commit 9d6c74c887dd56a635929a7b6f920be8269b7e58
Author: Sunil Mohan Adapa <sunil@medhas.org>
Date: Wed Mar 25 11:49:01 2026 -0700
users: Add support for logging in with passkeys
Tests:
- Login
- Login using passkeys works on testing container and stable container.
- Login page show 'Log in with passkey' button as expected along with key
icon.
- On GNOME's Web browser, the login page does not show an error on load.
Clicking on 'Log in with passkey' shows the error: 'Logging in with passkey
failed: Browser does not support passkeys.'
- On Chromium browser, with invalid TLS certficiate, the login page does not
show an error on load. Clicking on 'Log in with passkey' shows the error:
'Logging in with passkey failed: NotAllowedError: WebAuthn is not supported
on sites with TLS certificate errors.'
- Raising an error in the passkey_login_begin() method shows the error message
when login page is loaded. Raising an error in the passkey_login_complete
method shows the error message after passkey is unlocked. In both cases, 500
is HTTP status code.
- With primary hardware key register passkey each for 'tester' and 'tester2'
accounts.
- With secondary hardware key register passkey for 'tester' account.
- In login page, loading the page shows the console message 'Signing in with a
passkey. Condition: true'.
- In login page, when username field is clicked, 'passkey' is shown in the
autofill popup options. Selecting it prompts for hardware PIN and touch.
User is logged in.
- In login page, when 'Log in with passkey' is clicked, console message is
show 'Log in initiated with button, conditional mediation aborted.'.
Hardware PIN and touch is prompted. User is logged in.
- During autofill login, canceling the hardware key PIN shows no error alert.
Autofill passkey login is not available.
- During autofill login, canceling the hardware touch prompt shows no error
alert. Autofill passkey login is not available.
- During button login, canceling the hardware key PIN shows '...user denied
permission' error alert. Autofill passkey login is not available.
- During button login, canceling the hardware touch prompt shows no '...user
denied permission' error alert. Autofill passkey login is not available.
- When multiple attempts fail, multiple error alerts are shown.
- During login, with primary key account selection dialog is shown. Selecting
'tester' logs into 'tester' account. Selecting 'tester2' logs into 'tester2'
account.
- During login, with secondary key, account selection dialog is not shown.
User is logged into the 'tester' account.
- Password based login continues to work as usual on Firefox, Chromium, and
GNOME's web.
- Logout, then visit /freedombox/sys/. This redirects to login page. After
login with passkey the browser is redirected to /freedombox/sys page.
- After passkey login, 'Last Used' for that key is updated. The value is not
updated for remaining keys of the account.
- After successful login, database is updated with the latest signature
counter.
- After successful login, for a user account with Spanish set as language, the
UI language changes to Spanish.
- If a key has been removed from list of passkeys and that passkey is
attempted for login, 'Passkey used is not known' error alert is shown.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
commit 1a8868f0cda53331694e3c68aa89152d39bed9e7
Author: Sunil Mohan Adapa <sunil@medhas.org>
Date: Mon Mar 2 16:44:20 2026 -0800
users: Add support registering, editing, and deleting passkeys
Tests:
- Setup: add domain name mystable.example. Add an entry in /etc/hosts on the
test machine. In Firefox, in about:config, set
'security.webauthn.allow_with_certificate_override' to 'true'.
- Registration
- Passkey successful registration:
- After passkey registration, created time is time at which key is created.
- After passkey registration, domain is the domain with which the interface
is accessed at the time of addition of passkey.
- After passkey registration, Added and Last Used columns show the current
time in UTC. Signature counter and extensions and aaguid values in the DB
are as expected.
- First key's name is 'Key 1'. After that it is 'Key 2' and so on. If a key
is renamed as 'Key 4', then next key will be named 'Key 5'.
- Registering passkeys using testing container stable container works.
- Links:
- 'Manage passkeys' link is show in the user menu in navbar in both desktop
mode and mobile mode. Clicking on it redirects the browser to current
user's passkey management page.
- User's edit page shows 'Use passkeys for better security'. Clicking on the
link redirects the browser to passkey management page for the user who's
account is being edited.
- Listing:
- All passkeys are show properly. Name, domain, added, last used, and
operations show correctly.
- When using a browser without Javascript script shows an error alert.
- If not passkeys are present "No passkeys added to user account." message
is shown.
- Editing the passkey shows correct page. Title, heading, form labels, form
value, and buttons are as expected. After editing, passkey is updated
properly.
- Deleting the passkey shows a model dialog with correct details. After
confirmation, passkey is removed and page is refreshed.
- Error handling:
- On GNOME's Web, clicking the 'Add Passkey' shows the error 'Browser does
not support passkeys'.
- On Chromium, clicking the 'Add passkey' shows the error 'NotAllowedError:
WebAuthn is not supported on sites with TLS certificate errors.'
- Raising an error in passkey_add_begin() results in correct error message
shown with 'Add passkey' button is clicked. Status code is 500.
- Raising an error in passkey_add_complete() results in correct error
message shown after unlocking the hardware token. Status code is 500.
- Canceling the PIN dialog results in '...user denied permission' error
alert.
- Canceling the touch dialog results in '...user denied permission' error
alert.
- Multiple failed attempts result in multiple alerts being shown at the same
time.
- Editing another user's passkeys:
- Listing passkeys show correct list of passkeys for the user account being
managed.
- Adding passkeys adds correctly to the user account being managed.
- Editing passkey correctly edits passkey of the user account being managed.
Redirect happens to the correct page after.
- Deleting passkey correctly edits passkey of the user account being
managed. Redirect happens to the correct page after.
- If a non-admin user tries to access passkeys list/edit/delete URL of
another user, 403 Forbidden error is raised
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
commit fa22ecaa366dcdb310301da02021326e2af553b9
Author: Sunil Mohan Adapa <sunil@medhas.org>
Date: Fri Mar 27 09:58:04 2026 -0700
d/control: Add fido2 library as dependency
Tests:
- Building the package using cowbuilder works.
- Building the package using nocheck profile works.
- On a fresh stable machine, installing the package and patches works.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
commit 46f13b2be9b045ae0831925f7888fc0f799fb80a
Author: Sunil Mohan Adapa <sunil@medhas.org>
Date: Thu Mar 26 16:53:47 2026 -0700
views: Add a decorator to handle exceptions in JSON views
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
commit cc626be7285888ec7032022f1fa6879553e0c226
Author: Sunil Mohan Adapa <sunil@medhas.org>
Date: Thu Mar 19 18:38:42 2026 -0700
service: Capture stdout/stderr when running as systemd unit
- Avoid duplicate log messages by not logging to console when running as systemd
unit.
- Retain normal logging when running on the terminal.
Tests:
- When running as systemd unit, output to stdin/stdout is captured in systemd
journal and visible with 'sudo freedombox-logs'.
- When running on terminal manually with 'sudo --user plinth ./run --develop'
both log messages and stdout/stderr prints() are visible.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
commit c0d603af07a1a40314bc28d6b409d48f7169c609
Author: bsurajpatra <ankitsuraj1111@gmail.com>
Date: Mon Mar 30 07:48:14 2026 +0200
Translated using Weblate (Hindi)
Currently translated at 43.9% (839 of 1908 strings)
commit c8a6637caec171d76eb3792d84ce7bfb093a28a5
Author: Pierfrancesco Passerini <p.passerini@gmail.com>
Date: Mon Mar 30 19:20:26 2026 +0200
Translated using Weblate (Italian)
Currently translated at 100.0% (1908 of 1908 strings)
commit b3b218bc243cb997ffcd42b8c2960f09340d3b51
Author: Dietmar <sagen@permondes.de>
Date: Sat Mar 28 11:29:33 2026 +0100
Translated using Weblate (German)
Currently translated at 99.0% (1889 of 1908 strings)
commit 06ad575b120c16444b29bc44c91733456f08de78
Author: Dietmar <sagen@permondes.de>
Date: Sat Mar 28 11:32:35 2026 +0100
Translated using Weblate (Italian)
Currently translated at 98.2% (1874 of 1908 strings)
commit dc49c4e8a757f42979d97a94c8f599c32630d903
Author: Coucouf <coucouf@coucouf.fr>
Date: Sat Mar 28 17:08:36 2026 +0100
Translated using Weblate (French)
Currently translated at 100.0% (1908 of 1908 strings)
There is 1 open security issue in bookworm.
You can find information about how to handle this issue in the security team's documentation.
Automatic checks made by the Debian l10n team found some issues with the translations contained in this package. You should check the l10n status report for more information.
Issues can be things such as missing translations, problematic translated strings, outdated PO files, unknown languages, etc.
![[bug history graph]](https://qa.debian.org/data/bts/graphs/f/freedombox.png){kind=link}