- Secret is important for various functions of Django. There is no impact on
existing installations due to the change. Improves the security of existing
functions in minor ways and will be useful in future usage of Django.
- Create the file in /var/lib/plinth/ with 0o600 permissions.
- Make git ignore the file in code folder.
- Don't copy the file during './setup.py install' operation.
Impact to users after upgrade:
- All existing sessions will get logged out. This is because SECRET_KEY is used
to generate user session hash that is used to logout users when their password
changes.
Tests performed:
- Run development version of service. File should get created in
data/var/lib/plinth/django-secret.key. Permissions should be 0o600.
- Run again, the file should not be overwritten. Printing
django.conf.settings.SECRET_KEY should match the one in the file.
- Run `setup.py install`. This should not install django-secret.key in
/var/lib/plinth.
- Run `sudo -u plinth plinth`. This should create the secret key file in
/var/lib/plinth/django-secret.key. Permissions on the file should be 0o600.
Ownership should be plinth:plinth.
- Remove the file in both cases, a fresh new file should get created with new key.
- Truncate the file to less than 128 chars, the existing file should get
overwritten with new key.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- This is completely reworked but based on /Developer page in the FreedomBox
Manual.
- This documentation can be made available as static site on
https://docs.freedombox.org and the /Developer page in the FreedomBox Manual
can be dropped.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Signed-off-by: Joseph Nuthalapati <njoseph@riseup.net>
[sunil@medhas.org Have common top level makefile for building manual]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Create option --include-functional to run functional tests. Otherwise, they
are disabled by default. If pytest-bdd is not installed, functional tests are
not discovered at all.
- Make pytest-django discover the setting files by creating dummy manage.py in
top level directory.
- Make pytest run as './setup.py pytest'. Add alias from './setup.py test'. This
requires pytest-runner package.
- Merge .gitignore files from functional_tests/
- Update gitlab-ci.yml to run tests with coverage using pytest.
- Update HACKING.md to suggest using py.test-3 instead of old way of running.
Merge functional tests README.md into HACKING.md.
- Remove execution wrapper runtests.py as pytest-django is able to configure
Django settings before execution of tests. Update tests to explicitly ask for
Django database as database access is denied by default.
- Replace usage of python3-coverage with python3-pytest-coverage. Execution
wrappers are not required.
- Add build dependencies on pytest modules.
- Let all warnings be shown after running tests.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Created basic plinth app which starts an introducer and a storage
node on the FreedomBox.
- Prompt user to set a domain name before creating Tahoe-LAFS nodes.
- Support adding and removing of introducers to the storage node.
- Serve Tahoe-LAFS from a different port.
- Start all nodes and introducers at system startup.
- Add utility class YAMLFile with test cases.
- Install mod_auth_pubtkt and generate public/private key-pair.
- Redirect user to login page if no cookie is presented.
- Add check for authenticated user for login page.
- Temporarily switched to DSA because of a bug in mod_auth_pubtkt
which causes it to accept only DSA and not RSA. Also had to use SHA1
instead of SHA256.
- Enabled SSO for Syncthing, Repro and TT-RSS.
- Using tokens to authorize by user groups.
- Generate keys during first boot.
- Rename AdminMiddleware to AdminRequiredMiddleware to be consistent
with stronghold/Django terminology
- Simplify .gitignore pattern
- Format single line docstrings as per PEP8.
- Add missing docstrings.
- Restrict lines to 79 characters.
The generated TODO file is very limted in scope and gives a wrong
impression to a potential contributor. We have worked towards a central
TODO list for the entire project scrapping all other TODO lists.
Redirect the contributor to that list.
- Implement coverage functionality as a setuptools Command subclass
(in plinth/tests/coverage/test_coverage.py)
- Register the new 'test_coverage' command in setup.py
- Modify the INSTALL file to specify python3-coverage as a new dependency
- Modify the HACKING file to document the new 'test_coverage' command
- Have git (via .gitignore) ignore the '.coverage' output data file and
the contents of the 'plinth/tests/coverage/report' directory
- Store users using Django user/group/permission model
- Database is data/plinth.sqlite3 instead of data/user.sqlite3
- Use Django auth context processors in templates
The makefile has three new targets:
1. hosting: Publish repository and automagically build the archives to
serve to clients.
2. current-checkout.tar.gz: Create an archive of the current project
directory.
3. current-repository.tar.gz: Create an archive of the current project
directory along with the source repository metadata so that the
archive is a full checkout of the project.
