Skip to content

Developer Tips & Tricks

rocodes edited this page Mar 24, 2022 · 3 revisions

This page contains various tips used by the securedrop-workstation developers. Please add yours below.

Log into securedrop-client with any password+totp value

See https://github.com/freedomofpress/securedrop-workstation/wiki/Developer-Tips-&-Tricks#log-into-securedrop-client-with-any-passwordtotp-value

Faking a slow network in Client dev

The SecureDrop Client is designed to connect over an Onion service. Tor can be slow: several-second latency is not uncommon. When working on the Client UI, it's easy to overlook how rendering will happen on a production install, if you're connecting to services on your location workstation (e.g. via make dev in the SecureDrop repo).

Enter toxiproxy. That tool will allow you to inject latency between the client and the server sockets on your workstation.

git clone https://github.com/shopify/toxiproxy
cd toxiproxy
make build # requires golang, otherwise fetch the artifacts from release page
cd dist
./toxiproxy-server # this blocks, so you'll need a separate terminal to continue
./toxiproxy-cli create --listen localhost:8088 --upstream localhost:8081 sd
./toxiproxy-cli toxic add -t latency -a latency=5000 sd

Then you'll need to edit the client code to use the proxy:

diff --git a/securedrop_client/app.py b/securedrop_client/app.py
index 6b95eda..22dd482 100644
--- a/securedrop_client/app.py
+++ b/securedrop_client/app.py
@@ -218,7 +218,7 @@ def start_app(args, qt_args) -> NoReturn:  # type: ignore [no-untyped-def]
     gui = Window()
 
     controller = Controller(
-        "http://localhost:8081/",
+        "http://localhost:8088/",
         gui,
         session_maker,
         args.sdc_home,

That's all! Run make dev in the SD repo, and ./run.sh in the client repo, and you're all set.

Simulating network disconnections in Client dev

If you want to test network disconnections (brief periods where the server is unreachable) from your dev environment, assuming you set up your SecureDrop development server using the make dev target:

docker network disconnect bridge securedrop-dev-0 # same command with 'connect' to reconnect

Simulating network disconnections in Client staging/prod VMs

On Qubes, issue commands in sd-whonix vm. On other machines, SSH into the app server.

  • To simulate a RequestTimeoutError:
sudo service tor stop # 'start' to restart
  • To simulate a ServerConnectionError:
sudo service apache2 stop