schleuder-web issueshttps://0xacab.org/schleuder/schleuder-web/-/issues2024-03-11T19:17:52Zhttps://0xacab.org/schleuder/schleuder-web/-/issues/101Package schleuder-web as a gem2024-03-11T19:17:52ZngPackage schleuder-web as a gemfor easier distributionfor easier distributionhttps://0xacab.org/schleuder/schleuder-web/-/issues/128Show key summary after import2023-11-14T08:54:01ZpazShow key summary after importAfter key(s) have been uploaded, the flash message should show the key summary (which includes a possible expiration) about each imported key.
Those details will be provided by the API daemon after schleuder!425 has been merged.After key(s) have been uploaded, the flash message should show the key summary (which includes a possible expiration) about each imported key.
Those details will be provided by the API daemon after schleuder!425 has been merged.5.0.0pazpazhttps://0xacab.org/schleuder/schleuder-web/-/issues/126Run test suite with Ruby 3.12022-09-13T14:51:30ZpazRun test suite with Ruby 3.15.0.0pazpazhttps://0xacab.org/schleuder/schleuder-web/-/issues/127Upgrade to rails 72022-09-13T14:51:17ZNinaUpgrade to rails 75.0.0NinaNinahttps://0xacab.org/schleuder/schleuder-web/-/issues/125Drop support for Ruby 2.5+2.62022-09-11T18:24:00ZpazDrop support for Ruby 2.5+2.6Should be noted in the README, too.Should be noted in the README, too.5.0.0pazpazhttps://0xacab.org/schleuder/schleuder-web/-/issues/124Proper product version tags of schleuder-web2022-03-21T16:43:32ZAndreas SchleiferProper product version tags of schleuder-webCan we get proper version tags of schleuder-web?
In the end I want to package this for archlinux and while I can pin it hard to a commit hash, I think it would be more "clean" if there were proper version tags of schleuder-web like `3.6...Can we get proper version tags of schleuder-web?
In the end I want to package this for archlinux and while I can pin it hard to a commit hash, I think it would be more "clean" if there were proper version tags of schleuder-web like `3.6.0`.https://0xacab.org/schleuder/schleuder-web/-/issues/123Is schleuder-web compatible with schleuder 4.x.x?2021-12-08T15:43:14ZAndreas SchleiferIs schleuder-web compatible with schleuder 4.x.x?The README of this repository explicitly talks about schleuder 3.
Is this just out of date in the README or is this really only working with schleuder 3?The README of this repository explicitly talks about schleuder 3.
Is this just out of date in the README or is this really only working with schleuder 3?https://0xacab.org/schleuder/schleuder-web/-/issues/122web interface unusable due to multiple 'undefined method' errors2021-06-09T14:32:39ZRoberto Sotoweb interface unusable due to multiple 'undefined method' errorsHello, i have finally managed to install _schleuder_ and configured it to work through the _cli_.
However _schleuder-web_ is unusable past the first screen as many actions break because of internal server errors.
Looking at the logs, th...Hello, i have finally managed to install _schleuder_ and configured it to work through the _cli_.
However _schleuder-web_ is unusable past the first screen as many actions break because of internal server errors.
Looking at the logs, they turn out to be **undefined methods** in code.
I'm copying here some logs for example:
- GET /subscriptions/1
```
[2021-06-08T16:41:38.305505 #18] FATAL -- : [ee1288a5-2471-41f2-af2c-713b91db926a]
[ee1288a5-2471-41f2-af2c-713b91db926a] ActionView::Template::Error (undefined method `summary' for #<Key:0x000056388ab8dfd0>):
[ee1288a5-2471-41f2-af2c-713b91db926a] 1: - if key.trust_issues.blank?
[ee1288a5-2471-41f2-af2c-713b91db926a] 2: = link_to key.summary, list_key_path(@list, key), class: key_css_classes(key)
[ee1288a5-2471-41f2-af2c-713b91db926a] 3: - else
[ee1288a5-2471-41f2-af2c-713b91db926a] 4: = link_to list_key_path(@list, key), title: key_trust_title(key), class: key_css_classes(key) do
[ee1288a5-2471-41f2-af2c-713b91db926a] 5: = key.summary
[ee1288a5-2471-41f2-af2c-713b91db926a]
[ee1288a5-2471-41f2-af2c-713b91db926a] app/views/keys/_key_oneline.html.haml:2
[ee1288a5-2471-41f2-af2c-713b91db926a] app/views/subscriptions/show.html.haml:63
```
- GET /lists/1/edit
```
[70a55337-0724-4be1-9722-f629aed9cfa4] ActionView::Template::Error (undefined method `munge_from' for #<List:0x000056388a672668>):
[70a55337-0724-4be1-9722-f629aed9cfa4] 16: %fieldset
[70a55337-0724-4be1-9722-f629aed9cfa4] 17: %legend Message control
[70a55337-0724-4be1-9722-f629aed9cfa4] 18: = checkbox f, :keep_msgid, "Pass incoming Message-IDs to outgoing messages? This enables threading in Mail-clients and helps to identify messages."
[70a55337-0724-4be1-9722-f629aed9cfa4] 19: = checkbox f, :munge_from, "Include the original sender's email address into the From header of outgoing messages? If this is enabled recipients can see who sent the email before decrypting the content. Some people like that, but be aware that this puts information into the open which otherwise might have been hidden (depending on the encryption of the messages)."
[70a55337-0724-4be1-9722-f629aed9cfa4] 20: = checkbox f, :set_reply_to_to_sender, "Set a Reply-To header to outgoing messages, which contains the originally incoming Reply-To value, or the incoming From value? If this is enabled replies will by default be sent to this email address instead of to the list. PLEASE BEWARE: this might result in ACCIDENTALLY REVEALED EMAIL ADDRESSES of subscribers even to non-subscribers!"
[70a55337-0724-4be1-9722-f629aed9cfa4] 21: = f.input :max_message_size_kb, hint: "Emails bigger than this will be rejected (measured in kilo-bytes.)"
[70a55337-0724-4be1-9722-f629aed9cfa4] 22: = f.input :headers_to_meta, hint: "One header-name per line. Case-insensitive.", as: :text
```https://0xacab.org/schleuder/schleuder-web/-/issues/121bundle install failing because of dependency on deprecated mimemagic 0.3.52021-06-08T21:46:58ZRoberto Sotobundle install failing because of dependency on deprecated mimemagic 0.3.5Hello, i'm installing schleuder-web from the ansible automation script suggested in the docs.
Install is failing at the task where it **bundle install**s schleuder-web because it depends on **mimemagic 0.3.5** which is no longer availab...Hello, i'm installing schleuder-web from the ansible automation script suggested in the docs.
Install is failing at the task where it **bundle install**s schleuder-web because it depends on **mimemagic 0.3.5** which is no longer available.
```
Your bundle is locked to mimemagic (0.3.5) from rubygems repository
https://rubygems.org/ or installed locally, but that version can no longer be
found in that source. That means the author of mimemagic (0.3.5) has removed it.
You'll need to update your bundle to a version other than mimemagic (0.3.5) that
hasn't been removed in order to install
```
Looking at the gem here, I suspect it to be the dependency of a dependency.
So please help me find out where is it to be updated
Thanksgeorggeorghttps://0xacab.org/schleuder/schleuder-web/-/issues/102Validate email address for account request2021-03-18T12:19:41ZngValidate email address for account requestWhen signing up for a new account we do not validate for a valid emailaddress at the moment before sending out the AccountRequest.
We should validate that the email in the AccountRequest is a valid address.When signing up for a new account we do not validate for a valid emailaddress at the moment before sending out the AccountRequest.
We should validate that the email in the AccountRequest is a valid address.pazpazhttps://0xacab.org/schleuder/schleuder-web/-/issues/73unusable secret key for lists created via web2021-02-16T16:22:28Zfunusable secret key for lists created via webafter creating a list via schleuder-web everything seems ok but sending an email to it fail with 'unusable secret key'. we've recreated the list via schleuder-cli and it worked as expected. we could even add keys and subscriptions via ...after creating a list via schleuder-web everything seems ok but sending an email to it fail with 'unusable secret key'. we've recreated the list via schleuder-cli and it worked as expected. we could even add keys and subscriptions via web too. creating a new list via web reproduces the error.
i've tested the keyring and it seems to work ok:
```bash
sudo -u schleuder GNUPGHOME=/var/schleuder/lists/psst.kefir.red/test/ gpg2 --list-keys
# shows keys
echo hola | sudo -u schleuder GNUPGHOME=/var/schleuder/lists/psst.kefir.red/test/ \
gpg2 --encrypt --armor --recipient subscriber@kefir.red
# encrypts
```
though it complains for having rX to schleuder group, this is the same for the list created via cli.
this stacktrace is from an email sent to -sendkey
```ruby
Unusable secret key
/var/lib/gems/2.1.0/gems/gpgme-2.0.12/lib/gpgme/ctx.rb:475:in `sign'
/var/lib/gems/2.1.0/gems/gpgme-2.0.12/lib/gpgme/crypto.rb:249:in `block in sign'
/var/lib/gems/2.1.0/gems/gpgme-2.0.12/lib/gpgme/ctx.rb:79:in `new'
/var/lib/gems/2.1.0/gems/gpgme-2.0.12/lib/gpgme/crypto.rb:242:in `sign'
/var/lib/gems/2.1.0/gems/mail-gpg-0.3.0/lib/mail/gpg/gpgme_helper.rb:79:in `sign'
/var/lib/gems/2.1.0/gems/mail-gpg-0.3.0/lib/mail/gpg/sign_part.rb:6:in `initialize'
/var/lib/gems/2.1.0/gems/mail-gpg-0.3.0/lib/mail/gpg/signed_part.rb:29:in `new'
/var/lib/gems/2.1.0/gems/mail-gpg-0.3.0/lib/mail/gpg/signed_part.rb:29:in `sign'
/var/lib/gems/2.1.0/gems/mail-gpg-0.3.0/lib/mail/gpg.rb:55:in `block in sign'
/var/lib/gems/2.1.0/gems/mail-gpg-0.3.0/lib/mail/gpg.rb:113:in `instance_eval'
/var/lib/gems/2.1.0/gems/mail-gpg-0.3.0/lib/mail/gpg.rb:113:in `block in construct_mail'
/var/lib/gems/2.1.0/gems/mail-2.6.4/lib/mail/message.rb:133:in `instance_eval'
/var/lib/gems/2.1.0/gems/mail-2.6.4/lib/mail/message.rb:133:in `initialize'
/var/lib/gems/2.1.0/gems/mail-2.6.4/lib/mail/mail.rb:51:in `new'
/var/lib/gems/2.1.0/gems/mail-2.6.4/lib/mail/mail.rb:51:in `new'
/var/lib/gems/2.1.0/gems/mail-gpg-0.3.0/lib/mail/gpg.rb:106:in `construct_mail'
/var/lib/gems/2.1.0/gems/mail-gpg-0.3.0/lib/mail/gpg.rb:52:in `sign'
/var/lib/gems/2.1.0/gems/mail-gpg-0.3.0/lib/mail/gpg/delivery_handler.rb:13:in `deliver_mail'
/var/lib/gems/2.1.0/gems/mail-2.6.4/lib/mail/message.rb:237:in `deliver'
/var/lib/gems/2.1.0/gems/schleuder-3.1.1/lib/schleuder/filters/send_key_filter.rb:16:in `send_key'
/var/lib/gems/2.1.0/gems/schleuder-3.1.1/lib/schleuder/filters_runner.rb:24:in `block in run'
/var/lib/gems/2.1.0/gems/schleuder-3.1.1/lib/schleuder/filters_runner.rb:22:in `map'
/var/lib/gems/2.1.0/gems/schleuder-3.1.1/lib/schleuder/filters_runner.rb:22:in `run'
/var/lib/gems/2.1.0/gems/schleuder-3.1.1/lib/schleuder/runner.rb:18:in `run'
/var/lib/gems/2.1.0/gems/schleuder-3.1.1/lib/schleuder/cli.rb:35:in `work'
/var/lib/gems/2.1.0/gems/thor-0.19.1/lib/thor/command.rb:27:in `run'
/var/lib/gems/2.1.0/gems/thor-0.19.1/lib/thor/invocation.rb:126:in `invoke_command'
/var/lib/gems/2.1.0/gems/thor-0.19.1/lib/thor.rb:359:in `dispatch'
/var/lib/gems/2.1.0/gems/thor-0.19.1/lib/thor/base.rb:440:in `start'
/var/lib/gems/2.1.0/gems/schleuder-3.1.1/bin/schleuder:12:in `<top (required)>'
/usr/local/bin/schleuder:23:in `load'
/usr/local/bin/schleuder:23:in `<main>'
```https://0xacab.org/schleuder/schleuder-web/-/issues/118Make the first user list-admin per default2021-02-11T10:10:41ZcasperMake the first user list-admin per defaultSchleuder warns me, that I need at least on list-admin to make the list functional. It would be great, if you could tick the "admin"-box per default for the first user. I just forget too many times.Schleuder warns me, that I need at least on list-admin to make the list functional. It would be great, if you could tick the "admin"-box per default for the first user. I just forget too many times.https://0xacab.org/schleuder/schleuder-web/-/issues/58Allow users to delete keys?2021-02-06T22:01:19ZgeorgAllow users to delete keys?- Users should be able to delete their own old key, if they're providing a new one.
- Users shouldn't be allowed to delete keys of others.
- But users could assign others key to their own subscription and after this, delete the key.
-...- Users should be able to delete their own old key, if they're providing a new one.
- Users shouldn't be allowed to delete keys of others.
- But users could assign others key to their own subscription and after this, delete the key.
- Therefore we can't allow that.
- Idea: We can't verify GPG signature via the web. Users should be able to click `mailto` link to send a mail to schleuder to delete their key.georggeorghttps://0xacab.org/schleuder/schleuder-web/-/issues/120Redirect to originally requested url after login does not work2021-02-03T16:31:28Zo-Redirect to originally requested url after login does not workWhen I navigate to a particular resource on a schleuder-web interface with no pre-existing session, then I am not properly redirected to that url after login.
### Steps to reproduce
1. open an incognito window
2. visit some-schleuder-w...When I navigate to a particular resource on a schleuder-web interface with no pre-existing session, then I am not properly redirected to that url after login.
### Steps to reproduce
1. open an incognito window
2. visit some-schleuder-web/lists/some_list
3. login
4. it wrongly redirects to / instead of /lists/some_list
5. logout
6. visit some-schleuder-web/lists/some_list again
7. login
8. it correctly redirects to /lists/some_list
### Potential Fix
I am pretty sure the error is at https://0xacab.org/schleuder/schleuder-web/-/blob/master/app/controllers/application_controller.rb#L87 as I get the following error in the logs: `Error: no implicit conversion of nil into String`.
I would suggest a fix along these lines:
```
def authenticate
- expiry = Time.parse(session[:login_expires_at])
- if current_account && expiry > Time.now
+ expiry = Time.parse("#{session[:login_expires_at]}") rescue nil
+ if current_account && expiry && expiry > Time.now
update_session_expiry
```
However, what seems to be an additional issue is that the message at https://0xacab.org/schleuder/schleuder-web/-/blob/master/app/controllers/application_controller.rb#L110 is never displayed in the login form. The login form always says "please log in with your schleuder account" and does not display the error.https://0xacab.org/schleuder/schleuder-web/-/issues/119Key not showing expiration date in key list overview, only individual key det...2020-09-01T16:42:50ZfleishKey not showing expiration date in key list overview, only individual key detail viewToday I bulk uploaded a number of keys into a list. While verifying the results in schleuder-web, I noticed one user's key is not showing its expiration date in the key list overview despite it having one. I've attached (redacted) screen...Today I bulk uploaded a number of keys into a list. While verifying the results in schleuder-web, I noticed one user's key is not showing its expiration date in the key list overview despite it having one. I've attached (redacted) screenshots showing this behavior.
Overview:
![key-overview](/uploads/86b4f348d4cf969e27c892a0fe395645/key-overview.png)
Detail:
![key-detail](/uploads/29ade77c072e32206372a326f5af28bb/key-detail.png)
This user's key could be considered a bit "unique" compared to most other user's keys in that the master key is 2048-bit and it has 2 sub keys - 1 of which is an expired 2048-bit key & the other is an active 4096-bit key.
The key works fine in schleuder, it just appears to be a cosmetic/display issue in schleuder-web currently. Although I'm not sure if it would become an issue after the active key(s) expire in 2021 depending on how schleuder detects key expirations.https://0xacab.org/schleuder/schleuder-web/-/issues/103Let users reset their password2020-07-29T02:22:26ZMuri NicanorLet users reset their passwordOften users forget their passwords- their should be some way for them to set a new password, maybe with a token sent to the email addressOften users forget their passwords- their should be some way for them to set a new password, maybe with a token sent to the email addresshttps://0xacab.org/schleuder/schleuder-web/-/issues/12Mark expired keys2020-07-01T12:13:59ZpazMark expired keysExpired keys should be visibly marked to draw attention to them.
* flash-message after importing
* In the list of keys
* In the list of subscriptionsExpired keys should be visibly marked to draw attention to them.
* flash-message after importing
* In the list of keys
* In the list of subscriptionspazpazhttps://0xacab.org/schleuder/schleuder-web/-/issues/111Don't allow to upload expired keys2020-07-01T12:13:58ZcasperDon't allow to upload expired keysYou shouldn't be allowed to upload an unusable key. Or at least, there should be an informative warning flash message as proposed in #12.You shouldn't be allowed to upload an unusable key. Or at least, there should be an informative warning flash message as proposed in #12.https://0xacab.org/schleuder/schleuder-web/-/issues/55HTTPS: Enforce in production mode2020-07-01T12:12:34ZgeorgHTTPS: Enforce in production mode0.1https://0xacab.org/schleuder/schleuder-web/-/issues/117Respect subkeys when checking expiry date2020-06-26T13:41:57ZpazRespect subkeys when checking expiry dateschleuder-web should show an expiry date in the details view as well as in the online-format, if any relevant key has an expiry-date.
Currently none is shown (it even says: "Expiry date: None" in the details view) if the main key does n...schleuder-web should show an expiry date in the details view as well as in the online-format, if any relevant key has an expiry-date.
Currently none is shown (it even says: "Expiry date: None" in the details view) if the main key does not expire, but a relevant encryption subkey does.