arthexis 0.1.11__py3-none-any.whl → 0.1.12__py3-none-any.whl

core/models.py

@@ -765,15 +765,28 @@ class EmailInbox(Profile):
                 typ, data = conn.search(None, "ALL")
             else:
                 criteria = []
-                if subject:
-                    criteria.extend(["SUBJECT", f'"{subject}"'])
-                if from_address:
-                    criteria.extend(["FROM", f'"{from_address}"'])
-                if body:
-                    criteria.extend(["TEXT", f'"{body}"'])
+                charset = None
+
+                def _append(term: str, value: str):
+                    nonlocal charset
+                    if not value:
+                        return
+                    try:
+                        value.encode("ascii")
+                        encoded_value = value
+                    except UnicodeEncodeError:
+                        charset = charset or "UTF-8"
+                        encoded_value = value.encode("utf-8")
+                    criteria.extend([term, encoded_value])
+
+                _append("SUBJECT", subject)
+                _append("FROM", from_address)
+                _append("TEXT", body)
+
                 if not criteria:
-                    criteria = ["ALL"]
-                typ, data = conn.search(None, *criteria)
+                    typ, data = conn.search(None, "ALL")
+                else:
+                    typ, data = conn.search(charset, *criteria)
             ids = data[0].split()[-fetch_limit:]
             messages = []
             for mid in ids:
@@ -2637,3 +2650,23 @@ class Todo(Entity):
         if isinstance(field, ConditionTextField):
             return field.evaluate(self)
         return ConditionCheckResult(True, "")
+
+
+class TOTPDeviceSettings(models.Model):
+    """Per-device configuration options for authenticator enrollments."""
+
+    device = models.OneToOneField(
+        "otp_totp.TOTPDevice",
+        on_delete=models.CASCADE,
+        related_name="custom_settings",
+    )
+    issuer = models.CharField(
+        max_length=64,
+        blank=True,
+        default="",
+        help_text=_("Label shown in authenticator apps. Leave blank to use Arthexis."),
+    )
+
+    class Meta:
+        verbose_name = _("Authenticator device settings")
+        verbose_name_plural = _("Authenticator device settings")

core/reference_utils.py

@@ -30,7 +30,7 @@ def filter_visible_references(
         if host:
             site = Site.objects.filter(domain__iexact=host).first()
 
-    site_id = site.pk if site else None
+    site_id = getattr(site, "pk", None)
 
     if node is None:
         try:

core/release.py

@@ -344,3 +344,7 @@ def publish(
     proc = subprocess.run(cmd, capture_output=True, text=True)
     if proc.returncode != 0:
         raise ReleaseError(proc.stdout + proc.stderr)
+
+    tag_name = f"v{version}"
+    _run(["git", "tag", tag_name])
+    _run(["git", "push", "origin", tag_name])

core/system.py

@@ -119,7 +119,7 @@ def _auto_upgrade_next_check() -> str:
 
 
 def _resolve_auto_upgrade_namespace(key: str) -> str | None:
-    """Resolve sigils within the ``AUTO-UPGRADE`` namespace."""
+    """Resolve sigils within the legacy ``AUTO-UPGRADE`` namespace."""
 
     normalized = key.replace("-", "_").upper()
     if normalized == "NEXT_CHECK":
@@ -137,6 +137,9 @@ def resolve_system_namespace_value(key: str) -> str | None:
 
     if not key:
         return None
+    normalized_key = key.replace("-", "_").upper()
+    if normalized_key == "NEXT_VER_CHECK":
+        return _auto_upgrade_next_check()
     namespace, _, remainder = key.partition(".")
     if not remainder:
         return None
@@ -218,8 +221,8 @@ def _build_system_fields(info: dict[str, object]) -> list[SystemField]:
     )
 
     add_field(
-        _("Next auto-upgrade check"),
-        "AUTO-UPGRADE.NEXT-CHECK",
+        _("Next version check"),
+        "NEXT-VER-CHECK",
         info.get("auto_upgrade_next_check", ""),
     )
 

core/tasks.py

@@ -17,7 +17,7 @@ from nodes.models import NetMessage
 
 
 AUTO_UPGRADE_HEALTH_DELAY_SECONDS = 30
-AUTO_UPGRADE_HEALTH_MAX_ATTEMPTS = 3
+AUTO_UPGRADE_SKIP_LOCK_NAME = "auto_upgrade_skip_revisions.lck"
 
 
 logger = logging.getLogger(__name__)
@@ -66,6 +66,46 @@ def _append_auto_upgrade_log(base_dir: Path, message: str) -> None:
         logger.warning("Failed to append auto-upgrade log entry: %s", message)
 
 
+def _skip_lock_path(base_dir: Path) -> Path:
+    return base_dir / "locks" / AUTO_UPGRADE_SKIP_LOCK_NAME
+
+
+def _load_skipped_revisions(base_dir: Path) -> set[str]:
+    skip_file = _skip_lock_path(base_dir)
+    try:
+        return {
+            line.strip()
+            for line in skip_file.read_text().splitlines()
+            if line.strip()
+        }
+    except FileNotFoundError:
+        return set()
+    except OSError:
+        logger.warning("Failed to read auto-upgrade skip lockfile")
+        return set()
+
+
+def _add_skipped_revision(base_dir: Path, revision: str) -> None:
+    if not revision:
+        return
+
+    skip_file = _skip_lock_path(base_dir)
+    try:
+        skip_file.parent.mkdir(parents=True, exist_ok=True)
+        existing = _load_skipped_revisions(base_dir)
+        if revision in existing:
+            return
+        with skip_file.open("a", encoding="utf-8") as fh:
+            fh.write(f"{revision}\n")
+        _append_auto_upgrade_log(
+            base_dir, f"Recorded blocked revision {revision} for auto-upgrade"
+        )
+    except OSError:
+        logger.warning(
+            "Failed to update auto-upgrade skip lockfile with revision %s", revision
+        )
+
+
 def _resolve_service_url(base_dir: Path) -> str:
     """Return the local URL used to probe the Django suite."""
 
@@ -110,6 +150,23 @@ def check_github_updates() -> None:
     except Exception:
         startup = None
 
+    remote_revision = (
+        subprocess.check_output(
+            ["git", "rev-parse", f"origin/{branch}"], cwd=base_dir
+        )
+        .decode()
+        .strip()
+    )
+
+    skipped_revisions = _load_skipped_revisions(base_dir)
+    if remote_revision in skipped_revisions:
+        _append_auto_upgrade_log(
+            base_dir, f"Skipping auto-upgrade for blocked revision {remote_revision}"
+        )
+        if startup:
+            startup()
+        return
+
     upgrade_stamp = timezone.now().strftime("@ %Y%m%d %H:%M")
 
     upgrade_was_applied = False
@@ -120,19 +177,7 @@ def check_github_updates() -> None:
             .decode()
             .strip()
         )
-        remote = (
-            subprocess.check_output(
-                [
-                    "git",
-                    "rev-parse",
-                    f"origin/{branch}",
-                ],
-                cwd=base_dir,
-            )
-            .decode()
-            .strip()
-        )
-        if local == remote:
+        if local == remote_revision:
             if startup:
                 startup()
             return
@@ -254,12 +299,29 @@ def _schedule_health_check(next_attempt: int) -> None:
     )
 
 
+def _handle_failed_health_check(base_dir: Path, detail: str) -> None:
+    revision = ""
+    try:
+        revision = (
+            subprocess.check_output(["git", "rev-parse", "HEAD"], cwd=base_dir)
+            .decode()
+            .strip()
+        )
+    except Exception:  # pragma: no cover - best effort capture
+        logger.warning("Failed to determine revision during auto-upgrade revert")
+
+    _add_skipped_revision(base_dir, revision)
+    _append_auto_upgrade_log(base_dir, "Health check failed; reverting upgrade")
+    subprocess.run(["./upgrade.sh", "--revert"], cwd=base_dir, check=True)
+
+
 @shared_task
 def verify_auto_upgrade_health(attempt: int = 1) -> bool | None:
     """Verify the upgraded suite responds successfully.
 
-    When the check fails three times in a row the upgrade is rolled back by
-    invoking ``upgrade.sh --revert``.
+    After the post-upgrade delay the site is probed once; any response other
+    than HTTP 200 triggers an automatic revert and records the failing
+    revision so future upgrade attempts skip it.
     """
 
     base_dir = Path(__file__).resolve().parent.parent
@@ -270,33 +332,29 @@ def verify_auto_upgrade_health(attempt: int = 1) -> bool | None:
     )
 
     status: int | None = None
+    detail = "succeeded"
     try:
         with urllib.request.urlopen(request, timeout=10) as response:
             status = getattr(response, "status", response.getcode())
     except urllib.error.HTTPError as exc:
         status = exc.code
+        detail = f"returned HTTP {exc.code}"
         logger.warning(
             "Auto-upgrade health check attempt %s returned HTTP %s", attempt, exc.code
         )
     except urllib.error.URLError as exc:
+        detail = f"failed with {exc}"
         logger.warning(
             "Auto-upgrade health check attempt %s failed: %s", attempt, exc
         )
     except Exception as exc:  # pragma: no cover - unexpected network error
+        detail = f"failed with {exc}"
         logger.exception(
             "Unexpected error probing suite during auto-upgrade attempt %s", attempt
         )
-        detail = f"failed with {exc}"
         _record_health_check_result(base_dir, attempt, status, detail)
-        if attempt >= AUTO_UPGRADE_HEALTH_MAX_ATTEMPTS:
-            _append_auto_upgrade_log(
-                base_dir,
-                "Health check raised unexpected error; reverting upgrade",
-            )
-            subprocess.run(["./upgrade.sh", "--revert"], cwd=base_dir, check=True)
-        else:
-            _schedule_health_check(attempt + 1)
-        return None
+        _handle_failed_health_check(base_dir, detail)
+        return False
 
     if status == 200:
         _record_health_check_result(base_dir, attempt, status, "succeeded")
@@ -307,21 +365,15 @@ def verify_auto_upgrade_health(attempt: int = 1) -> bool | None:
         )
         return True
 
-    _record_health_check_result(base_dir, attempt, status, "failed")
-
-    if attempt >= AUTO_UPGRADE_HEALTH_MAX_ATTEMPTS:
-        logger.error(
-            "Auto-upgrade health check failed after %s attempts; reverting", attempt
-        )
-        _append_auto_upgrade_log(
-            base_dir,
-            "Health check failed three times; reverting upgrade",
-        )
-        subprocess.run(["./upgrade.sh", "--revert"], cwd=base_dir, check=True)
-        return False
+    if detail == "succeeded":
+        if status is not None:
+            detail = f"returned HTTP {status}"
+        else:
+            detail = "failed with unknown status"
 
-    _schedule_health_check(attempt + 1)
-    return None
+    _record_health_check_result(base_dir, attempt, status, detail)
+    _handle_failed_health_check(base_dir, detail)
+    return False
 
 
 @shared_task

core/tests.py

@@ -770,6 +770,50 @@ class ReleaseProcessTests(TestCase):
         self.assertFalse(proc.stdout.strip())
         self.assertEqual(version_path.read_text(encoding="utf-8"), original)
 
+    @mock.patch("core.views.requests.get")
+    @mock.patch("core.views.release_utils.network_available", return_value=True)
+    @mock.patch("core.views.release_utils._git_clean", return_value=True)
+    def test_step_check_ignores_yanked_release(
+        self, git_clean, network_available, requests_get
+    ):
+        response = mock.Mock()
+        response.ok = True
+        response.json.return_value = {
+            "releases": {
+                "0.1.12": [
+                    {"filename": "pkg.whl", "yanked": True},
+                    {"filename": "pkg.tar.gz", "yanked": True},
+                ]
+            }
+        }
+        requests_get.return_value = response
+        self.release.version = "0.1.12"
+        _step_check_version(self.release, {}, Path("rel.log"))
+        requests_get.assert_called_once()
+
+    @mock.patch("core.views.requests.get")
+    @mock.patch("core.views.release_utils.network_available", return_value=True)
+    @mock.patch("core.views.release_utils._git_clean", return_value=True)
+    def test_step_check_blocks_available_release(
+        self, git_clean, network_available, requests_get
+    ):
+        response = mock.Mock()
+        response.ok = True
+        response.json.return_value = {
+            "releases": {
+                "0.1.12": [
+                    {"filename": "pkg.whl", "yanked": False},
+                    {"filename": "pkg.tar.gz"},
+                ]
+            }
+        }
+        requests_get.return_value = response
+        self.release.version = "0.1.12"
+        with self.assertRaises(Exception) as exc:
+            _step_check_version(self.release, {}, Path("rel.log"))
+        self.assertIn("already on PyPI", str(exc.exception))
+        requests_get.assert_called_once()
+
     @mock.patch("core.models.PackageRelease.dump_fixture")
     def test_save_does_not_dump_fixture(self, dump):
         self.release.pypi_url = "https://example.com"
@@ -1369,6 +1413,13 @@ class TodoFocusViewTests(TestCase):
         change_url = reverse("admin:core_todo_change", args=[todo.pk])
         self.assertContains(resp, f'src="{change_url}"')
 
+    def test_focus_view_includes_open_target_button(self):
+        todo = Todo.objects.create(request="Task", url="/docs/")
+        resp = self.client.get(reverse("todo-focus", args=[todo.pk]))
+        self.assertContains(resp, 'class="todo-button todo-button-open"')
+        self.assertContains(resp, 'target="_blank"')
+        self.assertContains(resp, 'href="/docs/"')
+
     def test_focus_view_sanitizes_loopback_absolute_url(self):
         todo = Todo.objects.create(
             request="Task",
@@ -1402,6 +1453,19 @@ class TodoFocusViewTests(TestCase):
         change_url = reverse("admin:core_todo_change", args=[todo.pk])
         self.assertContains(resp, f'src="{change_url}"')
 
+    def test_focus_view_parses_auth_directives(self):
+        todo = Todo.objects.create(
+            request="Task",
+            url="/docs/?section=chart&_todo_auth=logout&_todo_auth=user:demo&_todo_auth=perm:core.view_user&_todo_auth=extra",
+        )
+        resp = self.client.get(reverse("todo-focus", args=[todo.pk]))
+        self.assertContains(resp, 'src="/docs/?section=chart"')
+        self.assertContains(resp, 'href="/docs/?section=chart"')
+        self.assertContains(resp, "logged out")
+        self.assertContains(resp, "Sign in using: demo")
+        self.assertContains(resp, "Required permissions: core.view_user")
+        self.assertContains(resp, "Additional authentication notes: extra")
+
     def test_focus_view_redirects_if_todo_completed(self):
         todo = Todo.objects.create(request="Task")
         todo.done_on = timezone.now()

core/views.py

@@ -18,7 +18,7 @@ from django.views.decorators.csrf import csrf_exempt
 from django.views.decorators.http import require_GET, require_POST
 from django.utils.http import url_has_allowed_host_and_scheme
 from pathlib import Path
-from urllib.parse import urlsplit, urlunsplit
+from urllib.parse import parse_qsl, urlencode, urlsplit, urlunsplit
 import errno
 import subprocess
 
@@ -40,7 +40,7 @@ def odoo_products(request):
         products = profile.execute(
             "product.product",
             "search_read",
-            [],
+            [[]],
             {"fields": ["name"], "limit": 50},
         )
     except Exception:
@@ -357,7 +357,7 @@ def _step_check_todos(release, ctx, log_path: Path) -> None:
 
 def _step_check_version(release, ctx, log_path: Path) -> None:
     from . import release as release_utils
-    from packaging.version import Version
+    from packaging.version import InvalidVersion, Version
 
     if not release_utils._git_clean():
         proc = subprocess.run(
@@ -417,8 +417,33 @@ def _step_check_version(release, ctx, log_path: Path) -> None:
     if release_utils.network_available():
         try:
             resp = requests.get(f"https://pypi.org/pypi/{release.package.name}/json")
-            if resp.ok and release.version in resp.json().get("releases", {}):
-                raise Exception(f"Version {release.version} already on PyPI")
+            if resp.ok:
+                data = resp.json()
+                releases = data.get("releases", {})
+                try:
+                    target_version = Version(release.version)
+                except InvalidVersion:
+                    target_version = None
+
+                for candidate, files in releases.items():
+                    same_version = candidate == release.version
+                    if target_version is not None and not same_version:
+                        try:
+                            same_version = Version(candidate) == target_version
+                        except InvalidVersion:
+                            same_version = False
+                    if not same_version:
+                        continue
+
+                    has_available_files = any(
+                        isinstance(file_data, dict)
+                        and not file_data.get("yanked", False)
+                        for file_data in files or []
+                    )
+                    if has_available_files:
+                        raise Exception(
+                            f"Version {release.version} already on PyPI"
+                        )
         except Exception as exc:
             # network errors should be logged but not crash
             if "already on PyPI" in str(exc):
@@ -1164,13 +1189,81 @@ def release_progress(request, pk: int, action: str):
     return render(request, "core/release_progress.html", context)
 
 
-def _todo_iframe_url(request, todo: Todo) -> str:
-    """Return a safe iframe URL for ``todo`` scoped to the current host."""
+def _dedupe_preserve_order(values):
+    seen = set()
+    result = []
+    for value in values:
+        if value in seen:
+            continue
+        seen.add(value)
+        result.append(value)
+    return result
+
+
+def _parse_todo_auth_directives(query: str):
+    directives = {
+        "require_logout": False,
+        "users": [],
+        "permissions": [],
+        "notes": [],
+    }
+    if not query:
+        return "", directives
+
+    remaining = []
+    for key, value in parse_qsl(query, keep_blank_values=True):
+        if key != "_todo_auth":
+            remaining.append((key, value))
+            continue
+        token = (value or "").strip()
+        if not token:
+            continue
+        kind, _, payload = token.partition(":")
+        kind = kind.strip().lower()
+        payload = payload.strip()
+        if kind in {"logout", "anonymous", "anon"}:
+            directives["require_logout"] = True
+        elif kind in {"user", "username"} and payload:
+            directives["users"].append(payload)
+        elif kind in {"perm", "permission"} and payload:
+            directives["permissions"].append(payload)
+        else:
+            directives["notes"].append(token)
+
+    sanitized_query = urlencode(remaining, doseq=True)
+    return sanitized_query, directives
+
+
+def _todo_iframe_url(request, todo: Todo):
+    """Return a safe iframe URL and auth context for ``todo``."""
 
     fallback = reverse("admin:core_todo_change", args=[todo.pk])
     raw_url = (todo.url or "").strip()
+
+    auth_context = {
+        "require_logout": False,
+        "users": [],
+        "permissions": [],
+        "notes": [],
+    }
+
+    def _final_context(target_url: str):
+        return {
+            "target_url": target_url or fallback,
+            "require_logout": auth_context["require_logout"],
+            "users": _dedupe_preserve_order(auth_context["users"]),
+            "permissions": _dedupe_preserve_order(auth_context["permissions"]),
+            "notes": _dedupe_preserve_order(auth_context["notes"]),
+            "has_requirements": bool(
+                auth_context["require_logout"]
+                or auth_context["users"]
+                or auth_context["permissions"]
+                or auth_context["notes"]
+            ),
+        }
+
     if not raw_url:
-        return fallback
+        return fallback, _final_context(fallback)
 
     focus_path = reverse("todo-focus", args=[todo.pk])
     focus_norm = focus_path.strip("/").lower()
@@ -1186,14 +1279,31 @@ def _todo_iframe_url(request, todo: Todo) -> str:
         return normalized == focus_norm if normalized else False
 
     if _is_focus_target(raw_url):
-        return fallback
+        return fallback, _final_context(fallback)
 
     parsed = urlsplit(raw_url)
+
+    def _merge_directives(parsed_result):
+        sanitized_query, directives = _parse_todo_auth_directives(parsed_result.query)
+        if directives["require_logout"]:
+            auth_context["require_logout"] = True
+        auth_context["users"].extend(directives["users"])
+        auth_context["permissions"].extend(directives["permissions"])
+        auth_context["notes"].extend(directives["notes"])
+        return parsed_result._replace(query=sanitized_query)
+
     if not parsed.scheme and not parsed.netloc:
-        return fallback if _is_focus_target(parsed.path) else raw_url
+        sanitized = _merge_directives(parsed)
+        path = sanitized.path or "/"
+        if not path.startswith("/"):
+            path = f"/{path}"
+        relative_url = urlunsplit(("", "", path, sanitized.query, sanitized.fragment))
+        if _is_focus_target(relative_url):
+            return fallback, _final_context(fallback)
+        return relative_url or fallback, _final_context(relative_url)
 
     if parsed.scheme and parsed.scheme.lower() not in {"http", "https"}:
-        return fallback
+        return fallback, _final_context(fallback)
 
     request_host = request.get_host().strip().lower()
     host_without_port = request_host.split(":", 1)[0]
@@ -1227,15 +1337,16 @@ def _todo_iframe_url(request, todo: Todo) -> str:
     hostname = (parsed.hostname or "").strip().lower()
     netloc = parsed.netloc.strip().lower()
     if hostname in allowed_hosts or netloc in allowed_hosts:
-        path = parsed.path or "/"
+        sanitized = _merge_directives(parsed)
+        path = sanitized.path or "/"
         if not path.startswith("/"):
             path = f"/{path}"
-        relative_url = urlunsplit(("", "", path, parsed.query, parsed.fragment))
+        relative_url = urlunsplit(("", "", path, sanitized.query, sanitized.fragment))
         if _is_focus_target(relative_url):
-            return fallback
-        return relative_url or fallback
+            return fallback, _final_context(fallback)
+        return relative_url or fallback, _final_context(relative_url)
 
-    return fallback
+    return fallback, _final_context(fallback)
 
 
 @staff_member_required
@@ -1244,10 +1355,13 @@ def todo_focus(request, pk: int):
     if todo.done_on:
         return redirect(_get_return_url(request))
 
-    iframe_url = _todo_iframe_url(request, todo)
+    iframe_url, focus_auth = _todo_iframe_url(request, todo)
+    focus_target_url = focus_auth.get("target_url", iframe_url) if focus_auth else iframe_url
     context = {
         "todo": todo,
         "iframe_url": iframe_url,
+        "focus_target_url": focus_target_url,
+        "focus_auth": focus_auth,
         "next_url": _get_return_url(request),
         "done_url": reverse("todo-done", args=[todo.pk]),
     }