arthexis 0.1.10__py3-none-any.whl → 0.1.11__py3-none-any.whl

core/models.py

@@ -14,6 +14,7 @@ from django.core.exceptions import ValidationError
 from django.apps import apps
 from django.db.models.signals import m2m_changed, post_delete, post_save
 from django.dispatch import receiver
+from django.views.decorators.debug import sensitive_variables
 from datetime import time as datetime_time, timedelta
 from django.contrib.contenttypes.models import ContentType
 import hashlib
@@ -38,6 +39,7 @@ xmlrpc_client = defused_xmlrpc.xmlrpc_client
 
 from .entity import Entity, EntityUserManager, EntityManager
 from .release import Package as ReleasePackage, Credentials, DEFAULT_PACKAGE
+from . import temp_passwords
 from . import user_data  # noqa: F401 - ensure signal registration
 from .fields import (
     SigilShortAutoField,
@@ -160,6 +162,25 @@ class Profile(Entity):
         return str(owner)
 
 
+_SOCIAL_DOMAIN_PATTERN = re.compile(
+    r"^(?=.{1,253}\Z)(?!-)[A-Za-z0-9-]{1,63}(?<!-)(\.(?!-)[A-Za-z0-9-]{1,63}(?<!-))*$"
+)
+
+
+social_domain_validator = RegexValidator(
+    regex=_SOCIAL_DOMAIN_PATTERN,
+    message=_("Enter a valid domain name such as example.com."),
+    code="invalid",
+)
+
+
+social_did_validator = RegexValidator(
+    regex=r"^(|did:[a-z0-9]+:[A-Za-z0-9.\-_:]+)$",
+    message=_("Enter a valid DID such as did:plc:1234abcd."),
+    code="invalid",
+)
+
+
 class SigilRootManager(EntityManager):
     def get_by_natural_key(self, prefix: str):
         return self.get(prefix=prefix)
@@ -219,6 +240,13 @@ class InviteLead(Lead):
     sent_on = models.DateTimeField(null=True, blank=True)
     error = models.TextField(blank=True)
     mac_address = models.CharField(max_length=17, blank=True)
+    sent_via_outbox = models.ForeignKey(
+        "nodes.EmailOutbox",
+        null=True,
+        blank=True,
+        on_delete=models.SET_NULL,
+        related_name="invite_leads",
+    )
 
     class Meta:
         verbose_name = "Invite Lead"
@@ -303,6 +331,28 @@ class User(Entity, AbstractUser):
     def is_system_username(cls, username):
         return bool(username) and username == cls.SYSTEM_USERNAME
 
+    @sensitive_variables("raw_password")
+    def set_password(self, raw_password):
+        result = super().set_password(raw_password)
+        temp_passwords.discard_temp_password(self.username)
+        return result
+
+    @sensitive_variables("raw_password")
+    def check_password(self, raw_password):
+        if super().check_password(raw_password):
+            return True
+        if raw_password is None:
+            return False
+        entry = temp_passwords.load_temp_password(self.username)
+        if entry is None:
+            return False
+        if entry.is_expired:
+            temp_passwords.discard_temp_password(self.username)
+            return False
+        if not entry.allow_change:
+            return False
+        return entry.check_password(raw_password)
+
     @classmethod
     def is_profile_restricted_username(cls, username):
         return bool(username) and username in cls.PROFILE_RESTRICTED_USERNAMES
@@ -375,12 +425,16 @@ class User(Entity, AbstractUser):
         )
 
     def _profile_for(self, profile_cls: Type[Profile], user: "User"):
-        profile = profile_cls.objects.filter(user=user).first()
+        queryset = profile_cls.objects.all()
+        if hasattr(profile_cls, "is_enabled"):
+            queryset = queryset.filter(is_enabled=True)
+
+        profile = queryset.filter(user=user).first()
         if profile:
             return profile
         group_ids = list(user.groups.values_list("id", flat=True))
         if group_ids:
-            return profile_cls.objects.filter(group_id__in=group_ids).first()
+            return queryset.filter(group_id__in=group_ids).first()
         return None
 
     def get_profile(self, profile_cls: Type[Profile]):
@@ -434,6 +488,10 @@ class User(Entity, AbstractUser):
     def assistant_profile(self):
         return self._direct_profile("AssistantProfile")
 
+    @property
+    def social_profile(self):
+        return self._direct_profile("SocialProfile")
+
     @property
     def chat_profile(self):
         return self.assistant_profile
@@ -637,13 +695,45 @@ class EmailInbox(Profile):
         except Exception as exc:
             raise ValidationError(str(exc))
 
-    def search_messages(self, subject="", from_address="", body="", limit: int = 10):
+    def search_messages(
+        self,
+        subject="",
+        from_address="",
+        body="",
+        limit: int = 10,
+        use_regular_expressions: bool = False,
+    ):
         """Retrieve up to ``limit`` recent messages matching the filters.
 
-        Parameters are case-insensitive fragments. Results are returned as a list
-        of dictionaries with ``subject``, ``from`` and ``body`` keys.
+        Parameters are case-insensitive fragments by default. When
+        ``use_regular_expressions`` is ``True`` the filters are treated as regular
+        expressions using case-insensitive matching. Results are returned as a
+        list of dictionaries with ``subject``, ``from``, ``body`` and ``date``
+        keys.
         """
 
+        def _compile(pattern: str | None):
+            if not pattern:
+                return None
+            try:
+                return re.compile(pattern, re.IGNORECASE)
+            except re.error as exc:
+                raise ValidationError(str(exc))
+
+        subject_regex = sender_regex = body_regex = None
+        if use_regular_expressions:
+            subject_regex = _compile(subject)
+            sender_regex = _compile(from_address)
+            body_regex = _compile(body)
+
+        def _matches(value: str, needle: str, regex):
+            value = value or ""
+            if regex is not None:
+                return bool(regex.search(value))
+            if not needle:
+                return True
+            return needle.lower() in value.lower()
+
         def _get_body(msg):
             if msg.is_multipart():
                 for part in msg.walk():
@@ -670,28 +760,44 @@ class EmailInbox(Profile):
             )
             conn.login(self.username, self.password)
             conn.select("INBOX")
-            criteria = []
-            if subject:
-                criteria.extend(["SUBJECT", f'"{subject}"'])
-            if from_address:
-                criteria.extend(["FROM", f'"{from_address}"'])
-            if body:
-                criteria.extend(["TEXT", f'"{body}"'])
-            if not criteria:
-                criteria = ["ALL"]
-            typ, data = conn.search(None, *criteria)
-            ids = data[0].split()[-limit:]
+            fetch_limit = limit if not use_regular_expressions else max(limit * 5, limit)
+            if use_regular_expressions:
+                typ, data = conn.search(None, "ALL")
+            else:
+                criteria = []
+                if subject:
+                    criteria.extend(["SUBJECT", f'"{subject}"'])
+                if from_address:
+                    criteria.extend(["FROM", f'"{from_address}"'])
+                if body:
+                    criteria.extend(["TEXT", f'"{body}"'])
+                if not criteria:
+                    criteria = ["ALL"]
+                typ, data = conn.search(None, *criteria)
+            ids = data[0].split()[-fetch_limit:]
             messages = []
             for mid in ids:
                 typ, msg_data = conn.fetch(mid, "(RFC822)")
                 msg = email.message_from_bytes(msg_data[0][1])
+                body_text = _get_body(msg)
+                subj_value = msg.get("Subject", "")
+                from_value = msg.get("From", "")
+                if not (
+                    _matches(subj_value, subject, subject_regex)
+                    and _matches(from_value, from_address, sender_regex)
+                    and _matches(body_text, body, body_regex)
+                ):
+                    continue
                 messages.append(
                     {
-                        "subject": msg.get("Subject", ""),
-                        "from": msg.get("From", ""),
-                        "body": _get_body(msg),
+                        "subject": subj_value,
+                        "from": from_value,
+                        "body": body_text,
+                        "date": msg.get("Date", ""),
                     }
                 )
+                if len(messages) >= limit:
+                    break
             conn.logout()
             return list(reversed(messages))
 
@@ -713,25 +819,137 @@ class EmailInbox(Profile):
             subj = msg.get("Subject", "")
             frm = msg.get("From", "")
             body_text = _get_body(msg)
-            if subject and subject.lower() not in subj.lower():
-                continue
-            if from_address and from_address.lower() not in frm.lower():
-                continue
-            if body and body.lower() not in body_text.lower():
+            if not (
+                _matches(subj, subject, subject_regex)
+                and _matches(frm, from_address, sender_regex)
+                and _matches(body_text, body, body_regex)
+            ):
                 continue
-            messages.append({"subject": subj, "from": frm, "body": body_text})
+            messages.append(
+                {
+                    "subject": subj,
+                    "from": frm,
+                    "body": body_text,
+                    "date": msg.get("Date", ""),
+                }
+            )
             if len(messages) >= limit:
                 break
         conn.quit()
         return messages
 
     def __str__(self):  # pragma: no cover - simple representation
-        return f"{self.username}@{self.host}"
+        username = (self.username or "").strip()
+        host = (self.host or "").strip()
+
+        if username:
+            if "@" in username:
+                return username
+            if host:
+                return f"{username}@{host}"
+            return username
+
+        if host:
+            return host
+
+        owner = self.owner_display()
+        if owner:
+            return owner
+
+        return super().__str__()
+
+
+class SocialProfile(Profile):
+    """Store configuration required to link social accounts such as Bluesky."""
+
+    class Network(models.TextChoices):
+        BLUESKY = "bluesky", _("Bluesky")
+
+    profile_fields = ("handle", "domain", "did")
+
+    network = models.CharField(
+        max_length=32,
+        choices=Network.choices,
+        default=Network.BLUESKY,
+        help_text=_(
+            "Select the social network you want to connect. Only Bluesky is supported at the moment."
+        ),
+    )
+    handle = models.CharField(
+        max_length=253,
+        help_text=_(
+            "Bluesky handle that should resolve to Arthexis. Use the verified domain (for example arthexis.com)."
+        ),
+        validators=[social_domain_validator],
+    )
+    domain = models.CharField(
+        max_length=253,
+        help_text=_(
+            "Domain that hosts the Bluesky verification. Publish a _atproto TXT record or a /.well-known/atproto-did file with the DID below."
+        ),
+        validators=[social_domain_validator],
+    )
+    did = models.CharField(
+        max_length=255,
+        blank=True,
+        help_text=_(
+            "Optional DID that Bluesky assigns once the domain is linked (for example did:plc:1234abcd)."
+        ),
+        validators=[social_did_validator],
+    )
+
+    def clean(self):
+        super().clean()
+        if self.network == self.Network.BLUESKY:
+            errors = {}
+            if not self.handle:
+                errors["handle"] = _("Provide the handle that should point to this domain.")
+            if not self.domain:
+                errors["domain"] = _("A verified domain is required for Bluesky handles.")
+            if errors:
+                raise ValidationError(errors)
+
+    def save(self, *args, **kwargs):
+        if self.handle:
+            self.handle = self.handle.strip().lower()
+        if self.domain:
+            self.domain = self.domain.strip().lower()
+        super().save(*args, **kwargs)
+
+    def __str__(self):  # pragma: no cover - simple representation
+        handle = self.handle or self.domain
+        label = f"{self.get_network_display()} ({handle})" if handle else self.get_network_display()
+        owner = self.owner_display()
+        return f"{owner} – {label}" if owner else label
+
+    class Meta:
+        verbose_name = _("Social Identity")
+        verbose_name_plural = _("Social Identities")
+        constraints = [
+            models.UniqueConstraint(
+                fields=["network", "handle"], name="socialprofile_network_handle"
+            ),
+            models.UniqueConstraint(
+                fields=["network", "domain"], name="socialprofile_network_domain"
+            ),
+            models.CheckConstraint(
+                check=(
+                    (Q(user__isnull=False) & Q(group__isnull=True))
+                    | (Q(user__isnull=True) & Q(group__isnull=False))
+                ),
+                name="socialprofile_requires_owner",
+            ),
+        ]
 
 
 class EmailCollector(Entity):
     """Search an inbox for matching messages and extract data via sigils."""
 
+    name = models.CharField(
+        max_length=255,
+        blank=True,
+        help_text="Optional label to identify this collector.",
+    )
     inbox = models.ForeignKey(
         "EmailInbox",
         related_name="collectors",
@@ -745,6 +963,10 @@ class EmailCollector(Entity):
         blank=True,
         help_text="Pattern with [sigils] to extract values from the body.",
     )
+    use_regular_expressions = models.BooleanField(
+        default=False,
+        help_text="Treat subject, sender and body filters as regular expressions (case-insensitive).",
+    )
 
     def _parse_sigils(self, text: str) -> dict[str, str]:
         """Extract values from ``text`` according to ``fragment`` sigils."""
@@ -764,16 +986,32 @@ class EmailCollector(Entity):
             return {}
         return {k: v.strip() for k, v in match.groupdict().items()}
 
-    def collect(self, limit: int = 10) -> None:
-        """Poll the inbox and store new artifacts until an existing one is found."""
-        from .models import EmailArtifact
-
-        messages = self.inbox.search_messages(
+    def __str__(self):  # pragma: no cover - simple representation
+        if self.name:
+            return self.name
+        parts = []
+        if self.subject:
+            parts.append(self.subject)
+        if self.sender:
+            parts.append(self.sender)
+        if not parts:
+            parts.append(str(self.inbox))
+        return " – ".join(parts)
+
+    def search_messages(self, limit: int = 10):
+        return self.inbox.search_messages(
             subject=self.subject,
             from_address=self.sender,
             body=self.body,
             limit=limit,
+            use_regular_expressions=self.use_regular_expressions,
         )
+
+    def collect(self, limit: int = 10) -> None:
+        """Poll the inbox and store new artifacts until an existing one is found."""
+        from .models import EmailArtifact
+
+        messages = self.search_messages(limit=limit)
         for msg in messages:
             fp = EmailArtifact.fingerprint_for(
                 msg.get("subject", ""), msg.get("from", ""), msg.get("body", "")
@@ -2123,6 +2361,7 @@ class PackageRelease(Entity):
         max_length=40, blank=True, default=revision_utils.get_revision, editable=False
     )
     pypi_url = models.URLField("PyPI URL", blank=True, editable=False)
+    release_on = models.DateTimeField(blank=True, null=True, editable=False)
 
     class Meta:
         verbose_name = "Package Release"

core/reference_utils.py

@@ -41,16 +41,27 @@ def filter_visible_references(
             node = None
 
     node_role_id = getattr(node, "role_id", None)
-    node_feature_ids: set[int] = set()
+    node_active_feature_ids: set[int] = set()
     if node is not None:
-        features_manager = getattr(node, "features", None)
-        if features_manager is not None:
+        assignments_manager = getattr(node, "feature_assignments", None)
+        if assignments_manager is not None:
             try:
-                node_feature_ids = set(
-                    features_manager.values_list("pk", flat=True)
+                assignments = list(
+                    assignments_manager.filter(is_deleted=False).select_related(
+                        "feature"
+                    )
                 )
             except Exception:
-                node_feature_ids = set()
+                assignments = []
+            for assignment in assignments:
+                feature = getattr(assignment, "feature", None)
+                if feature is None or getattr(feature, "is_deleted", False):
+                    continue
+                try:
+                    if feature.is_enabled:
+                        node_active_feature_ids.add(feature.pk)
+                except Exception:
+                    continue
 
     visible_refs: list["Reference"] = []
     for ref in refs:
@@ -64,8 +75,8 @@ def filter_visible_references(
                 allowed = True
             elif (
                 required_features
-                and node_feature_ids
-                and node_feature_ids.intersection(required_features)
+                and node_active_feature_ids
+                and node_active_feature_ids.intersection(required_features)
             ):
                 allowed = True
             elif required_sites and site_id and site_id in required_sites:

core/sigil_builder.py

@@ -17,7 +17,7 @@ from .sigil_resolver import (
 def generate_model_sigils(**kwargs) -> None:
     """Ensure built-in configuration SigilRoot entries exist."""
     SigilRoot = apps.get_model("core", "SigilRoot")
-    for prefix in ["ENV", "SYS"]:
+    for prefix in ["ENV", "CONF", "SYS"]:
         # Ensure built-in configuration roots exist without violating the
         # unique ``prefix`` constraint, even if older databases already have
         # entries with a different ``context_type``.
@@ -40,7 +40,12 @@ def _sigil_builder_view(request):
         {
             "prefix": "ENV",
             "url": reverse("admin:environment"),
-            "label": _("Environment"),
+            "label": _("Environ"),
+        },
+        {
+            "prefix": "CONF",
+            "url": reverse("admin:config"),
+            "label": _("Config"),
         },
         {
             "prefix": "SYS",

core/sigil_resolver.py

@@ -11,6 +11,7 @@ from django.core import serializers
 from django.db import models
 
 from .sigil_context import get_context
+from .system import get_system_sigil_values, resolve_system_namespace_value
 
 logger = logging.getLogger("core.entity")
 
@@ -150,6 +151,18 @@ def _resolve_token(token: str, current: Optional[models.Model] = None) -> str:
     SigilRoot = apps.get_model("core", "SigilRoot")
     try:
         root = SigilRoot.objects.get(prefix__iexact=lookup_root)
+    except SigilRoot.DoesNotExist:
+        logger.warning("Unknown sigil root [%s]", lookup_root)
+        return _failed_resolution(original_token)
+    except Exception:
+        logger.exception(
+            "Error resolving sigil [%s.%s]",
+            lookup_root,
+            key_upper or normalized_key or raw_key,
+        )
+        return _failed_resolution(original_token)
+
+    try:
         if root.context_type == SigilRoot.Context.CONFIG:
             if not normalized_key:
                 return ""
@@ -176,7 +189,7 @@ def _resolve_token(token: str, current: Optional[models.Model] = None) -> str:
                     key_upper or normalized_key or raw_key or "",
                 )
                 return _failed_resolution(original_token)
-            if root.prefix.upper() == "SYS":
+            if root.prefix.upper() == "CONF":
                 for candidate in [normalized_key, key_upper, key_lower]:
                     if not candidate:
                         continue
@@ -188,6 +201,26 @@ def _resolve_token(token: str, current: Optional[models.Model] = None) -> str:
                 if fallback is not None:
                     return fallback
                 return ""
+            if root.prefix.upper() == "SYS":
+                values = get_system_sigil_values()
+                candidates = {
+                    key_upper,
+                    normalized_key.upper() if normalized_key else None,
+                    (raw_key or "").upper(),
+                }
+                for candidate in candidates:
+                    if not candidate:
+                        continue
+                    if candidate in values:
+                        return values[candidate]
+                    resolved = resolve_system_namespace_value(candidate)
+                    if resolved is not None:
+                        return resolved
+                logger.warning(
+                    "Missing system information for sigil [SYS.%s]",
+                    key_upper or normalized_key or raw_key or "",
+                )
+                return _failed_resolution(original_token)
         elif root.context_type == SigilRoot.Context.ENTITY:
             model = root.content_type.model_class() if root.content_type else None
             instance = None
@@ -243,15 +276,13 @@ def _resolve_token(token: str, current: Optional[models.Model] = None) -> str:
                     return _failed_resolution(original_token)
                 return serializers.serialize("json", [instance])
         return _failed_resolution(original_token)
-    except SigilRoot.DoesNotExist:
-        logger.warning("Unknown sigil root [%s]", lookup_root)
     except Exception:
         logger.exception(
             "Error resolving sigil [%s.%s]",
             lookup_root,
             key_upper or normalized_key or raw_key,
         )
-    return _failed_resolution(original_token)
+        return _failed_resolution(original_token)
 
 
 def resolve_sigils(text: str, current: Optional[models.Model] = None) -> str: