Age | Commit message (Collapse) | Author |
|
Since HTTP cookies may not overwrite HTTPS ("secure") ones, users are
frequently unable to log into LuCI when a stale, "secure" `sysauth` cookie
is still present in the browser as it commonly happens after e.g. a
sysupgrade operation or when frequently jumping between HTTP and HTTPS
access.
Rework the dispatcher to set either a `sysauth_http` or `sysauth_https`
cookie, depending on the HTTPS state of the server connection and accept
both cookie names when verifying the session ID.
This allows users to log into a HTTP-only LuCI instance while a stale,
"secure" HTTPS cookie is still present.
Requires commit 2b0539ef9d ("lucihttp: update to latest Git HEAD") to
function properly.
Fixes: #5843
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Instead of granting complete ubus access under the active sysauth session,
implement the ubus-rpc authorization mechanism and make the ubus proxy
endpoint unauthenticated.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
There is always more vpn services. To make the LuCI menu look cleaner, a
new top level menu "VPN" will be added with this commit. All luci-app-*
that have something to do with VPN should move to this new menu entry.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
|
Properly handle ubus POST requests exceeding the default chunk size
and fix a possible nil dereference when rejecting incoming requests
due to bad JSON message framing.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Add an admin/ubus route mimicking the native uhttpd-mod-ubus protocol.
The main difference to the native protocol is that this gateway requires
no additional per-object/procedure ACL setup on the router side and that
it is located under the same prefix as LuCI itself, allowing the reuse
of the session login cookie.
This route is meant to be a transitional mechanism until client side
RPC calls are eventually migrated to uhttpd-mod-ubus completely.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Add a button to each row in the wireless assoclist table to allow
disconnecting clients using the ubus del_client method if the underlying
radio interface supports it.
Ref: https://github.com/openwrt/luci/pull/2271
Submitted-by: Wang805447391 <805447391@qq.com>
[move deauth function to luci-base next to the existing assoclist function,
require post security, fix parameter check condition, hide button if not
supported by the radio, disable button after call, squash commits, fix
whitespace, reword subject, add commit message]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Add a new /admin/translations/ endpoint which exposes the loaded system
translations as JavaScript file.
Once referenced by <script>, the endpoint will create a `window.TR` object
containing the entire translation string table for use on the client side.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Signed-off-by: Kyle Rogers <7157021+kyle30312@users.noreply.github.com>
|
|
After this change, luci-base will render the first module or application
page installed on the system, instead of rendering a "Component not found"
message when the status category is unavailable.
This allows for single-purpose LuCI installations like e.g. luci-base with
luci-app-travelmate which only presents application specific views without
any of the standard system pages.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Move some common elements to luci-base, and otherwise make three
packages out of status, system, and network. They were mostly
separated already, but there were some shared elements between
status and network that are now in luci-base.
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
|
|
Per the discussion in https://github.com/openwrt/luci/issues/869, make
luci-base sufficient to login, logout, and review and apply or revert
uci changes. This allows most luci-app-xxx to work without having
luci-mod-admin-full installed.
It has been tested with some apps and not luci-mod-admin-full, as well
as with luci-mod-admin-full (to make sure the usual case doesn't break).
Instead of creating a new module namespace (e.g. 'Base') we reduce the
opportunities for breakage by having luci-base take over the 'shell' of
the 'Administration' (admin/....) namespace.
Since admin is assumed by all current building LuCI components (including
Freifunk), this doesn't introduce the 'Administration' tab into any
situation where it would not already be present (but includes it where it
was before).
We also add a "Component not installed" page to avoid fatal errors and
backtrace when e.g. luci-mod-admin-full is not installed.
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
|
|
Switch to rpcd based uci apply/rollback workflow which helps to avoid soft-
bricking devices by requiring an explicit confirmation call after config
apply.
When a user now clicks "Save & Apply", LuCI first issues a call to uci apply
which commits and reloads configuration, then goes into a polling countdown
mode where it repeatedly attempts to call uci confirm.
If the committed configuration is sane, the confirm call will go through and
cancel rpcd's pending rollback timer.
If the configuration change leads to a loss of connectivity (e.g. due to bad
firewall rules or similar), the rollback mechanism will kick in after the
timeout and revert configuration files and pending changes to the pre-apply
state.
In order to cover such rare cases where a lost of connectivity is expected
and desired, the user is offered an "unchecked" apply option after timing
out, which allows committing and applying the changes anyway, without the
extra safety checks.
As a consequence of this change, the luci-reload mechanism is now completely
unsused since rpcd uses ubus config reload signals to reload affected
services, which means that only procd-enabled services will receive proper
reload treatment with the new workflow.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Switches the service reload calls to CSRF token protected POST action.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
|
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
|
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
|
* Rename subdirectories to their repective OpenWrt package names
* Make each LuCI module its own standalone package
* Deploy a shared luci.mk which is used by each module Makefile
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|