Merge branch 'master' into issues/562-fatal-auth-path-fix

Author: nemesifier

.github/workflows/backport.yml

@@ -0,0 +1,42 @@
+name: Backport fixes to stable branch
+
+on:
+  push:
+    branches:
+      - master
+  issue_comment:
+    types: [created]
+
+concurrency:
+  group: backport-${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: false
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  backport-on-push:
+    if: github.event_name == 'push'
+    uses: openwisp/openwisp-utils/.github/workflows/reusable-backport.yml@master
+    with:
+      commit_sha: ${{ github.sha }}
+    secrets:
+      app_id: ${{ secrets.OPENWISP_BOT_APP_ID }}
+      private_key: ${{ secrets.OPENWISP_BOT_PRIVATE_KEY }}
+
+  backport-on-comment:
+    if: >
+      github.event_name == 'issue_comment' &&
+      github.event.issue.pull_request &&
+      github.event.issue.pull_request.merged_at != null &&
+      github.event.issue.state == 'closed' &&
+      contains(fromJSON('["MEMBER", "OWNER"]'), github.event.comment.author_association) &&
+      startsWith(github.event.comment.body, '/backport')
+    uses: openwisp/openwisp-utils/.github/workflows/reusable-backport.yml@master
+    with:
+      pr_number: ${{ github.event.issue.number }}
+      comment_body: ${{ github.event.comment.body }}
+    secrets:
+      app_id: ${{ secrets.OPENWISP_BOT_APP_ID }}
+      private_key: ${{ secrets.OPENWISP_BOT_PRIVATE_KEY }}

images/common/services.py

@@ -8,8 +8,10 @@
 
 
 def database_status():
+    import psycopg
+
     try:
-        psycopg2.connect(
+        with psycopg.connect(
             dbname=os.environ["DB_NAME"],
             user=os.environ["DB_USER"],
             password=os.environ["DB_PASS"],
@@ -19,8 +21,9 @@ def database_status():
             sslcert=os.environ["DB_SSLCERT"],
             sslkey=os.environ["DB_SSLKEY"],
             sslrootcert=os.environ["DB_SSLROOTCERT"],
-        )
-    except psycopg2.OperationalError:
+        ):
+            pass
+    except psycopg.OperationalError:
         time.sleep(3)
         return False
     else:
@@ -74,8 +77,6 @@ def redis_status():
     arguments = sys.argv[1:]
     # Database Connection
     if "database" in arguments:
-        import psycopg2
-
         print("Waiting for database to become available...")
         connected = False
         while not connected:

images/openwisp_base/requirements.txt

@@ -1,7 +1,9 @@
 channels_redis
 service_identity
 django-redis
-psycopg2
+# pool is useful in prod deployments we include it
+# by default, but has to be configured manually
+psycopg[binary,pool]<4.0.0
 sentry-sdk
 supervisor>=4.3.0,<4.4.0
 django-cors-headers>=4.9.0,<4.10.0

images/openwisp_dashboard/load_init_data.py

@@ -124,7 +124,7 @@ def create_default_vpn_template(vpn):
     if Template.objects.filter(vpn=vpn).exists():
         return Template.objects.get(vpn=vpn)
 
-    template = Template.objects.create(
+    template = Template(
         auto_cert=True,
         name=template_name,
         type="vpn",
@@ -133,6 +133,11 @@ def create_default_vpn_template(vpn):
         vpn=vpn,
         default=True,
     )
+    # The config field is auto-generated on full_clean()
+    template.full_clean()
+    if template.config.get("openvpn"):
+        template.config["openvpn"][0]["log"] = "/var/log/tun0.log"
+    # Verify that the config is still valid.
     template.full_clean()
     template.save()
     return template
@@ -196,6 +201,26 @@ def create_ssh_key_template():
     return template
 
 
+def update_default_site():
+    """Update default site with DASHBOARD_DOMAIN."""
+    if "django.contrib.sites" in settings.INSTALLED_APPS:
+        from django.contrib.sites.models import Site
+
+        try:
+            site = Site.objects.get(pk=settings.SITE_ID)
+        except Site.DoesNotExist:
+            # Optionally log a message here if desired
+            return
+        dashboard_domain = os.environ.get("DASHBOARD_DOMAIN", "")
+        if (
+            site.name == "example.com" or site.domain == "example.com"
+        ) and dashboard_domain:
+            site.name = dashboard_domain
+            site.domain = dashboard_domain
+            site.full_clean()
+            site.save()
+
+
 def create_default_topology(vpn):
     """Creates Topology object for the default VPN."""
     if vpn.backend == "openwisp_controller.vpn_backends.OpenVpn":
@@ -239,6 +264,7 @@ def create_default_topology(vpn):
     redis_client = redis.Redis.from_url(settings.CACHES["default"]["LOCATION"])
 
     create_admin()
+    update_default_site()
     # Steps for creating new vpn client template with all the
     # required objects (CA, Certificate, VPN Server).
     is_vpn_enabled = os.environ.get("VPN_DOMAIN", "") != ""

images/openwisp_dashboard/openvpn.json

@@ -11,7 +11,18 @@
       "local": "",
       "comp_lzo": "no",
       "auth": "SHA1",
-      "cipher": "none",
+      "data_ciphers": [
+          {
+              "cipher": "AES-128-GCM",
+              "optional": false
+          },
+          {
+              "cipher": "none",
+              "optional": false
+          }
+      ],
+      "data_ciphers_fallback": "AES-128-GCM",
+      "cipher": "AES-128-GCM",
       "engine": "",
       "ca": "ca.pem",
       "cert": "cert.pem",

images/openwisp_openvpn/Dockerfile

@@ -1,5 +1,5 @@
 # hadolint ignore=DL3007
-FROM kylemanna/openvpn:2.4
+FROM lisenet/openvpn:2.6.17
 
 # hadolint ignore=DL3018
 RUN apk add --no-cache \

requirements-test.txt

@@ -1,2 +1,2 @@
 docker>=7.1.0,<7.2.0
-openwisp-utils[qa,selenium]~=1.2.1
+openwisp-utils[qa,selenium]>=1.2.2,<1.3.0