arthexis 0.1.10__py3-none-any.whl → 0.1.11__py3-none-any.whl

core/system.py

@@ -1,25 +1,262 @@
 from __future__ import annotations
 
 from contextlib import closing
+from dataclasses import dataclass
+from datetime import datetime
 from pathlib import Path
+import json
 import re
 import socket
 import subprocess
 import shutil
+from typing import Callable, Iterable, Optional
 
 from django.conf import settings
 from django.contrib import admin
 from django.template.response import TemplateResponse
 from django.urls import path
+from django.utils import timezone
+from django.utils.formats import date_format
 from django.utils.translation import gettext_lazy as _
 
+from core.auto_upgrade import AUTO_UPGRADE_TASK_NAME
 from utils import revision
 
 
+@dataclass(frozen=True)
+class SystemField:
+    """Metadata describing a single entry on the system admin page."""
+
+    label: str
+    sigil_key: str
+    value: object
+    field_type: str = "text"
+
+    @property
+    def sigil(self) -> str:
+        return f"SYS.{self.sigil_key}"
+
+
 _RUNSERVER_PORT_PATTERN = re.compile(r":(\d{2,5})(?:\D|$)")
 _RUNSERVER_PORT_FLAG_PATTERN = re.compile(r"--port(?:=|\s+)(\d{2,5})", re.IGNORECASE)
 
 
+def _format_timestamp(dt: datetime | None) -> str:
+    """Return ``dt`` formatted using the active ``DATETIME_FORMAT``."""
+
+    if dt is None:
+        return ""
+    try:
+        localized = timezone.localtime(dt)
+    except Exception:
+        localized = dt
+    return date_format(localized, "DATETIME_FORMAT")
+
+
+def _auto_upgrade_next_check() -> str:
+    """Return the human-readable timestamp for the next auto-upgrade check."""
+
+    try:  # pragma: no cover - optional dependency failures
+        from django_celery_beat.models import PeriodicTask
+    except Exception:
+        return ""
+
+    try:
+        task = (
+            PeriodicTask.objects.select_related(
+                "interval", "crontab", "solar", "clocked"
+            )
+            .only("enabled", "last_run_at", "start_time", "name")
+            .get(name=AUTO_UPGRADE_TASK_NAME)
+        )
+    except PeriodicTask.DoesNotExist:
+        return ""
+    except Exception:  # pragma: no cover - database unavailable
+        return ""
+
+    if not task.enabled:
+        return str(_("Disabled"))
+
+    schedule = task.schedule
+    if schedule is None:
+        return ""
+
+    now = schedule.maybe_make_aware(schedule.now())
+
+    start_time = task.start_time
+    if start_time is not None:
+        try:
+            candidate_start = schedule.maybe_make_aware(start_time)
+        except Exception:
+            candidate_start = (
+                timezone.make_aware(start_time)
+                if timezone.is_naive(start_time)
+                else start_time
+            )
+        if candidate_start and candidate_start > now:
+            return _format_timestamp(candidate_start)
+
+    last_run_at = task.last_run_at
+    if last_run_at is not None:
+        try:
+            reference = schedule.maybe_make_aware(last_run_at)
+        except Exception:
+            reference = (
+                timezone.make_aware(last_run_at)
+                if timezone.is_naive(last_run_at)
+                else last_run_at
+            )
+    else:
+        reference = now
+
+    try:
+        remaining = schedule.remaining_estimate(reference)
+    except Exception:
+        return ""
+
+    next_run = now + remaining
+    return _format_timestamp(next_run)
+
+
+def _resolve_auto_upgrade_namespace(key: str) -> str | None:
+    """Resolve sigils within the ``AUTO-UPGRADE`` namespace."""
+
+    normalized = key.replace("-", "_").upper()
+    if normalized == "NEXT_CHECK":
+        return _auto_upgrade_next_check()
+    return None
+
+
+_SYSTEM_SIGIL_NAMESPACES: dict[str, Callable[[str], Optional[str]]] = {
+    "AUTO_UPGRADE": _resolve_auto_upgrade_namespace,
+}
+
+
+def resolve_system_namespace_value(key: str) -> str | None:
+    """Resolve dot-notation sigils mapped to dynamic ``SYS`` namespaces."""
+
+    if not key:
+        return None
+    namespace, _, remainder = key.partition(".")
+    if not remainder:
+        return None
+    normalized = namespace.replace("-", "_").upper()
+    handler = _SYSTEM_SIGIL_NAMESPACES.get(normalized)
+    if not handler:
+        return None
+    return handler(remainder)
+
+
+def _database_configurations() -> list[dict[str, str]]:
+    """Return a normalized list of configured database connections."""
+
+    databases: list[dict[str, str]] = []
+    for alias, config in settings.DATABASES.items():
+        engine = config.get("ENGINE", "")
+        name = config.get("NAME", "")
+        if engine is None:
+            engine = ""
+        if name is None:
+            name = ""
+        databases.append({
+            "alias": alias,
+            "engine": str(engine),
+            "name": str(name),
+        })
+    databases.sort(key=lambda entry: entry["alias"].lower())
+    return databases
+
+
+def _build_system_fields(info: dict[str, object]) -> list[SystemField]:
+    """Convert gathered system information into renderable rows."""
+
+    fields: list[SystemField] = []
+
+    def add_field(label: str, key: str, value: object, *, field_type: str = "text", visible: bool = True) -> None:
+        if not visible:
+            return
+        fields.append(SystemField(label=label, sigil_key=key, value=value, field_type=field_type))
+
+    add_field(_("Suite installed"), "INSTALLED", info.get("installed", False), field_type="boolean")
+    add_field(_("Revision"), "REVISION", info.get("revision", ""))
+
+    service_value = info.get("service") or _("not installed")
+    add_field(_("Service"), "SERVICE", service_value)
+
+    nginx_mode = info.get("mode", "")
+    port = info.get("port", "")
+    nginx_display = f"{nginx_mode} ({port})" if port else nginx_mode
+    add_field(_("Nginx mode"), "NGINX_MODE", nginx_display)
+
+    add_field(_("Node role"), "NODE_ROLE", info.get("role", ""))
+    add_field(
+        _("Display mode"),
+        "DISPLAY_MODE",
+        info.get("screen_mode", ""),
+        visible=bool(info.get("screen_mode")),
+    )
+
+    add_field(_("Features"), "FEATURES", info.get("features", []), field_type="features")
+    add_field(_("Running"), "RUNNING", info.get("running", False), field_type="boolean")
+    add_field(
+        _("Service status"),
+        "SERVICE_STATUS",
+        info.get("service_status", ""),
+        visible=bool(info.get("service")),
+    )
+
+    add_field(_("Hostname"), "HOSTNAME", info.get("hostname", ""))
+
+    ip_addresses: Iterable[str] = info.get("ip_addresses", [])  # type: ignore[assignment]
+    add_field(_("IP addresses"), "IP_ADDRESSES", " ".join(ip_addresses))
+
+    add_field(
+        _("Databases"),
+        "DATABASES",
+        info.get("databases", []),
+        field_type="databases",
+    )
+
+    add_field(
+        _("Next auto-upgrade check"),
+        "AUTO-UPGRADE.NEXT-CHECK",
+        info.get("auto_upgrade_next_check", ""),
+    )
+
+    return fields
+
+
+def _export_field_value(field: SystemField) -> str:
+    """Serialize a ``SystemField`` value for sigil resolution."""
+
+    if field.field_type in {"features", "databases"}:
+        return json.dumps(field.value)
+    if field.field_type == "boolean":
+        return "True" if field.value else "False"
+    if field.value is None:
+        return ""
+    return str(field.value)
+
+
+def get_system_sigil_values() -> dict[str, str]:
+    """Expose system information in a format suitable for sigil lookups."""
+
+    info = _gather_info()
+    values: dict[str, str] = {}
+    for field in _build_system_fields(info):
+        exported = _export_field_value(field)
+        raw_key = (field.sigil_key or "").strip()
+        if not raw_key:
+            continue
+        variants = {
+            raw_key.upper(),
+            raw_key.replace("-", "_").upper(),
+        }
+        for variant in variants:
+            values[variant] = exported
+    return values
+
+
 def _parse_runserver_port(command_line: str) -> int | None:
     """Extract the HTTP port from a runserver command line."""
 
@@ -219,6 +456,9 @@ def _gather_info() -> dict:
     info["hostname"] = hostname
     info["ip_addresses"] = ip_list
 
+    info["databases"] = _database_configurations()
+    info["auto_upgrade_next_check"] = _auto_upgrade_next_check()
+
     return info
 
 
@@ -226,7 +466,13 @@ def _system_view(request):
     info = _gather_info()
 
     context = admin.site.each_context(request)
-    context.update({"title": _("System"), "info": info})
+    context.update(
+        {
+            "title": _("System"),
+            "info": info,
+            "system_fields": _build_system_fields(info),
+        }
+    )
     return TemplateResponse(request, "admin/system.html", context)
 
 

core/temp_passwords.py

@@ -0,0 +1,181 @@
+"""Utilities for temporary password lock files."""
+
+from __future__ import annotations
+
+import hashlib
+import json
+import re
+import secrets
+import string
+from dataclasses import dataclass
+from datetime import datetime, timedelta
+from pathlib import Path
+from typing import Optional
+
+from django.conf import settings
+from django.contrib.auth.hashers import check_password, make_password
+from django.utils import timezone
+from django.utils.dateparse import parse_datetime
+
+
+DEFAULT_PASSWORD_LENGTH = 16
+DEFAULT_EXPIRATION = timedelta(hours=1)
+_SAFE_COMPONENT_RE = re.compile(r"[^A-Za-z0-9_.-]+")
+
+
+def _base_lock_dir() -> Path:
+    """Return the root directory used for temporary password lock files."""
+
+    configured = getattr(settings, "TEMP_PASSWORD_LOCK_DIR", None)
+    if configured:
+        path = Path(configured)
+    else:
+        path = Path(settings.BASE_DIR) / "locks" / "temp-passwords"
+    path.mkdir(parents=True, exist_ok=True)
+    return path
+
+
+def _safe_component(value: str) -> str:
+    """Return a filesystem safe component derived from ``value``."""
+
+    if not value:
+        return ""
+    safe = _SAFE_COMPONENT_RE.sub("_", value)
+    safe = safe.strip("._")
+    return safe[:64]
+
+
+def _lockfile_name(username: str) -> str:
+    """Return the filename used for the provided ``username``."""
+
+    digest = hashlib.sha256(username.encode("utf-8")).hexdigest()[:12]
+    safe = _safe_component(username)
+    if safe:
+        return f"{safe}-{digest}.json"
+    return f"user-{digest}.json"
+
+
+def _lockfile_path(username: str) -> Path:
+    """Return the lockfile path for ``username``."""
+
+    return _base_lock_dir() / _lockfile_name(username)
+
+
+def _parse_timestamp(value: str | None) -> Optional[datetime]:
+    """Return a timezone aware datetime parsed from ``value``."""
+
+    if not value:
+        return None
+    parsed = parse_datetime(value)
+    if parsed is None:
+        return None
+    if timezone.is_naive(parsed):
+        parsed = timezone.make_aware(parsed)
+    return parsed
+
+
+@dataclass(frozen=True)
+class TempPasswordEntry:
+    """Details for a temporary password stored on disk."""
+
+    username: str
+    password_hash: str
+    expires_at: datetime
+    created_at: datetime
+    path: Path
+    allow_change: bool = False
+
+    @property
+    def is_expired(self) -> bool:
+        return timezone.now() >= self.expires_at
+
+    def check_password(self, raw_password: str) -> bool:
+        """Return ``True`` if ``raw_password`` matches this entry."""
+
+        return check_password(raw_password, self.password_hash)
+
+
+def generate_password(length: int = DEFAULT_PASSWORD_LENGTH) -> str:
+    """Return a random password composed of letters and digits."""
+
+    if length <= 0:
+        raise ValueError("length must be a positive integer")
+    alphabet = string.ascii_letters + string.digits
+    return "".join(secrets.choice(alphabet) for _ in range(length))
+
+
+def store_temp_password(
+    username: str,
+    raw_password: str,
+    expires_at: Optional[datetime] = None,
+    *,
+    allow_change: bool = False,
+) -> TempPasswordEntry:
+    """Persist a temporary password for ``username`` and return the entry."""
+
+    if expires_at is None:
+        expires_at = timezone.now() + DEFAULT_EXPIRATION
+    if timezone.is_naive(expires_at):
+        expires_at = timezone.make_aware(expires_at)
+    created_at = timezone.now()
+    path = _lockfile_path(username)
+    data = {
+        "username": username,
+        "password_hash": make_password(raw_password),
+        "expires_at": expires_at.isoformat(),
+        "created_at": created_at.isoformat(),
+        "allow_change": allow_change,
+    }
+    path.write_text(json.dumps(data, indent=2, sort_keys=True))
+    return TempPasswordEntry(
+        username=username,
+        password_hash=data["password_hash"],
+        expires_at=expires_at,
+        created_at=created_at,
+        path=path,
+        allow_change=allow_change,
+    )
+
+
+def load_temp_password(username: str) -> Optional[TempPasswordEntry]:
+    """Return the stored temporary password for ``username``, if any."""
+
+    path = _lockfile_path(username)
+    if not path.exists():
+        return None
+    try:
+        data = json.loads(path.read_text())
+    except (json.JSONDecodeError, UnicodeDecodeError):
+        path.unlink(missing_ok=True)
+        return None
+
+    expires_at = _parse_timestamp(data.get("expires_at"))
+    created_at = _parse_timestamp(data.get("created_at")) or timezone.now()
+    password_hash = data.get("password_hash")
+    if not expires_at or not password_hash:
+        path.unlink(missing_ok=True)
+        return None
+
+    username = data.get("username") or username
+    allow_change_value = data.get("allow_change", False)
+    if isinstance(allow_change_value, str):
+        allow_change = allow_change_value.lower() in {"1", "true", "yes", "on"}
+    else:
+        allow_change = bool(allow_change_value)
+
+    return TempPasswordEntry(
+        username=username,
+        password_hash=password_hash,
+        expires_at=expires_at,
+        created_at=created_at,
+        path=path,
+        allow_change=allow_change,
+    )
+
+
+def discard_temp_password(username: str) -> None:
+    """Remove any stored temporary password for ``username``."""
+
+    path = _lockfile_path(username)
+    path.unlink(missing_ok=True)
+

core/test_system_info.py

@@ -1,3 +1,4 @@
+import json
 import os
 from pathlib import Path
 from subprocess import CompletedProcess
@@ -11,9 +12,9 @@ import django
 django.setup()
 
 from django.conf import settings
-from django.test import SimpleTestCase, TestCase, override_settings
+from django.test import SimpleTestCase, override_settings
 from nodes.models import Node, NodeFeature, NodeRole
-from core.system import _gather_info
+from core.system import _gather_info, get_system_sigil_values
 
 
 class SystemInfoRoleTests(SimpleTestCase):
@@ -55,6 +56,27 @@ class SystemInfoRevisionTests(SimpleTestCase):
         mock_revision.assert_called_once()
 
 
+class SystemInfoDatabaseTests(SimpleTestCase):
+    def test_collects_database_definitions(self):
+        info = _gather_info()
+        self.assertIn("databases", info)
+        aliases = {entry["alias"] for entry in info["databases"]}
+        self.assertIn("default", aliases)
+
+    @override_settings(
+        DATABASES={
+            "default": {
+                "ENGINE": "django.db.backends.sqlite3",
+                "NAME": Path("/tmp/db.sqlite3"),
+            }
+        }
+    )
+    def test_serializes_path_database_names(self):
+        info = _gather_info()
+        databases = info["databases"]
+        self.assertEqual(databases[0]["name"], "/tmp/db.sqlite3")
+
+
 class SystemInfoRunserverDetectionTests(SimpleTestCase):
     @patch("core.system.subprocess.run")
     def test_detects_runserver_process_port(self, mock_run):
@@ -77,3 +99,41 @@ class SystemInfoRunserverDetectionTests(SimpleTestCase):
         self.assertTrue(info["running"])
         self.assertEqual(info["port"], 8000)
 
+
+class SystemSigilValueTests(SimpleTestCase):
+    def test_exports_values_for_sigil_resolution(self):
+        sample_info = {
+            "installed": True,
+            "revision": "abcdef",
+            "service": "gunicorn",
+            "mode": "internal",
+            "port": 8888,
+            "role": "Terminal",
+            "screen_mode": "",
+            "features": [
+                {"display": "Feature", "expected": True, "actual": False, "slug": "feature"}
+            ],
+            "running": True,
+            "service_status": "active",
+            "hostname": "example.local",
+            "ip_addresses": ["127.0.0.1"],
+            "databases": [
+                {
+                    "alias": "default",
+                    "engine": "django.db.backends.sqlite3",
+                    "name": "db.sqlite3",
+                }
+            ],
+        }
+        with patch("core.system._gather_info", return_value=sample_info):
+            values = get_system_sigil_values()
+
+        self.assertEqual(values["REVISION"], "abcdef")
+        self.assertEqual(values["RUNNING"], "True")
+        self.assertEqual(values["NGINX_MODE"], "internal (8888)")
+        self.assertEqual(values["IP_ADDRESSES"], "127.0.0.1")
+        features = json.loads(values["FEATURES"])
+        self.assertEqual(features[0]["display"], "Feature")
+        databases = json.loads(values["DATABASES"])
+        self.assertEqual(databases[0]["alias"], "default")
+