from the above templates.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- Eliminate issue with collapsed navbar's drop-down menu text color when the
width is exactly 768px or less than 320px.
- Remove redundant footer's position: relative rule.
Tests performed:
- Change the browser width to 768px, the navbar is not collapsed and drop down
menu text color is black on white background.
- Change the browser width to 767px, the navbar is collapsed and drop down menu
text color is white on blue background.
- Change the browser width to less than 320px, the navbar is collapsed and drop
down menu text color is white on blue background.
- Footer on the main page and remaining pages is unchanged at <320px, =767px and
>= 768px.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
Tests performed:
- Go to backups page.
- Take a backup and see it listed in list of repositories.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
Tests performed:
- Visit diagnostics app.
- Run diagnostics for all apps.
- Go to privoxy app and run diagnostics.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
Tests performed:
- Visit networks main view to list network connections.
- Add an Ethernet connection, view it and delete it.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
Tests performed:
- Visit help main view by visiting URL /plinth/help/.
- Visit pages: about, manual, get support, submit feedback, contribute.
- Download manual.
- Raise an exception in a view, visit the view in non-develop mode, see the
status log.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
If at least one related service/daemon is not running, show the alert if app
is enabled, otherwise set alert as hidden (for functional tests).
Closes#1752
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
[sunil: Minor code simplification in app template, status section]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Reduces the probability that plinth gives an error 500 because
the database is locked.
Test performed:
1) Lock the database:
> sqlite3 data/var/lib/plinth/plinth.sqlite3
sqlite> PRAGMA locking_mode = EXCLUSIVE;
sqlite> BEGIN EXCLUSIVE;
2) Visit plinth/apps/
3) Only after 30s plinth logs an exception:
django.db.utils.OperationalError: database is locked
Closes#1786
Related to #1443
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
[sunil: Move the timeout value to settings module as it is static]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
transmission-deamon creates the directory if it doesn't exist.
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Action script:
- must not be root when validating directory
- return only first validation error
- Directory selection form, transmission, deluge:
show the download path as it is in the configuration,
the path is resolved only on form submit.
- Tests: add relative path checks, refactor parametrize code
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Make first wizard steps for router configuration and Internet connection type
private. Since they run after the admin user page, the steps can run for logged
in users.
- Add option to the Internet connection type wizard, to let the user say that
they don't know the type. This allows them to have a stress-free first setup
experience. The option can act as if they have don't have public IP address at
all. This is an extension of the proposed user experience.
- Implement class based views for simplicity.
- Update various IDs for consistency (even though other IDs in the networks
module don't conform).
- Iron out inconsistent terminology. Setup vs Configuration, Help vs. Wizard,
etc.
Tests performed:
- Run first boot wizard from the beginning. Notice that both the wizard steps
appear properly after the user login step (without permission denied problems).
When not logged in, accessing the wizard steps with URL should redirect to login
page.
- During first boot wizard, select 'Skip this step' in both the steps after
selecting non-default options. Values set should be default options as confirmed
from networks page.
- During first boot wizard, select non-default values, the values should be set
properly as confirmed from networks page.
- From the networks page select each value of the wizard. The option should get
saved properly.
- In case of Internet connection type, when the wizard values changes, the
networks page should reflect the value properly. This should also show properly
after skipping the step during first boot.
- During first boot, the default value for Internet connection type should be 'I
don't know' and router configuration should be 'Not configured'.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Nektarios Katakis <iam@nektarioskatakis.xyz>
Shadowsocks is unable to read its own configuration file because it
doesn't have read permissions to the file.
Signed-off-by: Joseph Nuthalapati <njoseph@riseup.net>
[jvalleroy: Add comment about security concerns]
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Currently, sessions are created as files in /var/lib/plinth/sessions. If a user
does not logout, the sessions remains there ever after expiry. Cleanup these
accumulating files by running a cleanup job every week.
Adding django.contrib.sessions to apps list necessary to ensure that
'clearsessions' management command is available. This creates an empty database
table for session storage but is harmless.
Tests performed:
- When run with the change for first time, migration is run for
django.contrib.sessions app.
- Change the scheduled interval to 30 seconds in the code. Login as a user. A
new session file is created in data/var/lib/plinth/sessions. Forward the system
clock by at least 2 weeks. The session expires. Within 30 seconds the file is
also removed.
- Login, then remove the django-secret.key. In 30 seconds we see a message that
the session data is corrupt. Advance the clock by at least 2 weeks. The session
file is removed and the message about session data is no longer printed.
- Repeat for system level plinth after `./setup.py install` and `sudo -u plinth
plinth`.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Secret is important for various functions of Django. There is no impact on
existing installations due to the change. Improves the security of existing
functions in minor ways and will be useful in future usage of Django.
- Create the file in /var/lib/plinth/ with 0o600 permissions.
- Make git ignore the file in code folder.
- Don't copy the file during './setup.py install' operation.
Impact to users after upgrade:
- All existing sessions will get logged out. This is because SECRET_KEY is used
to generate user session hash that is used to logout users when their password
changes.
Tests performed:
- Run development version of service. File should get created in
data/var/lib/plinth/django-secret.key. Permissions should be 0o600.
- Run again, the file should not be overwritten. Printing
django.conf.settings.SECRET_KEY should match the one in the file.
- Run `setup.py install`. This should not install django-secret.key in
/var/lib/plinth.
- Run `sudo -u plinth plinth`. This should create the secret key file in
/var/lib/plinth/django-secret.key. Permissions on the file should be 0o600.
Ownership should be plinth:plinth.
- Remove the file in both cases, a fresh new file should get created with new key.
- Truncate the file to less than 128 chars, the existing file should get
overwritten with new key.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
