arthexis 0.1.19__py3-none-any.whl → 0.1.21__py3-none-any.whl

core/environment.py

@@ -1,11 +1,17 @@
 from __future__ import annotations
 
 import os
+import re
+import shlex
+import subprocess
+from pathlib import Path
 
+from django import forms
 from django.conf import settings
 from django.contrib import admin
+from django.core.exceptions import PermissionDenied
 from django.template.response import TemplateResponse
-from django.urls import path
+from django.urls import path, reverse
 from django.utils.translation import gettext_lazy as _
 
 
@@ -15,23 +21,248 @@ def _get_django_settings():
     )
 
 
+class NetworkSetupForm(forms.Form):
+    prompt_for_password = forms.BooleanField(
+        label=_("Prompt for new WiFi password"),
+        required=False,
+        help_text=_("Add --password to request a password even when one is already configured."),
+    )
+    access_point_name = forms.CharField(
+        label=_("Access point name"),
+        required=False,
+        max_length=32,
+        help_text=_("Use --ap to set the wlan0 access point name."),
+    )
+    skip_firewall_validation = forms.BooleanField(
+        label=_("Skip firewall validation"),
+        required=False,
+        help_text=_("Add --no-firewall to bypass firewall port checks."),
+    )
+    skip_access_point_configuration = forms.BooleanField(
+        label=_("Skip access point configuration"),
+        required=False,
+        help_text=_("Add --no-ap to leave the access point configuration unchanged."),
+    )
+    allow_unsafe_changes = forms.BooleanField(
+        label=_("Allow modifying the active internet connection"),
+        required=False,
+        help_text=_("Include --unsafe to allow changes that may interrupt connectivity."),
+    )
+    interactive = forms.BooleanField(
+        label=_("Prompt before each step"),
+        required=False,
+        help_text=_("Run the script with --interactive to confirm each action."),
+    )
+    install_watchdog = forms.BooleanField(
+        label=_("Install WiFi watchdog service"),
+        required=False,
+        initial=True,
+        help_text=_("Keep selected to retain the watchdog or clear to add --no-watchdog."),
+    )
+    vnc_validation = forms.ChoiceField(
+        label=_("VNC validation"),
+        choices=(
+            ("default", _("Use script default (skip validation)")),
+            ("require", _("Require that a VNC service is enabled (--vnc)")),
+        ),
+        initial="default",
+        required=True,
+    )
+    ethernet_subnet = forms.CharField(
+        label=_("Ethernet subnet"),
+        required=False,
+        help_text=_("Provide Z, Z/P (prefix 16 or 24), X.Y.Z, or X.Y.Z/P to supply --subnet."),
+    )
+    update_ap_password_only = forms.BooleanField(
+        label=_("Update access point password only"),
+        required=False,
+        help_text=_("Use --ap-set-password without running other setup steps."),
+    )
+
+    def clean_ethernet_subnet(self) -> str:
+        value = self.cleaned_data.get("ethernet_subnet", "")
+        if not value:
+            return ""
+        raw = value.strip()
+        match = re.fullmatch(
+            r"(?P<first>\d{1,3})(?:\.(?P<second>\d{1,3})\.(?P<third>\d{1,3}))?(?:/(?P<prefix>\d{1,2}))?",
+            raw,
+        )
+        if not match:
+            raise forms.ValidationError(
+                _("Enter a subnet in the form Z, Z/P, X.Y.Z, or X.Y.Z/P with prefix 16 or 24."),
+            )
+        first_octet = int(match.group("first"))
+        second = match.group("second")
+        third = match.group("third")
+        if second is not None and third is not None:
+            octets = [first_octet, int(second), int(third)]
+            for octet in octets:
+                if octet < 0 or octet > 255:
+                    raise forms.ValidationError(
+                        _("Subnet octets must be between 0 and 255."),
+                    )
+            if octets[2] > 254:
+                raise forms.ValidationError(
+                    _("The third subnet octet must be between 0 and 254."),
+                )
+            subnet_value = ".".join(str(octet) for octet in octets)
+        else:
+            if first_octet < 0 or first_octet > 254:
+                raise forms.ValidationError(
+                    _("Subnet value must be between 0 and 254."),
+                )
+            subnet_value = str(first_octet)
+        prefix_value = match.group("prefix")
+        if prefix_value:
+            prefix = int(prefix_value)
+            if prefix not in {16, 24}:
+                raise forms.ValidationError(
+                    _("Subnet prefix must be 16 or 24."),
+                )
+            return f"{subnet_value}/{prefix}"
+        return subnet_value
+
+    def clean(self) -> dict:
+        cleaned_data = super().clean()
+        if cleaned_data.get("update_ap_password_only"):
+            other_flags = [
+                cleaned_data.get("prompt_for_password"),
+                bool(cleaned_data.get("access_point_name")),
+                cleaned_data.get("skip_firewall_validation"),
+                cleaned_data.get("skip_access_point_configuration"),
+                cleaned_data.get("allow_unsafe_changes"),
+                cleaned_data.get("interactive"),
+                bool(cleaned_data.get("ethernet_subnet")),
+                cleaned_data.get("vnc_validation") == "require",
+                not cleaned_data.get("install_watchdog", True),
+            ]
+            if any(other_flags):
+                raise forms.ValidationError(
+                    _(
+                        "Update access point password only cannot be combined with other network-setup options."
+                    )
+                )
+        return cleaned_data
+
+    def build_command(self, script_path: Path) -> list[str]:
+        command = [str(script_path)]
+        data = self.cleaned_data
+        if data.get("update_ap_password_only"):
+            command.append("--ap-set-password")
+            return command
+        if data.get("prompt_for_password"):
+            command.append("--password")
+        access_point_name = data.get("access_point_name")
+        if access_point_name:
+            command.extend(["--ap", access_point_name])
+        if data.get("skip_firewall_validation"):
+            command.append("--no-firewall")
+        if data.get("skip_access_point_configuration"):
+            command.append("--no-ap")
+        if data.get("allow_unsafe_changes"):
+            command.append("--unsafe")
+        if data.get("interactive"):
+            command.append("--interactive")
+        if not data.get("install_watchdog"):
+            command.append("--no-watchdog")
+        if data.get("vnc_validation") == "require":
+            command.append("--vnc")
+        ethernet_subnet = data.get("ethernet_subnet")
+        if ethernet_subnet:
+            command.extend(["--subnet", ethernet_subnet])
+        return command
+
+
 def _environment_view(request):
     env_vars = sorted(os.environ.items())
     context = admin.site.each_context(request)
+    environment_tasks: list[dict[str, str]] = []
+    if request.user.is_superuser:
+        environment_tasks.append(
+            {
+                "name": _("Run network-setup"),
+                "description": _(
+                    "Configure network services, stage managed NGINX sites, and review script output."
+                ),
+                "url": reverse("admin:environment-network-setup"),
+            }
+        )
     context.update(
         {
-            "title": _("Environ"),
+            "title": _("Environment"),
             "env_vars": env_vars,
+            "environment_tasks": environment_tasks,
         }
     )
     return TemplateResponse(request, "admin/environment.html", context)
 
 
+def _environment_network_setup_view(request):
+    if not request.user.is_superuser:
+        raise PermissionDenied
+
+    script_path = Path(settings.BASE_DIR) / "network-setup.sh"
+    command_result: dict[str, object] | None = None
+
+    if request.method == "POST":
+        form = NetworkSetupForm(request.POST)
+        if form.is_valid():
+            command = form.build_command(script_path)
+            if not script_path.exists():
+                form.add_error(None, _("The network-setup.sh script could not be found."))
+            else:
+                try:
+                    completed = subprocess.run(
+                        command,
+                        capture_output=True,
+                        text=True,
+                        cwd=settings.BASE_DIR,
+                        check=False,
+                    )
+                except FileNotFoundError:
+                    form.add_error(None, _("The network-setup.sh script could not be executed."))
+                except OSError as exc:
+                    form.add_error(
+                        None,
+                        _("Unable to execute network-setup.sh: %(error)s")
+                        % {"error": str(exc)},
+                    )
+                else:
+                    if hasattr(shlex, "join"):
+                        command_display = shlex.join(command)
+                    else:
+                        command_display = " ".join(shlex.quote(part) for part in command)
+                    command_result = {
+                        "command": command_display,
+                        "stdout": completed.stdout,
+                        "stderr": completed.stderr,
+                        "returncode": completed.returncode,
+                        "succeeded": completed.returncode == 0,
+                    }
+    else:
+        form = NetworkSetupForm()
+
+    context = admin.site.each_context(request)
+    context.update(
+        {
+            "title": _("Run network-setup"),
+            "form": form,
+            "command_result": command_result,
+            "task_description": _(
+                "Configure script flags, execute network-setup, and review the captured output."
+            ),
+            "back_url": reverse("admin:environment"),
+        }
+    )
+    return TemplateResponse(request, "admin/environment_network_setup.html", context)
+
+
 def _config_view(request):
     context = admin.site.each_context(request)
     context.update(
         {
-            "title": _("Config"),
+            "title": _("Django Settings"),
             "django_settings": _get_django_settings(),
         }
     )
@@ -39,12 +270,17 @@ def _config_view(request):
 
 
 def patch_admin_environment_view() -> None:
-    """Add custom admin view for environment information."""
+    """Register the Environment and Config admin views on the main admin site."""
     original_get_urls = admin.site.get_urls
 
     def get_urls():
         urls = original_get_urls()
         custom = [
+            path(
+                "environment/network-setup/",
+                admin.site.admin_view(_environment_network_setup_view),
+                name="environment-network-setup",
+            ),
             path(
                 "environment/",
                 admin.site.admin_view(_environment_view),

core/models.py

@@ -5,7 +5,7 @@ from django.contrib.auth.models import (
 )
 from django.db import DatabaseError, IntegrityError, connections, models, transaction
 from django.db.models import Q
-from django.db.models.functions import Lower
+from django.db.models.functions import Lower, Length
 from django.conf import settings
 from django.contrib.auth import get_user_model
 from django.utils.translation import gettext_lazy as _
@@ -17,12 +17,12 @@ from django.dispatch import receiver
 from django.views.decorators.debug import sensitive_variables
 from datetime import time as datetime_time, timedelta
 import logging
+import json
 from django.contrib.contenttypes.models import ContentType
 import hashlib
 import hmac
 import os
 import subprocess
-import secrets
 import re
 from io import BytesIO
 from django.core.files.base import ContentFile
@@ -518,18 +518,10 @@ class User(Entity, AbstractUser):
     def odoo_profile(self):
         return self._direct_profile("OdooProfile")
 
-    @property
-    def assistant_profile(self):
-        return self._direct_profile("AssistantProfile")
-
     @property
     def social_profile(self):
         return self._direct_profile("SocialProfile")
 
-    @property
-    def chat_profile(self):
-        return self.assistant_profile
-
 
 class UserPhoneNumber(Entity):
     """Store phone numbers associated with a user."""
@@ -1764,6 +1756,7 @@ class RFID(Entity):
     """RFID tag that may be assigned to one account."""
 
     label_id = models.AutoField(primary_key=True, db_column="label_id")
+    MATCH_PREFIX_LENGTH = 8
     rfid = models.CharField(
         max_length=255,
         unique=True,
@@ -1939,6 +1932,108 @@ class RFID(Entity):
     def __str__(self):  # pragma: no cover - simple representation
         return str(self.label_id)
 
+    @classmethod
+    def normalize_code(cls, value: str) -> str:
+        """Return ``value`` normalized for comparisons."""
+
+        return "".join((value or "").split()).upper()
+
+    def adopt_rfid(self, candidate: str) -> bool:
+        """Adopt ``candidate`` as the stored RFID if it is a better match."""
+
+        normalized = type(self).normalize_code(candidate)
+        if not normalized:
+            return False
+        current = type(self).normalize_code(self.rfid)
+        if current == normalized:
+            return False
+        if not current:
+            self.rfid = normalized
+            return True
+        reversed_current = type(self).reverse_uid(current)
+        if reversed_current and reversed_current == normalized:
+            self.rfid = normalized
+            return True
+        if len(normalized) < len(current):
+            self.rfid = normalized
+            return True
+        if len(normalized) == len(current) and normalized < current:
+            self.rfid = normalized
+            return True
+        return False
+
+    @classmethod
+    def matching_queryset(cls, value: str) -> models.QuerySet["RFID"]:
+        """Return RFID records matching ``value`` using prefix comparison."""
+
+        normalized = cls.normalize_code(value)
+        if not normalized:
+            return cls.objects.none()
+
+        conditions: list[Q] = []
+        candidate = normalized
+        if candidate:
+            conditions.append(Q(rfid=candidate))
+        alternate = cls.reverse_uid(candidate)
+        if alternate and alternate != candidate:
+            conditions.append(Q(rfid=alternate))
+
+        prefix_length = min(len(candidate), cls.MATCH_PREFIX_LENGTH)
+        if prefix_length:
+            prefix = candidate[:prefix_length]
+            conditions.append(Q(rfid__startswith=prefix))
+            if alternate and alternate != candidate:
+                alt_prefix = alternate[:prefix_length]
+                if alt_prefix:
+                    conditions.append(Q(rfid__startswith=alt_prefix))
+
+        query: Q | None = None
+        for condition in conditions:
+            query = condition if query is None else query | condition
+
+        if query is None:
+            return cls.objects.none()
+
+        queryset = cls.objects.filter(query).distinct()
+        return queryset.annotate(rfid_length=Length("rfid")).order_by(
+            "rfid_length", "rfid", "pk"
+        )
+
+    @classmethod
+    def find_match(cls, value: str) -> "RFID | None":
+        """Return the best matching RFID for ``value`` if it exists."""
+
+        return cls.matching_queryset(value).first()
+
+    @classmethod
+    def update_or_create_from_code(
+        cls, value: str, defaults: dict[str, Any] | None = None
+    ) -> tuple["RFID", bool]:
+        """Update or create an RFID using relaxed matching rules."""
+
+        normalized = cls.normalize_code(value)
+        if not normalized:
+            raise ValueError("RFID value is required")
+
+        defaults_map = defaults.copy() if defaults else {}
+        existing = cls.find_match(normalized)
+        if existing:
+            update_fields: set[str] = set()
+            if existing.adopt_rfid(normalized):
+                update_fields.add("rfid")
+            for field_name, new_value in defaults_map.items():
+                if getattr(existing, field_name) != new_value:
+                    setattr(existing, field_name, new_value)
+                    update_fields.add(field_name)
+            if update_fields:
+                existing.save(update_fields=sorted(update_fields))
+            return existing, False
+
+        create_kwargs = defaults_map
+        create_kwargs["rfid"] = normalized
+        tag = cls.objects.create(**create_kwargs)
+        return tag, True
+
     @classmethod
     def normalize_endianness(cls, value: object) -> str:
         """Return a valid endianness value, defaulting to BIG."""
@@ -2033,25 +2128,12 @@ class RFID(Entity):
     ) -> tuple["RFID", bool]:
         """Return or create an RFID that was detected via scanning."""
 
-        normalized = "".join((rfid or "").split()).upper()
+        normalized = cls.normalize_code(rfid)
         desired_endianness = cls.normalize_endianness(endianness)
-        alternate = None
-        if normalized and len(normalized) % 2 == 0:
-            bytes_list = [normalized[i : i + 2] for i in range(0, len(normalized), 2)]
-            bytes_list.reverse()
-            alternate_candidate = "".join(bytes_list)
-            if alternate_candidate != normalized:
-                alternate = alternate_candidate
-
-        existing = None
-        if normalized:
-            existing = cls.objects.filter(rfid=normalized).first()
-        if not existing and alternate:
-            existing = cls.objects.filter(rfid=alternate).first()
+        existing = cls.find_match(normalized)
         if existing:
             update_fields: list[str] = []
-            if normalized and existing.rfid != normalized:
-                existing.rfid = normalized
+            if existing.adopt_rfid(normalized):
                 update_fields.append("rfid")
             if existing.endianness != desired_endianness:
                 existing.endianness = desired_endianness
@@ -2079,23 +2161,28 @@ class RFID(Entity):
                     tag = cls.objects.create(**create_kwargs)
                     cls._reset_label_sequence()
             except IntegrityError:
-                existing = cls.objects.filter(rfid=normalized).first()
+                existing = cls.find_match(normalized)
                 if existing:
                     return existing, False
             else:
                 return tag, True
         raise IntegrityError("Unable to allocate label id for scanned RFID")
 
-    @staticmethod
-    def get_account_by_rfid(value):
+    @classmethod
+    def get_account_by_rfid(cls, value):
         """Return the energy account associated with an RFID code if it exists."""
         try:
             EnergyAccount = apps.get_model("core", "EnergyAccount")
         except LookupError:  # pragma: no cover - energy accounts app optional
             return None
-        return EnergyAccount.objects.filter(
-            rfids__rfid=value.upper(), rfids__allowed=True
-        ).first()
+        matches = cls.matching_queryset(value).filter(allowed=True)
+        if not matches.exists():
+            return None
+        return (
+            EnergyAccount.objects.filter(rfids__in=matches)
+            .distinct()
+            .first()
+        )
 
     class Meta:
         verbose_name = "RFID"
@@ -2795,7 +2882,10 @@ class ClientReport(Entity):
     def build_rows(start_date=None, end_date=None, *, for_display: bool = False):
         from ocpp.models import Transaction
 
-        qs = Transaction.objects.exclude(rfid="")
+        qs = Transaction.objects.filter(
+            (Q(rfid__isnull=False) & ~Q(rfid=""))
+            | (Q(vid__isnull=False) & ~Q(vid=""))
+        )
         if start_date:
             from datetime import datetime, time, timedelta, timezone as pytimezone
 
@@ -2841,7 +2931,7 @@ class ClientReport(Entity):
                         subject = str(tag.label_id)
 
             if subject is None:
-                subject = tx.rfid
+                subject = tx.rfid or tx.vid
 
             start_value = tx.start_time
             end_value = tx.stop_time
@@ -2853,6 +2943,7 @@ class ClientReport(Entity):
                 {
                     "subject": subject,
                     "rfid": tx.rfid,
+                    "vid": tx.vid,
                     "kw": energy,
                     "start": start_value,
                     "end": end_value,
@@ -3324,7 +3415,13 @@ class PackageRelease(Entity):
         for release in cls.objects.all():
             name = f"releases__packagerelease_{release.version.replace('.', '_')}.json"
             path = base / name
-            data = serializers.serialize("json", [release])
+            data = serializers.serialize(
+                "json",
+                [release],
+                use_natural_foreign_keys=True,
+                use_natural_primary_keys=True,
+            )
+            data = json.dumps(json.loads(data), indent=2) + "\n"
             expected.add(name)
             try:
                 current = path.read_text(encoding="utf-8")
@@ -3604,73 +3701,6 @@ def _rfid_unique_energy_account(
                     "RFID tags may only be assigned to one energy account."
                 )
 
-
-def hash_key(key: str) -> str:
-    """Return a SHA-256 hash for ``key``."""
-
-    return hashlib.sha256(key.encode()).hexdigest()
-
-
-class AssistantProfile(Profile):
-    """Stores a hashed user key used by the assistant for authentication.
-
-    The plain-text ``user_key`` is generated server-side and shown only once.
-    Users must supply this key in the ``Authorization: Bearer <user_key>``
-    header when requesting protected endpoints. Only the hash is stored.
-    """
-
-    id = models.UUIDField(primary_key=True, default=uuid.uuid4, editable=False)
-    profile_fields = ("assistant_name", "user_key_hash", "scopes", "is_active")
-    assistant_name = models.CharField(max_length=100, default="Assistant")
-    user_key_hash = models.CharField(max_length=64, unique=True)
-    scopes = models.JSONField(default=list, blank=True)
-    created_at = models.DateTimeField(auto_now_add=True)
-    last_used_at = models.DateTimeField(null=True, blank=True)
-    is_active = models.BooleanField(default=True)
-
-    class Meta:
-        db_table = "workgroup_assistantprofile"
-        verbose_name = "Assistant Profile"
-        verbose_name_plural = "Assistant Profiles"
-        constraints = [
-            models.CheckConstraint(
-                check=(
-                    (Q(user__isnull=False) & Q(group__isnull=True))
-                    | (Q(user__isnull=True) & Q(group__isnull=False))
-                ),
-                name="assistantprofile_requires_owner",
-            )
-        ]
-
-    @classmethod
-    def issue_key(cls, user) -> tuple["AssistantProfile", str]:
-        """Create or update a profile and return it with a new plain key."""
-
-        key = secrets.token_hex(32)
-        key_hash = hash_key(key)
-        if user is None:
-            raise ValueError("Assistant profiles require a user instance")
-
-        profile, _ = cls.objects.update_or_create(
-            user=user,
-            defaults={
-                "user_key_hash": key_hash,
-                "last_used_at": None,
-                "is_active": True,
-            },
-        )
-        return profile, key
-
-    def touch(self) -> None:
-        """Record that the key was used."""
-
-        self.last_used_at = timezone.now()
-        self.save(update_fields=["last_used_at"])
-
-    def __str__(self) -> str:  # pragma: no cover - simple representation
-        return self.assistant_name or "AssistantProfile"
-
-
 def validate_relative_url(value: str) -> None:
     if not value:
         return

core/notifications.py

@@ -39,7 +39,7 @@ class NotificationManager:
         self.lock_file.parent.mkdir(parents=True, exist_ok=True)
         # ``plyer`` is only available on Windows and can fail when used in
         # a non-interactive environment (e.g. service or CI).
-        # Any failure will fallback to logging quietly.
+        # Any failure will fall back to logging quietly.
 
     def _write_lock_file(self, subject: str, body: str) -> None:
         self.lock_file.write_text(f"{subject}\n{body}\n", encoding="utf-8")

core/reference_utils.py

@@ -70,17 +70,16 @@ def filter_visible_references(
         required_sites = {current_site.pk for current_site in ref.sites.all()}
 
         if required_roles or required_features or required_sites:
-            allowed = False
-            if required_roles and node_role_id and node_role_id in required_roles:
-                allowed = True
-            elif (
-                required_features
-                and node_active_feature_ids
-                and node_active_feature_ids.intersection(required_features)
-            ):
-                allowed = True
-            elif required_sites and site_id and site_id in required_sites:
-                allowed = True
+            allowed = True
+            if required_roles:
+                allowed = bool(node_role_id and node_role_id in required_roles)
+            if allowed and required_features:
+                allowed = bool(
+                    node_active_feature_ids
+                    and node_active_feature_ids.intersection(required_features)
+                )
+            if allowed and required_sites:
+                allowed = bool(site_id and site_id in required_sites)
 
             if not allowed:
                 continue

core/sigil_builder.py

@@ -40,12 +40,12 @@ def _sigil_builder_view(request):
         {
             "prefix": "ENV",
             "url": reverse("admin:environment"),
-            "label": _("Environ"),
+            "label": _("Environment"),
         },
         {
             "prefix": "CONF",
             "url": reverse("admin:config"),
-            "label": _("Config"),
+            "label": _("Django Settings"),
         },
         {
             "prefix": "SYS",