SOGo is an open source webmail client and groupware available in Debian.
Make a new FreedomBox app for it to be used with the local
Postfix/Dovecot email server.
SOGo requires a database to store events/tasks as well as user settings. Memcached
is also required for caching.
Users log in with their username (as opposed to username + domain on
Roundcube). The host header seen from the first login will be
associated with the user profile. So, if a user logs into SOGo from
freedombox.local and later configures the email server to use
example.com, they will manually have to edit their account(s) to show
the updated domain.
Authentication is done via openldap. It is possible to authenticate with
apache, however it is limited to http basic auth, so mod_auth_tkt cannot
be used. See: b40d777a86/SoObjects/SOGo/SOGoProxyAuthenticator.m (L137)
Configuring http basic auth in my opinion wouldn't add much to
the user experience. It would actually take away the usage of SOGO's built
in TOTP feature.
SOGo only accepts configurations from /etc/sogo/sogo.conf, other configs
from sogo.d don't get recognised.
Use the sogo icon from upstream source. Update sogo.png and sogo.svg to be the
same image (but resized) that is provided in the upstream source. The previous
image was download from Wikimedia Commons.
Update smtp settings so that messages can be sent
Test result for mail deliverability sent with SOGo: https://www.mail-tester.com/test-pdf2yzy6n
The result shows that the message is not DKIM signed. This seems to be
an issue not specific to SOGo. Mails sent from Thunderbird don't get
signed either.
Tests:
- Install app and log in with a FreedomBox user. Create a new event
titled "Lunch with 🍕 and fries". Confirm the pizza character displays properly.
- Backup the app and uninstall it.
- Restore from the backup, log in and confirm the event gets restored.
To-do:
- test ActiveSync
- create a fail2ban jail
- include the icons in the copyright file
- test sending email in a production setup
- test sieve filters
- write tests
https://salsa.debian.org/freedombox-team/freedombox/-/issues/56
[Sunil]
- App:
- Update icons to be uniform size as all other apps and copyright information.
- Since SOGo is not configured to trust the authentication from Apache, it
does not require FirewallLocalProtection. Remove it.
- Expand app description. Talk about Email Server app.
- Update to match recent tags related changes.
- Make memcached a shared daemon as other processes might use it.
- Added shared daemon for PostgreSQL.
- Don't start services when rerunning setup if the app is currently disabled.
- Don't restart memcached during a restore operation.
- Security:
- Add system security restrictions to the daemon.
- Don't use fail2ban jail. SOGo has a mechanism to lock users for a few
minutes. Use that instead.
- Apache:
- Make /.well-known URLs work by moving their definitions to global section.
- Remove old (<2.4) Apache authorization keywords.
- Simplify, indentation, new line at EOF.
- Manifest:
- Add more tags.
- Add SOGo connector, DAVx5, and GNOME Calendar to list of clients.
- Add 'sogo' to list of service to bring down during backup/restore.
- Privileged:
- Switch from MySQL to PostgreSQL as it is recommended by SOGo.
- Use existing utility to generate database password.
- Use plget and plmerge utilities from gnustep-common package to parse/edit
the configuration instead of augeas which don't have a dedicated lens.
- Don't reset the domain when rerunning setup.
- Ensure that the configuration file has proper ownership and permissions even
when it did not exist previously.
- Add typing information for most methods.
- Remove configuration file after uninstall.
- Configuration:
- Define database URLs for all seven database tables.
- Set calendar default roles as suggested in the installation guide.
- Refresh view automatically every minute to check for new mail.
- Use the mechanism to lock account after failed login attempts.
- Add folder name for Junk folder too explicitly.
- Tests: Add basic functional tests.
Tests:
- Functional tests work.
- Rerunning setup does not change the domain back to the primary domain of the
email server.
- Login works. Sending mail and reading mail works. Creating calendar events and
contact works.
- Changing the domain sets the domain value properly in the configuration file.
Configured domain is shown properly on the form.
- Backup and restore work as expected.
- When configuration file is removed and setup is re-run, then the file is
created with proper ownership and permissions.
- 'systemd-analyze security sogo.service' shows a good score.
Signed-off-by: Benedek Nagy <contact@nbenedek.me>
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Add typing information for init methods Info, Shortcut, and Menu to easily
identify problems.
- Update docstrings for these components.
- Updates test cases to deal with tags instead of short description.
- Update custom shortcuts code to read tags and ignore short description.
- Update API to send tags instead of custom shortcuts.
- OpenVPN special treatment of info.description in Shortcut
Tests:
- All unit tests pass and type checking succeeds.
- All apps show icons with tags in apps and system section.
- In help section cards don't show tags.
- In front page, enabled apps show shortcuts with tags.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Joseph Nuthalapati <njoseph@riseup.net>
- Show a different message for them.
Test:
- Try to visit page like /plinth/apps/sharing/foo/edit/ where a share named
'foo' does not exist. The common error handling middleware is triggered and an
alert message 'Page not found' with exception trace back is shown.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- These could happen when a user tries to reload a page that only allows POST
requests.
- Or when the generic exception handling logic in the middleware redirects the
user to a page that only allows POST.
Tests:
- Insert a exception in the diagnose() of the 'users' app. Without the patch,
running diagnostics on the users app leads to a blank page. With the patch, the
user is redirected to Diagnostics app page and the original error is shown as a
alert message.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- In addition to the OperationalError, also handle all generic exceptions during
page submit and page load. Redirect to the same page or parent using
breadcrumbs.
- Log exceptions handled by common error middleware so that they are also part
of the system logs.
- Update kiwix test as needed.
- Refactor some test code that is setting up the menu items.
Tests:
- When an error occurs during form POST, the same page is show but with an error
message.
- When an error occurs in an app page during GET, the browser is redirected to
the parent section.
- When an error occurs in apps page during GET, the browser is redirected to the
home page.
- When an error occurs in home page during GET, the error is not handled and
default 500 handle is triggered.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
Also, add a click_link_by_href helper function.
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
[sunil: Update some more cases to use the utility function]
[sunil: Keep click() and rename new behavior to click_and_wait()]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- We were using hacky logic of assuming that if a page using the URL
/plinth/sys/..., then it belongs to 'system' section based on the URL match.
This won't work when the URL does not follow this pattern for any reason.
- Instead use the breadcrumbs mechanism which uses menu items and URL names to
determine the section a page belongs to.
Tests:
- Visit page, apps page, system page, help pages, an app page in apps sections,
an app page in system section, backups -> create backup page and notice that the
correct section is highlighted.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- If for some reason, first setup is not completed yet, wait for it to complete.
- Update eventually() method to wait for page load errors to go away.
- If first wizard is already completed, don't try to run it again.
- We can eventually remove waiting for 'setup thread finished' in container
script. But not there yet.
Tests:
- Run transmission tests on a freshly created container.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- When notifications badge is present in navigation bar, that could be confused
for a diagnostics failure. Make the diagnostics failure selector more specific
to avoid this.
- This was caused because of removing .badge-warning/error classes in favor of
.text-bg-warning/danger classes.
Tests:
- Enable ejabberd app and use 'systemctl stop ejabberd.service'. Run system-wide
diagnostics to see a notification with error it and error badge on the
notification icon. Then run functional tests on transmission app which includes
diagnostic tests.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- Tags have important text that is too small and could cause problems with users
with limited vision. Make them regular buttons. Make the buttons shorter and
rounder to resemble previous styling.
- Drop underlining of text in the process.
- In code, don't call them 'badges' anymore.
Tests:
- Run functional tests for tags.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- Keep the badge-{severity} classes as they are meant for convenience of mapping
severity to style.
- Match bootstrap colors to maintain consistency and contrast.
Tests:
- Visually confirm that all the changes effective.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
Fixes an issue where after clicking an app install button (that disables the
button), the app uninstall test is skipped because "App not available in
distribution".
Wait until the app install submit button is not present on the page after
clicking the install button.
Test performed:
- Increased sleep time to 10s in SetupView. The sharing app uninstall
functional test pass.
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
[sunil: Use wait_for_page_update() instead of eventually]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Fixes an issue where app tests teardown fails if app installation fails
or app is not available for distribution.
Tests:
- On Debian Bookworm, all miniflux functional tests are skipped and
there are no errors.
- After running gitweb metadata functional test, the app is disabled.
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- It appears from the functional tests run in Gitlab CI pipelines that visit()
is returning before the page has loaded fully. In the screenshots for help app
test failures, we see gitweb web page.
- To fix this, wait for a proper page load in visit().
- Cleanup syntax, rename the non-existent search class, and mechanism for
matching expected URLs.
- Also refactor waiting for uninstall page in uninstall() method. Using the
wait_for_page_update() method as context processor is more accurate.
Tests:
- Run all functional tests and ensure that there are no errors in visit()
method.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- Currently, after every test we disable the app and re-enable for the next
test. The original purpose of this disabling is to make sure that an app is
disabled after test on it. So, change the scope of disabling the app to ensure
that it is only disabled once after all the tests on the app. This should
improve the run time of the tests.
Tests:
- Run functional tests on bepasty app.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- Many functional test failures in the Gitlab CI pipeline show that uninstall
form was attempted to submitted while still in the app page. After clicking on
the uninstall menu item, we are not waiting for the page to load fully. Fix this
by waiting for page load. This change is expected to fix most of the functional
tests failures in the pipeline.
Tests:
- Ran bepasty functional tests.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
Fixes: #2447.
- When editing an existing wireless connection, SSID field shows as "b'myap'"
instead of "myap". Fix this.
Tests:
- On a machine with a wireless connection, edit the connection. Without the
patch, form show SSID incorrectly. With the patch, it shows the correct value.
- Unit tests in test_network.py pass when run as root.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
Adds ability to run local commands with functional tests.
By default, commands are run locally. It is possible to set remote
host connection parameters from pytest command line, for example:
`--hosts 'fbx@IP' --ssh-identity-file '.container/ssh/id_ed25519'`
For more options, see documentation
https://testinfra.readthedocs.io/en/latest/backends.html#ssh.
Includes a fixture `host_sudo` to run commands as sudo.
Relates to
https://salsa.debian.org/freedombox-team/freedombox/-/issues/2451#note_530752.
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
On user deletion, user's home folder is also deleted. Admins have an
option to avoid deleting user's home by inactivating the user instead.
This commit also removes user deletion buttons from the user's list
page and adds this option to the user edit page. The user's edit form
asks for a confirmation if the user deletion is requested. This change
also means that the confirmation password is now required to delete a user.
Also:
- Add a simple username validation to the privileged actions.
- Functional tests: Create a fixture to login as an admin before every test.
- Functional tests: Add a test to check that SSH passwordless login works
after user is renamed to validate correct SSH related path permissions.
- Privileged tests: Add `test_` prefix to the generated random string which
makes easier to check and cleanup created home folders.
- Minor quote fixes.
Tests performed in stable and testing containers:
- Run all the users module tests twice, no failures in tests.
- When user is the last admin, both "Active" and "Delete user"
checkboxes are disabled.
Closes#2451.
[sunil]
- Refactor the JS code:
- Ensure that DOM elements are lookup after DOM content is loaded.
- Styling changes. Reduce the number of globals, name the global names
somewhat more unique.
- Click the button instead of submitting the form to disable the button.
- Template changes:
- Add a body for the confirmation dialog to talk about disabling the user and
deleting the home directory.
- Change the label of the confirm button to make it more
explicit (recommendation from many UX guides).
- Styling.
- Functional tests:
- Fix visibility checking of an element to use the correct splinter API.
- Simplify clicking the edit user link.
- Minor update to form checkbox help text.
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Tests:
- Change locale to Spanish. Raise an exception in bepasty.privileged.setup().
Try to install bepasty. Without the patch, error is not translated. With the
patch, it is.
- Successful installation of an app shows translated success message.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- When an app install fails, there is a small chance that the failure message is
show in the area where operation spinner is shown. If that happens,
operation.translated_message is accessed from the HTML template. This throws an
exception if the error message that made contains excepted formatting keys.
Example:
"{include_once("/var/www/html/config/config.php");print($CONFIG["dbpassword"] ??
""); }".
- Also change the formatting key {exception_message} to {exception} as this
would help in translation when Notification is shown which has {exception} as
data dictionary value.
Tests:
- In the operation update message such as 'Installing app', insert unexpected
formatting strings. 'Installing app {foo}'. Notice the error without the patch
and how the patch fixes it.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Fixes: #2462.
- When there are field retrievals and subscript based retrievals in the format
string, exceptions are raised. Handle these safely.
- This eliminates are error such as "Notification missing required key during
translation: 'str' object has no attribute 'php");print($CONFIG'". when the
notification message contains
"{include_once("/var/www/html/config/config.php");print($CONFIG["dbpassword"] ??
""); }"
Tests:
- Updated unit tests pass.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Makes it easy to investigate functional test failures as the test are run.
- This will help functional tests that are timing out before failure stack
traces can be shown.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
- Sort tags in the dropdown using user's locale.
- Fix localized tags being used for filtering. This happens when the application
freshly starts and list_tags() is called using user's non-default locale.
- Avoid using element.textContent in JS. Instead use datasets.
- Add functional test for checking localization issues.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
- We are using submenu.url to check for specific URLs and then highlight a menu
item. This is somewhat incorrect due to string search and not generic enough. We
have another mechanism 'active_menu_urls' to perform this. Improve and use this
instead.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
- Don't use title casing, instead use simple capitalization.
- Add some tags.
- Drop outdated tags like 'VoIP', 'IM' while emphasizing 'Audio chat', 'Video
chat', 'Encrypted messaging' instead.
- Try to clarify server vs. web client with tags.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
- Add tags to Info component of apps. Use only English tags for all operations.
Localized tags are used for presentation to the user only. Add tags to all the
apps. Conventions (English):
1. Tags describing use cases should be in kebab case.
2. Protocols in tag names should be in their canonical format.
3. Tags needn't be 100% technically correct. This can get in the way of
comparing apps using a tag. Words that describe use cases that users can
easily understand should be preferred over being pedantic.
4. Tags should be short, ideally not more than 2 words. Avoid conjunctions
like "and", "or" in tags.
5. Avoid redundant words like "server", or "web-clients". Most apps on
FreedomBox are either servers or web clients.
6. Keep your nouns singular in tags.
- Use query
params to filter the Apps page by tags. When all tags are removed, redirect to /apps.
- Add UI elements to add and remove tag filters in the Apps page. Make the UI
similar to GitLab issue tags. Since there are 40 apps, there will be at least 40
tags. Selecting a tag from a dropdown will be difficult on mobile devices. A
fuzzy search is useful to find tags to add to the filter. Allow user to find the
best match for the search term and highlight it visually. The user can then
press Enter to select the highlighted tag. Make tag search case-insensitive.
Make the dropdown menu scrollable with a fixed size. User input is debounced by
300 ms during search.
- tests: Add missing mock in test_module_loader.py
- Add functional tests
[sunil]
- 'list' can be used instead of 'List' for typing in recent Python versions.
- Reserve tripe-quoted strings for docstrings.
- Undo some changes in module initialization, use module_name for logging
errors.
- isort and yapf changes.
- Encode parameters before adding them to the URL.
Tests:
- Tested the functionality of filtering by tag with one tag and two tags.
Signed-off-by: Joseph Nuthalapati <njoseph@riseup.net>
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- We have not yet implemented the main reason they exist. To guide users to
establish reachability with Tor hidden services, Pagekite, Dynamic DNS, etc.
- We now have a 'Next steps' page that talks about configuring network
connections. The networks page linked from here has these steps prominently
listed.
- In the future we will implement a wizard for reachability and these steps will
still be used. However, they don't have to part of first setup. They can add
them as notification and as part of next steps page.
- It is good to have a simplified first setup wizard. It is seldom tested
properly.
Tests:
- Run the first setup wizard by removing /var/lib/plinth/plinth.sqlite3 and
running the service. Notice that the software update step is not shown and
wizard completes successfully.
[vexch: Minor quote fix in functional tests]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- Remove the first setup wizard step to run security upgrades. At the time of
its introduction, it was felt that this is very important. Some things have
changed since then:
- We have mechanism for queuing package operations. Users can now trigger
software updates and start installing apps before that is completed. Or vice
versa. Earlier if the software updates were running, app install used to fail
with an error.
- There were no notifications. Since then we have added 'first setup'
notification for important topics such as Privacy. This step can be replaced
with a notification.
- Automatic diagnostics and a diagnostic to notify of updated packages also
helps bring attention to software updates if they are missed during first
setup.
- A proposed change will re-introduce an advice to run updates in the 'Next
steps' wizard step along with a button trigger it right there.
- The new notification for software updates will bring more attention to running
updates as part of first setup.
- It would be nice not be stuck in the first setup wizard for a long period and
make it look simple. It improves the fun factor of setting up FreedomBox.
- It would present an opportunity to utilize the parallel installation of
apps/updates to the full extent. Although this can also be done by skipping the
progress step after updates are run.
- First wizard steps tend to get less testing.
Tests:
- Run the first setup wizard by removing /var/lib/plinth/plinth.sqlite3 and
running the service. Notice that the software update step is not shown and
wizard completes successfully.
- On stable container, backports step is shown as expected (if not already
enabled).
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
Fixes an error in testing container where installing dependencies for
functional tests wants to uninstall system installed urllib3.
Also minor quotes fixes.
Note that dependencies are upgraded only in new dev environments where
geckodriver is not yet installed.
Tests performed, in both stable and testing containers:
- Run all tests, no upgrade related failures found. There were some
seemingly unrelated test failures in apps: calibre, ejabberd, deluged,
minetest, users, transmission , wordpress, zoph.
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Reload a service if it supports reloading, otherwise restart. Do nothing if
service is not running.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Likely helps: #2271.
When web server restarts we are shown an error page. Trying to lookup and
element in this error page still raises StaleElementReferenceException. However,
if the page was reloaded with driver.visit(), then trying to lookup the old
element does not throw StaleElementReferenceException. Instead the
NoSuchElementException is thrown. For this case, ensure that we stop waiting
appropriately. This is likely to solve the large waits and timeouts when testing
dynamicdns.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Tests:
- Config app description is as expected.
- Config form does not show domain name field anymore.
- Submitting the form with changes works.
- Names app has correct link for configuring static domain name. Clicking it
takes to page for setting domain name.
- On startup, static domian name signal is sent properly if set. Otherwise no
signal is send.
- Change domain name form shows correct value for current domain name.
- Change domain name form sets the value for domain name properly.
- Page title is correct.
- Validations works.
- Add/remove domain name signals are sent properly.
- Success message as shown expected
- /etc/hosts is updated as expected.
- Unit tests work.
- Functional tests on ejabberd, letsencrypt, matrix, email, jsxc, openvpn
- After freshly starting the service. Visiting names app shows correct list of
domains.
- ejabberd:
- Installs works as expected. Currently set domain_name is setup properly.
Copy certificate happens on proper domain.
- Changing the domain sets the domain properly in ejabberd configuration.
- Ejabberd app page shows link to name services instead of config app.
Clicking works as expected.
- letsencrypt:
- When no domains are configured, the link to 'Configure domains' is to the
names app.
- matrix-synapse:
- Domain name is properly shown in the status.
- email:
- Primary domain name is shows properly in the app page.
- Setting new primary domain works.
- When installing, domain set as static domain name is prioritized as primary
domain.
- jsxc:
- Show the current static domain name in the domain field. BOSH server is
available.
- openvpn:
- Show the current static domain in profile is set otherwise show the current
hostname.
- If domain name is not set, downloaded OpenVPN profile shows hostname.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
Tests:
- Config app description is as expected.
- Config form does not show hostname anymore.
- Submitting the form with changes works.
- Names app has correct link for configuring Local Domain Name. Clicking it
takes to page for setting hostname.
- Avahi shows the current .local domain correctly in Names app.
- Change hostname form shows correct value for current hostname.
- Change hostname form sets the value for hostname properly.
- Page title is correct.
- Validations works.
- Pre/post hostname change signals are sent properly
- Success message as shown expected
- hostnamectl shows the set domain
- If domain name is not set, downloaded OpenVPN profile shows hostname.
- Unit tests work.
- Functional tests on names/config/avahi apps work.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- Expose Network Manager per-connection setting for DNS-over-TLS. Support all
four values: default, no, opportunistic, and yes.
- Create a new collapsible section all 'Privacy' for this setting the connection
create/edit form. Strictly speaking this is related to security and censorship
resistance too.
- Don't show the DoT field for PPPoE connection types are DNS servers are not
relevant.
- Show the status of DoT for a connection in the connection status page.
Tests:
- In all Add New Connection forms except PPPoE form, the privacy
section shows up as expected.
- For each value for DoT, create a new connection and set the value for DoT to the
desired value and observe that the connection status page shows DoT to the set
value.
- For each value for DoT, edit an existing connection and set the value for the
DoT to the desired value and observe that the connection status page shows DoT
to the set value.
- Connection status page shows the values for DoT as expected.
- Update the primary Internet connection for the machine. Set the value to 'yes'
and notice that DNS resolutions fail. Set the value to 'opportunistic' or 'no'
and the DNS resolutions pass. In each case, 'resolvectl' shows the correct DoT
value for the connection. When 1.1.1.1 is set as DNS server, all values of DoT
in the connection succeed.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- Method parameters marked with secret_str will not be logged.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
For test cases implemented in derived classes, autouse=True does not seem to
work. These test cases can explicitly request this fixture with the name.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Sometimes <input type='submit'> are used as submit buttons and at other times
<button type='submit'> is used.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
In some cases in the backup page, when trying to restore a backup, the button is
obscured and trying to click it fails. Handle such situations by scrolling the
element into view first and try to click on the element again. Ensure that our
navigation header does not obscure the element when scrolling it into view.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
When a click fails because the element is obscured or out of scroll port, the
fails with ElementClickInterceptedException. This normally fails the test
properly. However, when waiting for a page update, the wait loop silently
swallows the error causing the click failure to be ignored. This later leads to
a timeout waiting for page to be updated.
Handling this error separately and re-raising it ensures that the test fails
with the correct error allowing us to fix the problem.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Repair is run within an operation.
- Diagnostics are run for the app first.
- Call app.repair, then re-run setup if needed.
- Add helper functions for apps or components to store error messages in thread
local storage. These error messages are shown at the end.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
[sunil: Undo minor reformatting, due to automatic tool]
[sunil: Fix passing incorrect Exception argument to operation.on_update]
[sunil: Add full stop at the end of the success message to match install message]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- Allows apps and component to implement custom repair methods.
- Default implementation asks relevant components to repair, and then if
needed, requests re-run setup for the app.
- Component.repair will return True by default, indicating that setup should be
re-run.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
[sunil: Minor docstring styling fixes]
[sunil: Improve tests for repair]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
