arthexis 0.1.17__py3-none-any.whl → 0.1.18__py3-none-any.whl

{arthexis-0.1.17.dist-info → arthexis-0.1.18.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: arthexis
-Version: 0.1.17
+Version: 0.1.18
 Summary: Power & Energy Infrastructure
 Author-email: "Rafael J. Guillén-Osorio" <tecnologia@gelectriic.com>
 License-Expression: GPL-3.0-only

{arthexis-0.1.17.dist-info → arthexis-0.1.18.dist-info}/RECORD

@@ -1,4 +1,4 @@
-arthexis-0.1.17.dist-info/licenses/LICENSE,sha256=OXLcl0T2SZ8Pmy2_dmlvKuetivmyPd5m1q-Gyd-zaYY,35149
+arthexis-0.1.18.dist-info/licenses/LICENSE,sha256=OXLcl0T2SZ8Pmy2_dmlvKuetivmyPd5m1q-Gyd-zaYY,35149
 config/__init__.py,sha256=AwpOX7il-DAOmkdJ5dVfVJ3CWWebn1lHyQNmkw1EkDw,103
 config/active_app.py,sha256=KJqYh-o91nPQjVXPEdbiJHzsI6cN9IZsBZ9O3iZ6Hyc,373
 config/asgi.py,sha256=T-0QSbtieEWKPIDkEcEdd-q6qjK8ZCwwjCaISOBkWdM,1296
@@ -8,14 +8,14 @@ config/context_processors.py,sha256=p74ocuzPRFI9vKSeIaJ42Vu0V2GtGph1t-2DkRo4NMw,
 config/horologia_app.py,sha256=puO_hObEYcLvE7PqcY_sGv1thnxJ018YKHKZWqNXha4,187
 config/loadenv.py,sha256=CjXx-wBaTt1wixub4GJ5CMSMFqtiK5JURc7cPXpqO7s,287
 config/logging.py,sha256=1cIbPgRshHuMKnVEEH0jKpRAlJSpewvLFbYDz7sCBG4,2104
-config/middleware.py,sha256=mDU5tye8H4WCjpJqocwd0vmrzoVEYwdz9WTP4Hcr6dI,719
+config/middleware.py,sha256=zF8Cma0n5G8NNdh2LVeNJi7Hgl1G4mF9msRE2eRi1RU,2328
 config/offline.py,sha256=X-yDcyoI4C44Y27lpkUwszY_09GwwFfazEsthKJpQ70,1382
-config/settings.py,sha256=WFywFlWRTkEqDksWYAOd6DdSpHLEu2ETgLeeSGruwrA,21516
+config/settings.py,sha256=fkLL3nbh01KqTVS9M7QH19i3HOuvVD6OTEvApy56Y4w,21569
 config/settings_helpers.py,sha256=0BdBciUHIkwsWa0vV_RKAd4wDuEzgE7G-42XYiES4YQ,3127
-config/urls.py,sha256=lXl2KKsbIehjOW0W6FHAsxkZJ-3DAo37f2ICb1dvvz8,5320
+config/urls.py,sha256=zvU4FSMKPlXUrGDjUgJCRFQztWb78wo1urW2DQf8qdI,5463
 config/wsgi.py,sha256=zU_mKlya6hejQ21PxKacTui3dUWd4ca_-YJNSYAoMX0,433
 core/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-core/admin.py,sha256=tEMop2REJ-P4o73ZWKZQuWm29zF3S-dWKu26wUDfvi4,145556
+core/admin.py,sha256=tVoWAdi4LzNaGQBOkvyIAmmALn3cXj-fU9rdYUPBYNg,145572
 core/admin_history.py,sha256=XZ4b0ryufIka-xcwboK3DzmOL-INSx5Y2fJO-aJdV70,1783
 core/admindocs.py,sha256=ycD0bJ_VE6rTGf9ebXTiKdYkD8Y8hD2oQ4HxxoBURCM,6756
 core/apps.py,sha256=L_UMYI72-5jTo6nt8mfCbgdLhlP32D-8k76EZw0QyAA,14348
@@ -34,7 +34,7 @@ core/liveupdate.py,sha256=22m0ueQ10-6b-9pQJHY0_5WRYA98fysXKEXOWzIr550,691
 core/log_paths.py,sha256=lxvgXPgJtVNZ-kYrqV8VFle4GFQrSxG-yRTglqvclmU,3318
 core/mailer.py,sha256=JpW0RnD9uZ4O-wvlqeW7CMw95IFeCSkdvbankJDwHq0,2886
 core/middleware.py,sha256=j19K9SX-Emkv7BDDtAacR9g6RWsxhKHwCc8w23JFvMM,3388
-core/models.py,sha256=Vl_Z_tLo93w2ZDgObFFIfLSzid3KXraByghMmJeCfNk,126647
+core/models.py,sha256=QIZazU5lwTaNQyO68Fm0Jg2AXDAjvg_HsK_djnKIv_Q,127829
 core/notifications.py,sha256=LYktoKM5k4q7YYWAJuqdeKM-p0Q-3gXgfqdq71qLS68,3916
 core/public_wifi.py,sha256=yydLgxOo9DmJJbM4X_23wGR3gxL3YzHno54v9GssuFA,7213
 core/reference_utils.py,sha256=jeox3V4cZNxzM2Jj31g_mdb3O55zy9S2iXAZu70R1Zc,3627
@@ -47,11 +47,11 @@ core/system.py,sha256=tqx8-4kyViMGKI3EAaxztrbyes4TSTPQ9YsIKzdVs6c,35731
 core/tasks.py,sha256=MtijKTtRHUEsTP4nVJFYx5B8Ls8EXmtzpBuq8FU5b9s,12302
 core/temp_passwords.py,sha256=FieUnIUeQHmA1DoXvfJ5U6-Ayv3oDz-hSln5s_vNbA4,5271
 core/test_system_info.py,sha256=IMPz21KEs6OC5YbL7YaIBdmJVLjRY6MgPuZpldJB5OI,6935
-core/tests.py,sha256=ojHab5JtcHuVDc1zXK_QVms1cID1XXjuRcHmPcqVqD0,98368
+core/tests.py,sha256=H0vPRcwcD3HNscRInbMGvdzs9ixvmkLh3d4YSEeQfEc,98679
 core/tests_liveupdate.py,sha256=IquU8ztk6zbzC1bQu3Nrr3RzGzuujtPwDkANJHbxg98,510
 core/urls.py,sha256=YPippON1MAP2KeZZ8jHpcLO6mvbnKn1q7fdMv5Vm9dY,425
 core/user_data.py,sha256=02CfvxayELWSWZJCxWpv1Yz7EGg08yEu5MM31Khsi0U,21083
-core/views.py,sha256=Gt2J51RyIOsR2gzl2q3ChPbbIVDzrscty3yIGRW07P8,87141
+core/views.py,sha256=BTnbaGgSWz4lX7VKVttVIJGWyg7oHnYMMEQTOX44Zhc,88240
 core/widgets.py,sha256=vlR9PlFfZGlkHm5X2cqNXuEBZSj8gmWaR6MO1mMy6kg,6904
 core/workgroup_urls.py,sha256=XR9IqwsSBI8epW7_-hHhWFU9wsyJfZehHwNQBhCgmpM,407
 core/workgroup_views.py,sha256=vtumF3-8YaTD-K6nSd8eYvUyq3ftpvWSEwtcp5B-P6o,2889
@@ -74,7 +74,7 @@ nodes/views.py,sha256=TyW7exkVaR-o2_XkJXSi9jQ_BygXOE2cQFs4xlI20Xc,22905
 ocpp/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 ocpp/admin.py,sha256=gMxHkT5KSp4kPWJcDJ1Y65VqgrwFTZl8Y516FO8oi3g,34658
 ocpp/apps.py,sha256=i3NqrmIamNEQBT33CIqh7HOSOPmJXCMKrZ-DUd3whqg,842
-ocpp/consumers.py,sha256=LgplrJQOfs8CKCtmBcRQLcDVB4Tz7YZpb3I7r2lAorQ,66352
+ocpp/consumers.py,sha256=s51784IwUoWfLaMI_zfnCve7ouZIB5xAnlgwThb40Gw,67979
 ocpp/evcs.py,sha256=q1mZrCVSZxXTrtYsDqH6lkeEcJ6tfSC7p9YxkDmpSCw,28883
 ocpp/evcs_discovery.py,sha256=OmrzgaOHwveDRJs8AIhrM3apX8_k2PPXh_oYaYpNW3c,3876
 ocpp/models.py,sha256=QjEaygY7Tl47Q6z2uxP6ftUn4JeD8-JQX2fcwrCaEEg,31631
@@ -85,14 +85,14 @@ ocpp/status_display.py,sha256=YGFosd5HJETA0DcLdsjvx6EfhZSnI8Aa3cMnHG2WsBE,939
 ocpp/store.py,sha256=rHrP2Iq2ycMFbal1UEJVXb7r4gDtI5yifaE3nT0tjJw,18855
 ocpp/tasks.py,sha256=OxIaI4OSLz9AfwLexnXhiBILBimTs3gVrPd197Jguqg,5819
 ocpp/test_export_import.py,sha256=Zp6xUBlRq7XkdKjOs78BhkujNQdklxi4RLxU8c-udWY,4530
-ocpp/test_rfid.py,sha256=0Zczbg1x_5vhIV5TITHeaUkNONMdx20pD4St7Zc-ghM,36524
-ocpp/tests.py,sha256=BfOapD5vWrmA43Q4WI7or2lP2pmcBdrU5_YCK31JgHE,182621
+ocpp/test_rfid.py,sha256=hMFQwYDPhwfTW2XdDT5q__gKrL8YPbv7DNNMdwzJ7BQ,39105
+ocpp/tests.py,sha256=gFOMB3ioTa7dxwoA9pYwpP2cDu2GvhBsJeMKT7XyzAw,185987
 ocpp/transactions_io.py,sha256=YnxI-Tv5UFxv0JuFK3XpoqFYP8eRT8sMuDiqkiMHPtU,7387
 ocpp/urls.py,sha256=3T5O5DSwVk4PbhPx5p4D3UseCWvC5xV5HwJLSM6AfA8,1700
-ocpp/views.py,sha256=wntIO3LHFoPAg40SFGMoRPAiA3xyDKPwNgIsCBSEOcI,57164
+ocpp/views.py,sha256=PYuSUclq9IZrKrS4iHP2EJ_-alRcLgXDXabmmenhda0,57970
 pages/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-pages/admin.py,sha256=f2IYr-nGg9FmafQfDmIRrv01UuXh4mdhFJbnw-ytzHU,27459
-pages/apps.py,sha256=AzUNXQX0yRUX5jus-5EDReDb0nOEY8DBgYaM970u6Io,288
+pages/admin.py,sha256=25vuZVdOJKMnTAnI1BUIyDhO8R-BuaAu8Wj56BNxyJ0,30349
+pages/apps.py,sha256=o8gQP-VdZOk9LXIEo6IDmOSqX3TP8XypBvKGGWLoQ0k,351
 pages/checks.py,sha256=sM8_hUVM_HOIocvtTb2sY3AaSEvbTnOlO46UchGVd-0,1527
 pages/context_processors.py,sha256=oINGTI0owXz60FV-XFEjnTkY2xlSDE-W6X1TK8IK800,5072
 pages/defaults.py,sha256=l36APPAZO4ub2A8Pp-lQGujKeOVYcyzU6t7-kOk8VoA,522
@@ -100,12 +100,13 @@ pages/forms.py,sha256=T0atqxdNds3IBP8N-9c5-ACf3iR9FzzmhzK4MOa24e8,7058
 pages/middleware.py,sha256=6PMLiyuHAHbfLeHwwQxIVy2fJ32ramEO9SHAN05Set4,6967
 pages/models.py,sha256=Sp8e2VB5a7yg4eSUlz_VcsSlAuDVap26xBKYYggxmLM,20952
 pages/module_defaults.py,sha256=R8n6eQDjNRMpO-DW86OFGvyRarju5Bx7Fnb275R_z24,5411
+pages/site_config.py,sha256=f1Me0GFdHeGbIeyMlQNzD2e6hym59YHqbz92U_ppffY,4057
 pages/tasks.py,sha256=ivcba_3wSQ1-cku0oDplzw6vLeQ9hBq3R4TG-LmR5gs,1913
-pages/tests.py,sha256=i1HLp8rNm63WuqFf9YgAEGWYowFC7SOyyg_7j17_buQ,126102
+pages/tests.py,sha256=Lg3Jq_hOyF9KjiTeXr_AabFybW9KR3rvP5g_caomhGs,132912
 pages/urls.py,sha256=Ne6yYJxgUAMieDpppJ149E-yh-oVi92fARiRPe-n4-s,1166
 pages/utils.py,sha256=CR4D1debgJLGgXsw9kap2ggpe7fIpSoWS_ivbgMNp2k,564
 pages/views.py,sha256=Ye7qGlO7IwkZO0oR1SzCpkEDTtGCJPmDJT-x6QQ8vaQ,45848
-arthexis-0.1.17.dist-info/METADATA,sha256=rvPpFn4fwAZGm0JJ6Esu1r1A80uFC-tWCYhJOj0UNd8,9998
-arthexis-0.1.17.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
-arthexis-0.1.17.dist-info/top_level.txt,sha256=J2a2q8_BWrCZ8H2WFUNMBfO2jz8j2gax6zZh-_1QDac,29
-arthexis-0.1.17.dist-info/RECORD,,
+arthexis-0.1.18.dist-info/METADATA,sha256=C6OI88vHzosjqQvb7waV2pcPy0O5RbkOpdDBM-yOPBI,9998
+arthexis-0.1.18.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+arthexis-0.1.18.dist-info/top_level.txt,sha256=J2a2q8_BWrCZ8H2WFUNMBfO2jz8j2gax6zZh-_1QDac,29
+arthexis-0.1.18.dist-info/RECORD,,

config/middleware.py

@@ -1,6 +1,8 @@
-from utils.sites import get_site
 import socket
+from django.core.exceptions import DisallowedHost
+from django.http import HttpResponsePermanentRedirect
 from nodes.models import Node
+from utils.sites import get_site
 
 from .active_app import set_active_app
 
@@ -17,9 +19,53 @@ class ActiveAppMiddleware:
         role_name = node.role.name if node and node.role else "Terminal"
         active = site.name or role_name
         set_active_app(active)
+        request.site = site
         request.active_app = active
         try:
             response = self.get_response(request)
         finally:
             set_active_app(socket.gethostname())
         return response
+
+
+def _is_https_request(request) -> bool:
+    if request.is_secure():
+        return True
+
+    forwarded_proto = request.META.get("HTTP_X_FORWARDED_PROTO", "")
+    if forwarded_proto:
+        candidate = forwarded_proto.split(",")[0].strip().lower()
+        if candidate == "https":
+            return True
+
+    forwarded_header = request.META.get("HTTP_FORWARDED", "")
+    for forwarded_part in forwarded_header.split(","):
+        for element in forwarded_part.split(";"):
+            key, _, value = element.partition("=")
+            if key.strip().lower() == "proto" and value.strip().strip('"').lower() == "https":
+                return True
+
+    return False
+
+
+class SiteHttpsRedirectMiddleware:
+    """Redirect HTTP traffic to HTTPS for sites that require it."""
+
+    def __init__(self, get_response):
+        self.get_response = get_response
+
+    def __call__(self, request):
+        site = getattr(request, "site", None)
+        if site is None:
+            site = get_site(request)
+            request.site = site
+
+        if getattr(site, "require_https", False) and not _is_https_request(request):
+            try:
+                host = request.get_host()
+            except DisallowedHost:  # pragma: no cover - defensive guard
+                host = request.META.get("HTTP_HOST", "")
+            redirect_url = f"https://{host}{request.get_full_path()}"
+            return HttpResponsePermanentRedirect(redirect_url)
+
+        return self.get_response(request)

config/settings.py

@@ -390,6 +390,7 @@ MIDDLEWARE = [
     "whitenoise.middleware.WhiteNoiseMiddleware",
     "django.contrib.sessions.middleware.SessionMiddleware",
     "config.middleware.ActiveAppMiddleware",
+    "config.middleware.SiteHttpsRedirectMiddleware",
     "django.middleware.locale.LocaleMiddleware",
     "django.middleware.common.CommonMiddleware",
     "django.middleware.csrf.CsrfViewMiddleware",

config/urls.py

@@ -149,6 +149,11 @@ urlpatterns = [
         core_views.odoo_quote_report,
         name="odoo-quote-report",
     ),
+    path(
+        "admin/request-temp-password/",
+        core_views.request_temp_password,
+        name="admin-request-temp-password",
+    ),
     path("admin/", admin.site.urls),
     path("i18n/setlang/", csrf_exempt(set_language), name="set_language"),
     path("api/", include("core.workgroup_urls")),

core/admin.py

@@ -2947,7 +2947,7 @@ class RFIDAdmin(EntityModelAdmin, ImportExportModelAdmin):
         "toggle_selected_released",
         "toggle_selected_allowed",
     ]
-    readonly_fields = ("added_on", "last_seen_on")
+    readonly_fields = ("added_on", "last_seen_on", "reversed_uid")
     form = RFIDForm
 
     def get_import_resource_kwargs(self, request, form=None, **kwargs):

core/models.py

@@ -1775,6 +1775,14 @@ class RFID(Entity):
             )
         ],
     )
+    reversed_uid = models.CharField(
+        max_length=255,
+        default="",
+        blank=True,
+        editable=False,
+        verbose_name="Reversed UID",
+        help_text="UID value stored with opposite endianness for reference.",
+    )
     custom_label = models.CharField(
         max_length=32,
         blank=True,
@@ -1906,7 +1914,16 @@ class RFID(Entity):
                 if self.key_b and old["key_b"] != self.key_b.upper():
                     self.key_b_verified = False
         if self.rfid:
-            self.rfid = self.rfid.upper()
+            normalized_rfid = self.rfid.upper()
+            self.rfid = normalized_rfid
+            reversed_uid = self.reverse_uid(normalized_rfid)
+            if reversed_uid != self.reversed_uid:
+                self.reversed_uid = reversed_uid
+                if update_fields:
+                    fields = set(update_fields)
+                    if "reversed_uid" not in fields:
+                        fields.add("reversed_uid")
+                        kwargs["update_fields"] = tuple(fields)
         if self.key_a:
             self.key_a = self.key_a.upper()
         if self.key_b:
@@ -1933,6 +1950,19 @@ class RFID(Entity):
                 return candidate
         return cls.BIG_ENDIAN
 
+    @staticmethod
+    def reverse_uid(value: str) -> str:
+        """Return ``value`` with reversed byte order for reference storage."""
+
+        normalized = "".join((value or "").split()).upper()
+        if not normalized:
+            return ""
+        if len(normalized) % 2 != 0:
+            return normalized[::-1]
+        bytes_list = [normalized[index : index + 2] for index in range(0, len(normalized), 2)]
+        bytes_list.reverse()
+        return "".join(bytes_list)
+
     @classmethod
     def next_scan_label(
         cls, *, step: int | None = None, start: int | None = None

core/tests.py

@@ -550,6 +550,15 @@ class RFIDValidationTests(TestCase):
         tag = RFID.objects.create(rfid="DEADBEEF10")
         self.assertEqual(tag.rfid, "DEADBEEF10")
 
+    def test_reversed_uid_updates_with_rfid(self):
+        tag = RFID.objects.create(rfid="A1B2C3D4")
+        self.assertEqual(tag.reversed_uid, "D4C3B2A1")
+
+        tag.rfid = "112233"
+        tag.save(update_fields=["rfid"])
+        tag.refresh_from_db()
+        self.assertEqual(tag.reversed_uid, "332211")
+
     def test_find_user_by_rfid(self):
         user = User.objects.create_user(username="finder", password="pwd")
         acc = EnergyAccount.objects.create(user=user, name="FINDER")

core/views.py

@@ -43,6 +43,7 @@ logger = logging.getLogger(__name__)
 PYPI_REQUEST_TIMEOUT = 10
 
 from . import changelog as changelog_utils
+from . import temp_passwords
 from .models import OdooProfile, Product, EnergyAccount, PackageRelease, Todo
 from .models import RFID
 
@@ -336,6 +337,35 @@ def odoo_quote_report(request):
     return TemplateResponse(request, "admin/core/odoo_quote_report.html", context)
 
 
+@staff_member_required
+@require_GET
+def request_temp_password(request):
+    """Generate a temporary password for the authenticated staff member."""
+
+    user = request.user
+    username = user.get_username()
+    password = temp_passwords.generate_password()
+    entry = temp_passwords.store_temp_password(
+        username,
+        password,
+        allow_change=True,
+    )
+    context = {
+        **admin_site.each_context(request),
+        "title": _("Temporary password"),
+        "username": username,
+        "password": password,
+        "expires_at": timezone.localtime(entry.expires_at),
+        "allow_change": entry.allow_change,
+        "return_url": reverse("admin:password_change"),
+    }
+    return TemplateResponse(
+        request,
+        "admin/core/request_temp_password.html",
+        context,
+    )
+
+
 @require_GET
 def version_info(request):
     """Return the running application version and Git revision."""
@@ -1855,26 +1885,34 @@ def release_progress(request, pk: int, action: str):
 
     pending_qs = Todo.objects.filter(is_deleted=False, done_on__isnull=True)
     pending_items = list(pending_qs)
-    if ack_todos_requested:
-        if pending_items:
-            failures = []
-            for todo in pending_items:
-                result = todo.check_on_done_condition()
-                if not result.passed:
-                    failures.append((todo, result))
-            if failures:
-                ctx.pop("todos_ack", None)
-                for todo, result in failures:
-                    messages.error(request, _format_condition_failure(todo, result))
-            else:
-                ctx["todos_ack"] = True
+    if not pending_items:
+        ctx["todos_ack"] = True
+        ctx["todos_ack_auto"] = True
+    elif ack_todos_requested:
+        failures = []
+        for todo in pending_items:
+            result = todo.check_on_done_condition()
+            if not result.passed:
+                failures.append((todo, result))
+        if failures:
+            ctx["todos_ack"] = False
+            ctx.pop("todos_ack_auto", None)
+            for todo, result in failures:
+                messages.error(request, _format_condition_failure(todo, result))
         else:
             ctx["todos_ack"] = True
+            ctx.pop("todos_ack_auto", None)
+    else:
+        if ctx.pop("todos_ack_auto", None):
+            ctx["todos_ack"] = False
+        else:
+            ctx.setdefault("todos_ack", False)
 
     if ctx.get("todos_ack"):
         ctx.pop("todos_block_logged", None)
-
-    if not ctx.get("todos_ack"):
+        ctx.pop("todos", None)
+        ctx.pop("todos_required", None)
+    else:
         ctx["todos"] = [
             {
                 "id": todo.pk,
@@ -1885,9 +1923,6 @@ def release_progress(request, pk: int, action: str):
             for todo in pending_items
         ]
         ctx["todos_required"] = True
-    else:
-        ctx.pop("todos", None)
-        ctx.pop("todos_required", None)
 
     log_name = _release_log_name(release.package.name, release.version)
     if ctx.get("log") != log_name:
@@ -1897,6 +1932,8 @@ def release_progress(request, pk: int, action: str):
             "started": ctx.get("started", False),
         }
         step_count = 0
+        if not pending_items:
+            ctx["todos_ack"] = True
     log_path = log_dir / log_name
     ctx.setdefault("log", log_name)
     ctx.setdefault("paused", False)

ocpp/consumers.py

@@ -5,6 +5,7 @@ from datetime import datetime
 import asyncio
 import inspect
 import json
+import logging
 from urllib.parse import parse_qs
 from django.utils import timezone
 from core.models import EnergyAccount, Reference, RFID as CoreRFID
@@ -32,6 +33,9 @@ from .evcs_discovery import (
 FORWARDED_PAIR_RE = re.compile(r"for=(?:\"?)(?P<value>[^;,\"\s]+)(?:\"?)", re.IGNORECASE)
 
 
+logger = logging.getLogger(__name__)
+
+
 # Query parameter keys that may contain the charge point serial. Keys are
 # matched case-insensitively and trimmed before use.
 SERIAL_QUERY_PARAM_NAMES = (
@@ -309,6 +313,19 @@ class CSMSConsumer(AsyncWebsocketConsumer):
 
         return await database_sync_to_async(_ensure)()
 
+    def _log_unlinked_rfid(self, rfid: str) -> None:
+        """Record a warning when an RFID is authorized without an account."""
+
+        message = (
+            f"Authorized RFID {rfid} on charger {self.charger_id} without linked energy account"
+        )
+        logger.warning(message)
+        store.add_log(
+            store.pending_key(self.charger_id),
+            message,
+            log_type="charger",
+        )
+
     async def _assign_connector(self, connector: int | str | None) -> None:
         """Ensure ``self.charger`` matches the provided connector id."""
         if connector in (None, "", "-"):
@@ -1395,13 +1412,25 @@ class CSMSConsumer(AsyncWebsocketConsumer):
             elif action == "Authorize":
                 id_tag = payload.get("idTag")
                 account = await self._get_account(id_tag)
+                status = "Invalid"
                 if self.charger.require_rfid:
-                    status = (
-                        "Accepted"
-                        if account
-                        and await database_sync_to_async(account.can_authorize)()
-                        else "Invalid"
-                    )
+                    tag = None
+                    tag_created = False
+                    if id_tag:
+                        tag, tag_created = await database_sync_to_async(
+                            CoreRFID.register_scan
+                        )(id_tag)
+                    if account:
+                        if await database_sync_to_async(account.can_authorize)():
+                            status = "Accepted"
+                    elif (
+                        id_tag
+                        and tag
+                        and not tag_created
+                        and tag.allowed
+                    ):
+                        status = "Accepted"
+                        self._log_unlinked_rfid(tag.rfid)
                 else:
                     await self._ensure_rfid_seen(id_tag)
                     status = "Accepted"
@@ -1475,23 +1504,38 @@ class CSMSConsumer(AsyncWebsocketConsumer):
                 reply_payload = {}
             elif action == "StartTransaction":
                 id_tag = payload.get("idTag")
-                account = await self._get_account(id_tag)
+                tag = None
+                tag_created = False
                 if id_tag:
-                    if self.charger.require_rfid:
-                        await database_sync_to_async(CoreRFID.register_scan)(
-                            id_tag.upper()
-                        )
-                    else:
-                        await self._ensure_rfid_seen(id_tag)
+                    tag, tag_created = await database_sync_to_async(
+                        CoreRFID.register_scan
+                    )(id_tag)
+                account = await self._get_account(id_tag)
+                if id_tag and not self.charger.require_rfid:
+                    seen_tag = await self._ensure_rfid_seen(id_tag)
+                    if seen_tag:
+                        tag = seen_tag
                 await self._assign_connector(payload.get("connectorId"))
+                authorized = True
+                authorized_via_tag = False
                 if self.charger.require_rfid:
-                    authorized = (
-                        account is not None
-                        and await database_sync_to_async(account.can_authorize)()
-                    )
-                else:
-                    authorized = True
+                    if account is not None:
+                        authorized = await database_sync_to_async(
+                            account.can_authorize
+                        )()
+                    elif (
+                        id_tag
+                        and tag
+                        and not tag_created
+                        and getattr(tag, "allowed", False)
+                    ):
+                        authorized = True
+                        authorized_via_tag = True
+                    else:
+                        authorized = False
                 if authorized:
+                    if authorized_via_tag and tag:
+                        self._log_unlinked_rfid(tag.rfid)
                     start_timestamp = _parse_ocpp_timestamp(payload.get("timestamp"))
                     received_start = timezone.now()
                     tx_obj = await database_sync_to_async(Transaction.objects.create)(

ocpp/test_rfid.py

@@ -519,6 +519,76 @@ class ValidateRfidValueTests(SimpleTestCase):
         mock_popen.assert_not_called()
         self.assertEqual(result["endianness"], RFID.BIG_ENDIAN)
 
+    @patch("ocpp.rfid.reader.timezone.now")
+    @patch("ocpp.rfid.reader.notify_async")
+    @patch("ocpp.rfid.reader.subprocess.Popen")
+    @patch("ocpp.rfid.reader.subprocess.run")
+    @patch("ocpp.rfid.reader.RFID.register_scan")
+    def test_external_command_strips_trailing_percent_tokens(
+        self, mock_register, mock_run, mock_popen, mock_notify, mock_now
+    ):
+        mock_now.return_value = timezone.now()
+        tag = MagicMock()
+        tag.pk = 3
+        tag.label_id = 3
+        tag.allowed = True
+        tag.external_command = "echo weird"
+        tag.color = "Y"
+        tag.released = False
+        tag.reference = None
+        tag.kind = RFID.CLASSIC
+        tag.endianness = RFID.BIG_ENDIAN
+        mock_register.return_value = (tag, False)
+        mock_run.return_value = types.SimpleNamespace(
+            returncode=0,
+            stdout="first %\nsecond 50%\r\nthird % %\n",
+            stderr="oops %\n",
+        )
+
+        result = validate_rfid_value("abc3")
+
+        output = result.get("command_output")
+        self.assertIsNotNone(output)
+        self.assertEqual(
+            output.get("stdout"), "first\nsecond 50%\r\nthird\n"
+        )
+        self.assertEqual(output.get("stderr"), "oops\n")
+        self.assertEqual(output.get("returncode"), 0)
+        self.assertEqual(output.get("error"), "")
+        mock_popen.assert_not_called()
+
+    @patch("ocpp.rfid.reader.timezone.now")
+    @patch("ocpp.rfid.reader.notify_async")
+    @patch("ocpp.rfid.reader.subprocess.Popen")
+    @patch("ocpp.rfid.reader.subprocess.run")
+    @patch("ocpp.rfid.reader.RFID.register_scan")
+    def test_external_command_error_strips_trailing_percent_tokens(
+        self, mock_register, mock_run, mock_popen, mock_notify, mock_now
+    ):
+        mock_now.return_value = timezone.now()
+        tag = MagicMock()
+        tag.pk = 4
+        tag.label_id = 4
+        tag.allowed = True
+        tag.external_command = "echo boom"
+        tag.color = "R"
+        tag.released = False
+        tag.reference = None
+        tag.kind = RFID.CLASSIC
+        tag.endianness = RFID.BIG_ENDIAN
+        mock_register.return_value = (tag, False)
+        mock_run.side_effect = RuntimeError("bad % %")
+
+        result = validate_rfid_value("abcd")
+
+        output = result.get("command_output")
+        self.assertIsInstance(output, dict)
+        self.assertEqual(output.get("stdout"), "")
+        self.assertEqual(output.get("stderr"), "")
+        self.assertEqual(output.get("error"), "bad")
+        self.assertFalse(result["allowed"])
+        mock_popen.assert_not_called()
+
     @patch("ocpp.rfid.reader.timezone.now")
     @patch("ocpp.rfid.reader.notify_async")
     @patch("ocpp.rfid.reader.subprocess.Popen")

ocpp/tests.py

@@ -2949,6 +2949,44 @@ class SimulatorAdminTests(TransactionTestCase):
 
         await communicator.disconnect()
 
+    async def test_authorize_requires_rfid_accepts_allowed_tag_without_account(self):
+        charger_id = "AUTHWARN"
+        tag_value = "WARN01"
+        await database_sync_to_async(Charger.objects.create)(
+            charger_id=charger_id, require_rfid=True
+        )
+        await database_sync_to_async(RFID.objects.create)(rfid=tag_value, allowed=True)
+
+        pending_key = store.pending_key(charger_id)
+        store.clear_log(pending_key, log_type="charger")
+
+        communicator = WebsocketCommunicator(application, f"/{charger_id}/")
+        connected, _ = await communicator.connect()
+        self.assertTrue(connected)
+
+        message_id = "auth-unlinked"
+        await communicator.send_json_to(
+            [2, message_id, "Authorize", {"idTag": tag_value}]
+        )
+        response = await communicator.receive_json_from()
+        self.assertEqual(response[0], 3)
+        self.assertEqual(response[1], message_id)
+        self.assertEqual(response[2], {"idTagInfo": {"status": "Accepted"}})
+
+        log_entries = store.get_logs(pending_key, log_type="charger")
+        self.assertTrue(
+            any(
+                "Authorized RFID" in entry
+                and tag_value in entry
+                and charger_id in entry
+                for entry in log_entries
+            ),
+            log_entries,
+        )
+
+        await communicator.disconnect()
+        store.clear_log(pending_key, log_type="charger")
+
     async def test_authorize_without_requirement_records_rfid(self):
         await database_sync_to_async(Charger.objects.create)(
             charger_id="AUTHOPT", require_rfid=False
@@ -3041,6 +3079,61 @@ class SimulatorAdminTests(TransactionTestCase):
         )
         self.assertEqual(tx.account_id, user.energy_account.id)
 
+    async def test_start_transaction_allows_allowed_tag_without_account(self):
+        charger_id = "STARTWARN"
+        tag_value = "WARN02"
+        await database_sync_to_async(Charger.objects.create)(
+            charger_id=charger_id, require_rfid=True
+        )
+        await database_sync_to_async(RFID.objects.create)(rfid=tag_value, allowed=True)
+
+        pending_key = store.pending_key(charger_id)
+        store.clear_log(pending_key, log_type="charger")
+
+        communicator = WebsocketCommunicator(application, f"/{charger_id}/")
+        connected, _ = await communicator.connect()
+        self.assertTrue(connected)
+
+        start_payload = {
+            "meterStart": 5,
+            "idTag": tag_value,
+            "connectorId": 1,
+        }
+        await communicator.send_json_to([2, "start-1", "StartTransaction", start_payload])
+        response = await communicator.receive_json_from()
+        self.assertEqual(response[0], 3)
+        self.assertEqual(response[2]["idTagInfo"]["status"], "Accepted")
+        tx_id = response[2]["transactionId"]
+
+        tx = await database_sync_to_async(Transaction.objects.get)(
+            pk=tx_id, charger__charger_id=charger_id
+        )
+        self.assertIsNone(tx.account_id)
+
+        log_entries = store.get_logs(pending_key, log_type="charger")
+        self.assertTrue(
+            any(
+                "Authorized RFID" in entry
+                and tag_value in entry
+                and charger_id in entry
+                for entry in log_entries
+            ),
+            log_entries,
+        )
+
+        await communicator.send_json_to(
+            [
+                2,
+                "stop-1",
+                "StopTransaction",
+                {"transactionId": tx_id, "meterStop": 6},
+            ]
+        )
+        await communicator.receive_json_from()
+
+        await communicator.disconnect()
+        store.clear_log(pending_key, log_type="charger")
+
     async def test_status_fields_updated(self):
         communicator = WebsocketCommunicator(application, "/STAT/")
         connected, _ = await communicator.connect()

ocpp/views.py

@@ -1209,17 +1209,38 @@ def charger_log_page(request, cid, connector=None):
             charger_id=cid
         )
         target_id = cid
-    log = store.get_logs(target_id, log_type=log_type)
+    limit_options = [
+        {"value": "10", "label": "10"},
+        {"value": "20", "label": "20"},
+        {"value": "40", "label": "40"},
+        {"value": "100", "label": "100"},
+        {"value": "all", "label": gettext("All")},
+    ]
+    allowed_values = [item["value"] for item in limit_options]
+    limit_choice = request.GET.get("limit", "20")
+    if limit_choice not in allowed_values:
+        limit_choice = "20"
+
+    log_entries = list(store.get_logs(target_id, log_type=log_type) or [])
+    if limit_choice != "all":
+        try:
+            limit_value = int(limit_choice)
+        except (TypeError, ValueError):
+            limit_value = 20
+            limit_choice = "20"
+        log_entries = log_entries[-limit_value:]
     return render(
         request,
         "ocpp/charger_logs.html",
         {
             "charger": charger,
-            "log": log,
+            "log": log_entries,
             "log_type": log_type,
             "connector_slug": connector_slug,
             "connector_links": connector_links,
             "status_url": status_url,
+            "log_limit_options": limit_options,
+            "log_limit_index": allowed_values.index(limit_choice),
         },
     )
 

pages/admin.py

@@ -6,12 +6,13 @@ from django.contrib.sites.admin import SiteAdmin as DjangoSiteAdmin
 from django.contrib.sites.models import Site
 from django import forms
 from django.shortcuts import redirect, render, get_object_or_404
-from django.urls import path, reverse
+from django.urls import NoReverseMatch, path, reverse
 from django.utils.html import format_html
 from django.template.response import TemplateResponse
 from django.http import JsonResponse
 from django.utils import timezone
 from django.db.models import Count
+from django.core.exceptions import FieldError
 from django.db.models.functions import TruncDate
 from datetime import datetime, time, timedelta
 import ipaddress
@@ -25,6 +26,7 @@ from nodes.utils import capture_screenshot, save_screenshot
 
 from .forms import UserManualAdminForm
 from .module_defaults import reload_default_modules as restore_default_modules
+from .site_config import ensure_site_fields
 from .utils import landing_leads_supported
 
 from .models import (
@@ -41,6 +43,7 @@ from .models import (
     UserStory,
 )
 from django.contrib.contenttypes.models import ContentType
+from core.models import ReleaseManager
 from core.user_data import EntityModelAdmin
 
 
@@ -73,12 +76,47 @@ class SiteForm(forms.ModelForm):
         fields = "__all__"
 
 
+ensure_site_fields()
+
+
+class _BooleanAttributeListFilter(admin.SimpleListFilter):
+    """Filter helper for boolean attributes on :class:`~django.contrib.sites.models.Site`."""
+
+    field_name: str
+
+    def lookups(self, request, model_admin):  # pragma: no cover - admin UI
+        return (("1", _("Yes")), ("0", _("No")))
+
+    def queryset(self, request, queryset):
+        value = self.value()
+        if value not in {"0", "1"}:
+            return queryset
+        expected = value == "1"
+        try:
+            return queryset.filter(**{self.field_name: expected})
+        except FieldError:  # pragma: no cover - defensive when fields missing
+            return queryset
+
+
+class ManagedSiteListFilter(_BooleanAttributeListFilter):
+    title = _("Managed by local NGINX")
+    parameter_name = "managed"
+    field_name = "managed"
+
+
+class RequireHttpsListFilter(_BooleanAttributeListFilter):
+    title = _("Require HTTPS")
+    parameter_name = "require_https"
+    field_name = "require_https"
+
+
 class SiteAdmin(DjangoSiteAdmin):
     form = SiteForm
     inlines = [SiteBadgeInline]
     change_list_template = "admin/sites/site/change_list.html"
-    fields = ("domain", "name")
-    list_display = ("domain", "name")
+    fields = ("domain", "name", "managed", "require_https")
+    list_display = ("domain", "name", "managed", "require_https")
+    list_filter = (ManagedSiteListFilter, RequireHttpsListFilter)
     actions = ["capture_screenshot"]
 
     @admin.action(description="Capture screenshot")
@@ -110,6 +148,27 @@ class SiteAdmin(DjangoSiteAdmin):
                     messages.INFO,
                 )
 
+    def save_model(self, request, obj, form, change):
+        super().save_model(request, obj, form, change)
+        if {"managed", "require_https"} & set(form.changed_data or []):
+            self.message_user(
+                request,
+                _(
+                    "Managed NGINX configuration staged. Run network-setup.sh to apply changes."
+                ),
+                messages.INFO,
+            )
+
+    def delete_model(self, request, obj):
+        super().delete_model(request, obj)
+        self.message_user(
+            request,
+            _(
+                "Managed NGINX configuration staged. Run network-setup.sh to apply changes."
+            ),
+            messages.INFO,
+        )
+
     def _reload_site_fixtures(self, request):
         fixtures_dir = Path(settings.BASE_DIR) / "core" / "fixtures"
         fixture_paths = sorted(fixtures_dir.glob("references__00_site_*.json"))
@@ -708,10 +767,33 @@ class UserStoryAdmin(EntityModelAdmin):
                 issue_url = story.create_github_issue()
             except Exception as exc:  # pragma: no cover - network/runtime errors
                 logger.exception("Failed to create GitHub issue for UserStory %s", story.pk)
+                message = _("Unable to create a GitHub issue for %(story)s: %(error)s") % {
+                    "story": story,
+                    "error": exc,
+                }
+
+                if (
+                    isinstance(exc, RuntimeError)
+                    and "GitHub token is not configured" in str(exc)
+                ):
+                    try:
+                        opts = ReleaseManager._meta
+                        config_url = reverse(
+                            f"{self.admin_site.name}:{opts.app_label}_{opts.model_name}_changelist"
+                        )
+                    except NoReverseMatch:  # pragma: no cover - defensive guard
+                        config_url = None
+                    if config_url:
+                        message = format_html(
+                            "{} <a href=\"{}\">{}</a>",
+                            message,
+                            config_url,
+                            _("Configure GitHub credentials."),
+                        )
+
                 self.message_user(
                     request,
-                    _("Unable to create a GitHub issue for %(story)s: %(error)s")
-                    % {"story": story, "error": exc},
+                    message,
                     messages.ERROR,
                 )
                 continue

pages/apps.py

@@ -8,3 +8,6 @@ class PagesConfig(AppConfig):
 
     def ready(self):  # pragma: no cover - import for side effects
         from . import checks  # noqa: F401
+        from . import site_config
+
+        site_config.ready()

pages/site_config.py

@@ -0,0 +1,137 @@
+"""Customizations for :mod:`django.contrib.sites`."""
+
+from __future__ import annotations
+
+import json
+import logging
+from pathlib import Path
+
+from django.apps import apps
+from django.conf import settings
+from django.contrib.sites.models import Site
+from django.db import DatabaseError, models
+from django.db.models.signals import post_delete, post_migrate, post_save
+from django.dispatch import receiver
+from django.utils.translation import gettext_lazy as _
+
+
+logger = logging.getLogger(__name__)
+
+
+_FIELD_DEFINITIONS: tuple[tuple[str, models.Field], ...] = (
+    (
+        "managed",
+        models.BooleanField(
+            default=False,
+            db_default=False,
+            verbose_name=_("Managed by local NGINX"),
+            help_text=_(
+                "Include this site when staging the local NGINX configuration."
+            ),
+        ),
+    ),
+    (
+        "require_https",
+        models.BooleanField(
+            default=False,
+            db_default=False,
+            verbose_name=_("Require HTTPS"),
+            help_text=_(
+                "Redirect HTTP traffic to HTTPS when the staged NGINX configuration is applied."
+            ),
+        ),
+    ),
+)
+
+
+def _sites_config_path() -> Path:
+    return Path(settings.BASE_DIR) / "scripts" / "generated" / "nginx-sites.json"
+
+
+def _ensure_directories(path: Path) -> bool:
+    try:
+        path.parent.mkdir(parents=True, exist_ok=True)
+    except OSError as exc:  # pragma: no cover - filesystem errors
+        logger.warning("Unable to create directory for %s: %s", path, exc)
+        return False
+    return True
+
+
+def update_local_nginx_scripts() -> None:
+    """Serialize managed site configuration for the network setup script."""
+
+    SiteModel = apps.get_model("sites", "Site")
+    data: list[dict[str, object]] = []
+    seen_domains: set[str] = set()
+
+    try:
+        sites = list(
+            SiteModel.objects.filter(managed=True)
+            .only("domain", "require_https")
+            .order_by("domain")
+        )
+    except DatabaseError:  # pragma: no cover - database not ready
+        return
+
+    for site in sites:
+        domain = (site.domain or "").strip()
+        if not domain:
+            continue
+        if domain.lower() in seen_domains:
+            continue
+        seen_domains.add(domain.lower())
+        data.append({"domain": domain, "require_https": bool(site.require_https)})
+
+    output_path = _sites_config_path()
+    if not _ensure_directories(output_path):
+        return
+
+    if data:
+        try:
+            output_path.write_text(json.dumps(data, indent=2) + "\n", encoding="utf-8")
+        except OSError as exc:  # pragma: no cover - filesystem errors
+            logger.warning("Failed to write managed site configuration: %s", exc)
+    else:
+        try:
+            output_path.unlink()
+        except FileNotFoundError:
+            pass
+        except OSError as exc:  # pragma: no cover - filesystem errors
+            logger.warning("Failed to remove managed site configuration: %s", exc)
+
+
+def _install_fields() -> None:
+    for name, field in _FIELD_DEFINITIONS:
+        if hasattr(Site, name):
+            continue
+        Site.add_to_class(name, field.clone())
+
+
+def ensure_site_fields() -> None:
+    """Ensure the custom ``Site`` fields are installed."""
+
+    _install_fields()
+
+
+@receiver(post_save, sender=Site, dispatch_uid="pages_site_save_update_nginx")
+def _site_saved(sender, **kwargs) -> None:  # pragma: no cover - signal wrapper
+    update_local_nginx_scripts()
+
+
+@receiver(post_delete, sender=Site, dispatch_uid="pages_site_delete_update_nginx")
+def _site_deleted(sender, **kwargs) -> None:  # pragma: no cover - signal wrapper
+    update_local_nginx_scripts()
+
+
+def _run_post_migrate_update(**kwargs) -> None:  # pragma: no cover - signal wrapper
+    update_local_nginx_scripts()
+
+
+def ready() -> None:
+    """Apply customizations and connect signal handlers."""
+
+    ensure_site_fields()
+    post_migrate.connect(
+        _run_post_migrate_update,
+        dispatch_uid="pages_site_post_migrate_update",
+    )

pages/tests.py

@@ -13,13 +13,14 @@ from django.templatetags.static import static
 from urllib.parse import quote
 from django.contrib.auth import get_user_model
 from django.contrib.sites.models import Site
-from django.contrib import admin
+from django.contrib import admin, messages
 from django.contrib.messages.storage.fallback import FallbackStorage
 from django.core.exceptions import DisallowedHost
 from django.core.cache import cache
 from django.db import connection
 import socket
 from django.db import connection
+from pages import site_config
 from pages.models import (
     Application,
     Landing,
@@ -47,6 +48,7 @@ from pages.screenshot_specs import (
 )
 from pages.context_processors import nav_links
 from django.apps import apps as django_apps
+from config.middleware import SiteHttpsRedirectMiddleware
 from core import mailer
 from core.admin import ProfileAdminMixin
 from core.models import (
@@ -60,8 +62,10 @@ from core.models import (
     Todo,
     TOTPDeviceSettings,
 )
+from ocpp.models import Charger
 from django.core.files.uploadedfile import SimpleUploadedFile
 import base64
+import json
 import tempfile
 import shutil
 from io import StringIO
@@ -72,6 +76,7 @@ from types import SimpleNamespace
 from django.core.management import call_command
 import re
 from django.contrib.contenttypes.models import ContentType
+from django.http import HttpResponse
 from datetime import (
     date,
     datetime,
@@ -1172,6 +1177,125 @@ class AdminModelStatusTests(TestCase):
         self.assertContains(resp, 'class="model-status missing"', count=1)
 
 
+class _FakeQuerySet(list):
+    def only(self, *args, **kwargs):
+        return self
+
+    def order_by(self, *args, **kwargs):
+        return self
+
+
+class SiteConfigurationStagingTests(SimpleTestCase):
+    def setUp(self):
+        self.tmpdir = tempfile.mkdtemp()
+        self.addCleanup(shutil.rmtree, self.tmpdir)
+        self.config_path = Path(self.tmpdir) / "nginx-sites.json"
+        self._path_patcher = patch(
+            "pages.site_config._sites_config_path", side_effect=lambda: self.config_path
+        )
+        self._path_patcher.start()
+        self.addCleanup(self._path_patcher.stop)
+        self._model_patcher = patch("pages.site_config.apps.get_model")
+        self.mock_get_model = self._model_patcher.start()
+        self.addCleanup(self._model_patcher.stop)
+
+    def _read_config(self):
+        if not self.config_path.exists():
+            return None
+        return json.loads(self.config_path.read_text(encoding="utf-8"))
+
+    def _set_sites(self, sites):
+        queryset = _FakeQuerySet(sites)
+
+        class _Manager:
+            @staticmethod
+            def filter(**kwargs):
+                return queryset
+
+        self.mock_get_model.return_value = SimpleNamespace(objects=_Manager())
+
+    def test_managed_site_persists_configuration(self):
+        self._set_sites([SimpleNamespace(domain="example.com", require_https=True)])
+        site_config.update_local_nginx_scripts()
+        config = self._read_config()
+        self.assertEqual(
+            config,
+            [
+                {
+                    "domain": "example.com",
+                    "require_https": True,
+                }
+            ],
+        )
+
+    def test_disabling_managed_site_removes_entry(self):
+        primary = SimpleNamespace(domain="primary.test", require_https=False)
+        secondary = SimpleNamespace(domain="secondary.test", require_https=False)
+        self._set_sites([primary, secondary])
+        site_config.update_local_nginx_scripts()
+        config = self._read_config()
+        self.assertEqual(
+            [entry["domain"] for entry in config],
+            ["primary.test", "secondary.test"],
+        )
+
+        self._set_sites([secondary])
+        site_config.update_local_nginx_scripts()
+        config = self._read_config()
+        self.assertEqual(config, [{"domain": "secondary.test", "require_https": False}])
+
+        self._set_sites([])
+        site_config.update_local_nginx_scripts()
+        self.assertIsNone(self._read_config())
+
+    def test_require_https_toggle_updates_configuration(self):
+        site = SimpleNamespace(domain="secure.example", require_https=False)
+        self._set_sites([site])
+        site_config.update_local_nginx_scripts()
+        config = self._read_config()
+        self.assertEqual(config, [{"domain": "secure.example", "require_https": False}])
+
+        site.require_https = True
+        self._set_sites([site])
+        site_config.update_local_nginx_scripts()
+        config = self._read_config()
+        self.assertEqual(config, [{"domain": "secure.example", "require_https": True}])
+
+
+class SiteRequireHttpsMiddlewareTests(SimpleTestCase):
+    def setUp(self):
+        self.factory = RequestFactory()
+        self.middleware = SiteHttpsRedirectMiddleware(lambda request: HttpResponse("ok"))
+        self.secure_site = SimpleNamespace(domain="secure.test", require_https=True)
+
+    def test_http_request_redirects_to_https(self):
+        request = self.factory.get("/", HTTP_HOST="secure.test")
+        request.site = self.secure_site
+        response = self.middleware(request)
+        self.assertEqual(response.status_code, 301)
+        self.assertTrue(response["Location"].startswith("https://secure.test"))
+
+    def test_secure_request_not_redirected(self):
+        request = self.factory.get("/", HTTP_HOST="secure.test", secure=True)
+        request.site = self.secure_site
+        response = self.middleware(request)
+        self.assertEqual(response.status_code, 200)
+
+    def test_forwarded_proto_respected(self):
+        request = self.factory.get(
+            "/", HTTP_HOST="secure.test", HTTP_X_FORWARDED_PROTO="https"
+        )
+        request.site = self.secure_site
+        response = self.middleware(request)
+        self.assertEqual(response.status_code, 200)
+
+        self.secure_site.require_https = False
+        request = self.factory.get("/", HTTP_HOST="secure.test")
+        request.site = self.secure_site
+        response = self.middleware(request)
+        self.assertEqual(response.status_code, 200)
+
+
 class SiteAdminRegisterCurrentTests(TestCase):
     def setUp(self):
         self.client = Client()
@@ -2422,6 +2546,27 @@ class FavoriteTests(TestCase):
         self.assertContains(resp, f'title="{badge_label}"')
         self.assertContains(resp, f'aria-label="{badge_label}"')
 
+    def test_dashboard_shows_charge_point_availability_badge(self):
+        Charger.objects.create(charger_id="CP-001", last_status="Available")
+        Charger.objects.create(
+            charger_id="CP-001", connector_id=1, last_status="Available"
+        )
+        Charger.objects.create(
+            charger_id="CP-002", connector_id=1, last_status="Unavailable"
+        )
+
+        resp = self.client.get(reverse("admin:index"))
+
+        expected = "2 / 1"
+        badge_label = gettext(
+            "%(total)s chargers reporting Available status, including %(with_cp)s with a CP number"
+        ) % {"total": 2, "with_cp": 1}
+
+        self.assertContains(resp, expected)
+        self.assertContains(resp, 'class="charger-availability-badge"')
+        self.assertContains(resp, f'title="{badge_label}"')
+        self.assertContains(resp, f'aria-label="{badge_label}"')
+
     def test_nav_sidebar_hides_dashboard_badges(self):
         InviteLead.objects.create(email="open@example.com")
         RFID.objects.create(rfid="RFID0003", released=True, allowed=True)
@@ -3159,6 +3304,40 @@ class UserStoryAdminActionTests(TestCase):
 
         mock_create_issue.assert_not_called()
 
+    def test_create_github_issues_action_links_to_credentials_when_missing(self):
+        request = self._build_request()
+        queryset = UserStory.objects.filter(pk=self.story.pk)
+
+        mock_url = "/admin/core/releasemanager/"
+        with (
+            patch(
+                "pages.admin.reverse", return_value=mock_url
+            ) as mock_reverse,
+            patch.object(
+                UserStory,
+                "create_github_issue",
+                side_effect=RuntimeError("GitHub token is not configured"),
+            ),
+        ):
+            self.admin.create_github_issues(request, queryset)
+
+        messages_list = list(request._messages)
+        self.assertTrue(messages_list)
+
+        opts = ReleaseManager._meta
+        mock_reverse.assert_called_once_with(
+            f"{self.admin.admin_site.name}:{opts.app_label}_{opts.model_name}_changelist"
+        )
+        self.assertTrue(
+            any(mock_url in message.message for message in messages_list),
+        )
+        self.assertTrue(
+            any("Configure GitHub credentials" in message.message for message in messages_list),
+        )
+        self.assertTrue(
+            any(message.level == messages.ERROR for message in messages_list),
+        )
+
 
 class ClientReportLiveUpdateTests(TestCase):
     def setUp(self):