arthexis 0.1.21__py3-none-any.whl → 0.1.23__py3-none-any.whl

nodes/tests.py

@@ -48,6 +48,7 @@ from .classifiers import run_default_classifiers
 from .utils import capture_rpi_snapshot, capture_screenshot, save_screenshot
 from django.db.utils import DatabaseError
 
+from .admin import NodeAdmin
 from .models import (
     Node,
     EmailOutbox,
@@ -67,7 +68,8 @@ from .backends import OutboxEmailBackend
 from .tasks import capture_node_screenshot, poll_unreachable_upstream, sample_clipboard
 from cryptography.hazmat.primitives.asymmetric import rsa, padding
 from cryptography.hazmat.primitives import serialization, hashes
-from core.models import Package, PackageRelease, SecurityGroup, RFID, EnergyAccount
+from core.models import Package, PackageRelease, SecurityGroup, RFID, EnergyAccount, Todo
+from requests.exceptions import SSLError
 
 
 class NodeBadgeColorTests(TestCase):
@@ -742,6 +744,59 @@ class NodeGetLocalTests(TestCase):
         self.assertEqual(node.current_relation, Node.Relation.UPSTREAM)
 
 
+class NodeEnsureKeysTests(TestCase):
+    def setUp(self):
+        self.tempdir = TemporaryDirectory()
+        self.base = Path(self.tempdir.name)
+        self.override = override_settings(BASE_DIR=self.base)
+        self.override.enable()
+        self.node = Node.objects.create(
+            hostname="ensure-host",
+            address="127.0.0.1",
+            port=8000,
+            mac_address="00:11:22:33:44:55",
+        )
+
+    def tearDown(self):
+        self.override.disable()
+        self.tempdir.cleanup()
+
+    def test_regenerates_missing_keys(self):
+        self.node.ensure_keys()
+        security_dir = self.base / "security"
+        priv_path = security_dir / self.node.public_endpoint
+        pub_path = security_dir / f"{self.node.public_endpoint}.pub"
+        original_public = self.node.public_key
+        priv_path.unlink()
+        pub_path.unlink()
+
+        self.node.ensure_keys()
+
+        self.assertTrue(priv_path.exists())
+        self.assertTrue(pub_path.exists())
+        self.assertNotEqual(self.node.public_key, original_public)
+
+    def test_regenerates_outdated_keys(self):
+        self.node.ensure_keys()
+        security_dir = self.base / "security"
+        priv_path = security_dir / self.node.public_endpoint
+        pub_path = security_dir / f"{self.node.public_endpoint}.pub"
+        original_private = priv_path.read_bytes()
+        original_public = pub_path.read_bytes()
+
+        old_time = (timezone.now() - timedelta(seconds=5)).timestamp()
+        os.utime(priv_path, (old_time, old_time))
+        os.utime(pub_path, (old_time, old_time))
+
+        with override_settings(NODE_KEY_MAX_AGE=timedelta(seconds=1)):
+            self.node.ensure_keys()
+
+        self.node.refresh_from_db()
+        self.assertNotEqual(priv_path.read_bytes(), original_private)
+        self.assertNotEqual(pub_path.read_bytes(), original_public)
+        self.assertNotEqual(self.node.public_key, original_public.decode())
+
+
 class NodeInfoViewTests(TestCase):
     def setUp(self):
         self.mac = "02:00:00:00:00:01"
@@ -790,6 +845,16 @@ class NodeInfoViewTests(TestCase):
         payload = response.json()
         self.assertEqual(payload["port"], 8443)
 
+    def test_includes_role_in_payload(self):
+        role, _ = NodeRole.objects.get_or_create(name="Terminal")
+        self.node.role = role
+        self.node.save(update_fields=["role"])
+
+        response = self.client.get(self.url)
+        self.assertEqual(response.status_code, 200)
+        payload = response.json()
+        self.assertEqual(payload.get("role"), "Terminal")
+
 
 class RegisterVisitorNodeMessageTests(TestCase):
     def setUp(self):
@@ -1651,6 +1716,60 @@ class NodeAdminTests(TestCase):
             response, reverse("admin:nodes_node_register_current")
         )
 
+    def test_apply_remote_node_info_updates_role(self):
+        terminal, _ = NodeRole.objects.get_or_create(name="Terminal")
+        control, _ = NodeRole.objects.get_or_create(name="Control")
+        node = Node.objects.create(
+            hostname="remote-node",
+            address="10.0.0.20",
+            port=8001,
+            mac_address="00:11:22:33:44:aa",
+            role=terminal,
+        )
+        admin_instance = NodeAdmin(Node, admin.site)
+
+        payload = {
+            "hostname": node.hostname,
+            "address": node.address,
+            "port": node.port,
+            "role": "Control",
+        }
+
+        changed = admin_instance._apply_remote_node_info(node, payload)
+        node.refresh_from_db()
+
+        self.assertIn("role", changed)
+        self.assertEqual(node.role, control)
+        self.assertTrue(control.node_set.filter(pk=node.pk).exists())
+        self.assertFalse(terminal.node_set.filter(pk=node.pk).exists())
+
+    def test_apply_remote_node_info_accepts_role_name_key(self):
+        terminal, _ = NodeRole.objects.get_or_create(name="Terminal")
+        control, _ = NodeRole.objects.get_or_create(name="Control")
+        node = Node.objects.create(
+            hostname="role-name-node",
+            address="10.0.0.21",
+            port=8002,
+            mac_address="00:11:22:33:44:bb",
+            role=terminal,
+        )
+        admin_instance = NodeAdmin(Node, admin.site)
+
+        payload = {
+            "hostname": node.hostname,
+            "address": node.address,
+            "port": node.port,
+            "role_name": "Control",
+        }
+
+        changed = admin_instance._apply_remote_node_info(node, payload)
+        node.refresh_from_db()
+
+        self.assertIn("role", changed)
+        self.assertEqual(node.role, control)
+        self.assertTrue(control.node_set.filter(pk=node.pk).exists())
+        self.assertFalse(terminal.node_set.filter(pk=node.pk).exists())
+
     @pytest.mark.feature("screenshot-poll")
     @patch("nodes.admin.capture_screenshot")
     def test_capture_site_screenshot_from_admin(self, mock_capture_screenshot):
@@ -1725,6 +1844,92 @@ class NodeAdminTests(TestCase):
         mock_post.assert_called()
         payload = json.loads(mock_post.call_args[1]["data"])
         self.assertEqual(payload.get("requester"), str(local_node.uuid))
+        self.assertEqual(payload.get("requester_mac"), local_node.mac_address)
+        self.assertEqual(payload.get("requester_public_key"), local_node.public_key)
+
+    @patch("nodes.admin.requests.post")
+    def test_proxy_view_falls_back_to_http_after_ssl_error(self, mock_post):
+        self.client.get(reverse("admin:nodes_node_register_current"))
+        remote = Node.objects.create(
+            hostname="remote-https",
+            address="198.51.100.20",
+            port=443,
+            mac_address="aa:bb:cc:dd:ee:10",
+        )
+        local_node = Node.get_local()
+        success_response = SimpleNamespace(
+            ok=True,
+            json=lambda: {
+                "login_url": "http://remote.example/nodes/proxy/login/token",
+                "expires": "2025-01-01T00:00:00",
+            },
+            status_code=200,
+            text="ok",
+        )
+        mock_post.side_effect = [
+            SSLError("wrong version number"),
+            success_response,
+        ]
+
+        response = self.client.get(
+            reverse("admin:nodes_node_proxy", args=[remote.pk])
+        )
+
+        self.assertEqual(response.status_code, 200)
+        self.assertEqual(mock_post.call_count, 2)
+        first_url = mock_post.call_args_list[0].args[0]
+        second_url = mock_post.call_args_list[1].args[0]
+        self.assertTrue(first_url.startswith("https://"))
+        self.assertTrue(second_url.startswith("http://"))
+        self.assertIn("/nodes/proxy/session/", second_url)
+        payload = json.loads(mock_post.call_args_list[-1].kwargs["data"])
+        self.assertEqual(payload.get("requester"), str(local_node.uuid))
+        self.assertEqual(payload.get("requester_mac"), local_node.mac_address)
+        self.assertEqual(payload.get("requester_public_key"), local_node.public_key)
+
+    @patch("nodes.admin.requests.post")
+    def test_proxy_view_retries_post_after_redirect(self, mock_post):
+        self.client.get(reverse("admin:nodes_node_register_current"))
+        remote = Node.objects.create(
+            hostname="redirect-node",
+            public_endpoint="http://remote.example",
+            address="198.51.100.30",
+            mac_address="aa:bb:cc:dd:ee:20",
+        )
+
+        redirect_response = SimpleNamespace(
+            status_code=301,
+            ok=True,
+            text="redirect",
+            headers={"Location": "https://remote.example/nodes/proxy/session/"},
+        )
+        success_response = SimpleNamespace(
+            status_code=200,
+            ok=True,
+            text="ok",
+            headers={},
+            json=lambda: {
+                "login_url": "https://remote.example/nodes/proxy/login/token",
+                "expires": "2025-01-01T00:00:00",
+            },
+        )
+
+        mock_post.side_effect = [redirect_response, success_response]
+
+        response = self.client.get(
+            reverse("admin:nodes_node_proxy", args=[remote.pk])
+        )
+
+        self.assertEqual(response.status_code, 200)
+        self.assertEqual(mock_post.call_count, 2)
+
+        first_call_kwargs = mock_post.call_args_list[0].kwargs
+        self.assertFalse(first_call_kwargs.get("allow_redirects", True))
+
+        second_url = mock_post.call_args_list[1].args[0]
+        self.assertEqual(second_url, "https://remote.example/nodes/proxy/session/")
+        second_call_kwargs = mock_post.call_args_list[1].kwargs
+        self.assertFalse(second_call_kwargs.get("allow_redirects", True))
 
     def test_proxy_link_displayed_for_remote_nodes(self):
         Node.objects.create(
@@ -1737,6 +1942,51 @@ class NodeAdminTests(TestCase):
         proxy_url = reverse("admin:nodes_node_proxy", args=[1])
         self.assertContains(response, proxy_url)
 
+    def test_visit_link_uses_local_admin_dashboard_for_local_node(self):
+        node_admin = admin.site._registry[Node]
+        local_node = self._create_local_node()
+
+        link_html = node_admin.visit_link(local_node)
+
+        self.assertIn(reverse("admin:index"), link_html)
+        self.assertIn("target=\"_blank\"", link_html)
+
+    def test_visit_link_prefers_remote_hostname_for_dashboard(self):
+        node_admin = admin.site._registry[Node]
+        remote = Node.objects.create(
+            hostname="remote.example.com",
+            address="198.51.100.20",
+            port=8443,
+            mac_address="aa:bb:cc:dd:ee:ff",
+        )
+
+        link_html = node_admin.visit_link(remote)
+
+        self.assertIn("https://remote.example.com:8443/admin/", link_html)
+        self.assertIn("target=\"_blank\"", link_html)
+
+    def test_iter_remote_urls_handles_hostname_with_path_and_port(self):
+        node_admin = admin.site._registry[Node]
+        remote = SimpleNamespace(
+            public_endpoint="",
+            address="",
+            hostname="example.com/interface",
+            port=8443,
+        )
+
+        urls = list(node_admin._iter_remote_urls(remote, "/nodes/proxy/session/"))
+
+        self.assertIn(
+            "https://example.com:8443/interface/nodes/proxy/session/",
+            urls,
+        )
+        self.assertIn(
+            "http://example.com:8443/interface/nodes/proxy/session/",
+            urls,
+        )
+        combined = "".join(urls)
+        self.assertNotIn("interface:8443", combined)
+
 
     @pytest.mark.feature("screenshot-poll")
     @override_settings(SCREENSHOT_SOURCES=["/one", "/two"])
@@ -2427,6 +2677,32 @@ class NodeProxyGatewayTests(TestCase):
         second = self.client.get(parsed.path)
         self.assertEqual(second.status_code, 410)
 
+    def test_proxy_session_accepts_mac_hint_when_uuid_unknown(self):
+        payload = {
+            "requester": str(uuid.uuid4()),
+            "requester_mac": self.node.mac_address,
+            "requester_public_key": self.node.public_key,
+            "user": {
+                "username": "proxy-user",
+                "email": "proxy@example.com",
+                "first_name": "Proxy",
+                "last_name": "User",
+                "is_staff": True,
+                "is_superuser": True,
+                "groups": [],
+                "permissions": [],
+            },
+            "target": "/admin/",
+        }
+        body, signature = self._sign(payload)
+        response = self.client.post(
+            reverse("node-proxy-session"),
+            data=body,
+            content_type="application/json",
+            HTTP_X_SIGNATURE=signature,
+        )
+        self.assertEqual(response.status_code, 200)
+
     def test_proxy_execute_lists_nodes(self):
         Node.objects.create(
             hostname="target",
@@ -3412,6 +3688,17 @@ class StartupHandlerTests(TestCase):
 
         mock_start.assert_called_once()
 
+    def test_handler_skips_during_migrate_command(self):
+        import sys
+
+        from nodes.apps import _trigger_startup_notification
+
+        with patch("nodes.apps._startup_notification") as mock_start:
+            with patch.object(sys, "argv", ["manage.py", "migrate"]):
+                _trigger_startup_notification()
+
+        mock_start.assert_not_called()
+
 
 class NotificationManagerTests(TestCase):
     def test_send_writes_trimmed_lines(self):

nodes/views.py

@@ -43,24 +43,68 @@ PROXY_TOKEN_TIMEOUT = 300
 PROXY_CACHE_PREFIX = "nodes:proxy-session:"
 
 
-def _load_signed_node(request, requester_id: str):
+def _load_signed_node(
+    request,
+    requester_id: str,
+    *,
+    mac_address: str | None = None,
+    public_key: str | None = None,
+):
     signature = request.headers.get("X-Signature")
     if not signature:
         return None, JsonResponse({"detail": "signature required"}, status=403)
-    node = Node.objects.filter(uuid=requester_id).first()
-    if not node or not node.public_key:
-        return None, JsonResponse({"detail": "unknown requester"}, status=403)
     try:
-        public_key = serialization.load_pem_public_key(node.public_key.encode())
-        public_key.verify(
-            base64.b64decode(signature),
-            request.body,
-            padding.PKCS1v15(),
-            hashes.SHA256(),
-        )
+        signature_bytes = base64.b64decode(signature)
     except Exception:
         return None, JsonResponse({"detail": "invalid signature"}, status=403)
-    return node, None
+
+    candidates: list[Node] = []
+    seen: set[int] = set()
+
+    lookup_values: list[tuple[str, str]] = []
+    if requester_id:
+        lookup_values.append(("uuid", requester_id))
+    if mac_address:
+        lookup_values.append(("mac_address__iexact", mac_address))
+    if public_key:
+        lookup_values.append(("public_key", public_key))
+
+    for field, value in lookup_values:
+        node = Node.objects.filter(**{field: value}).first()
+        if not node or not node.public_key:
+            continue
+        if node.pk is not None and node.pk in seen:
+            continue
+        if node.pk is not None:
+            seen.add(node.pk)
+        candidates.append(node)
+
+    if not candidates:
+        return None, JsonResponse({"detail": "unknown requester"}, status=403)
+
+    for node in candidates:
+        try:
+            loaded_key = serialization.load_pem_public_key(node.public_key.encode())
+            loaded_key.verify(
+                signature_bytes,
+                request.body,
+                padding.PKCS1v15(),
+                hashes.SHA256(),
+            )
+        except Exception:
+            continue
+        return node, None
+
+    return None, JsonResponse({"detail": "invalid signature"}, status=403)
+
+
+def _clean_requester_hint(value, *, strip: bool = True) -> str | None:
+    if not isinstance(value, str):
+        return None
+    cleaned = value.strip() if strip else value
+    if not cleaned:
+        return None
+    return cleaned
 
 
 def _sanitize_proxy_target(target: str | None, request) -> str:
@@ -320,6 +364,7 @@ def node_info(request):
         "mac_address": node.mac_address,
         "public_key": node.public_key,
         "features": list(node.features.values_list("slug", flat=True)),
+        "role": node.role.name if node.role_id else "",
     }
 
     if token:
@@ -588,26 +633,21 @@ def export_rfids(request):
         return JsonResponse({"detail": "invalid json"}, status=400)
 
     requester = payload.get("requester")
-    signature = request.headers.get("X-Signature")
     if not requester:
         return JsonResponse({"detail": "requester required"}, status=400)
-    if not signature:
-        return JsonResponse({"detail": "signature required"}, status=403)
 
-    node = Node.objects.filter(uuid=requester).first()
-    if not node or not node.public_key:
-        return JsonResponse({"detail": "unknown requester"}, status=403)
-
-    try:
-        public_key = serialization.load_pem_public_key(node.public_key.encode())
-        public_key.verify(
-            base64.b64decode(signature),
-            request.body,
-            padding.PKCS1v15(),
-            hashes.SHA256(),
-        )
-    except Exception:
-        return JsonResponse({"detail": "invalid signature"}, status=403)
+    requester_mac = _clean_requester_hint(payload.get("requester_mac"))
+    requester_public_key = _clean_requester_hint(
+        payload.get("requester_public_key"), strip=False
+    )
+    node, error_response = _load_signed_node(
+        request,
+        requester,
+        mac_address=requester_mac,
+        public_key=requester_public_key,
+    )
+    if error_response is not None:
+        return error_response
 
     tags = [serialize_rfid(tag) for tag in RFID.objects.all().order_by("label_id")]
 
@@ -627,26 +667,21 @@ def import_rfids(request):
         return JsonResponse({"detail": "invalid json"}, status=400)
 
     requester = payload.get("requester")
-    signature = request.headers.get("X-Signature")
     if not requester:
         return JsonResponse({"detail": "requester required"}, status=400)
-    if not signature:
-        return JsonResponse({"detail": "signature required"}, status=403)
-
-    node = Node.objects.filter(uuid=requester).first()
-    if not node or not node.public_key:
-        return JsonResponse({"detail": "unknown requester"}, status=403)
 
-    try:
-        public_key = serialization.load_pem_public_key(node.public_key.encode())
-        public_key.verify(
-            base64.b64decode(signature),
-            request.body,
-            padding.PKCS1v15(),
-            hashes.SHA256(),
-        )
-    except Exception:
-        return JsonResponse({"detail": "invalid signature"}, status=403)
+    requester_mac = _clean_requester_hint(payload.get("requester_mac"))
+    requester_public_key = _clean_requester_hint(
+        payload.get("requester_public_key"), strip=False
+    )
+    node, error_response = _load_signed_node(
+        request,
+        requester,
+        mac_address=requester_mac,
+        public_key=requester_public_key,
+    )
+    if error_response is not None:
+        return error_response
 
     rfids = payload.get("rfids", [])
     if not isinstance(rfids, list):
@@ -703,7 +738,16 @@ def proxy_session(request):
     if not requester:
         return JsonResponse({"detail": "requester required"}, status=400)
 
-    node, error_response = _load_signed_node(request, requester)
+    requester_mac = _clean_requester_hint(payload.get("requester_mac"))
+    requester_public_key = _clean_requester_hint(
+        payload.get("requester_public_key"), strip=False
+    )
+    node, error_response = _load_signed_node(
+        request,
+        requester,
+        mac_address=requester_mac,
+        public_key=requester_public_key,
+    )
     if error_response is not None:
         return error_response
 
@@ -843,7 +887,16 @@ def proxy_execute(request):
     if not requester:
         return JsonResponse({"detail": "requester required"}, status=400)
 
-    node, error_response = _load_signed_node(request, requester)
+    requester_mac = _clean_requester_hint(payload.get("requester_mac"))
+    requester_public_key = _clean_requester_hint(
+        payload.get("requester_public_key"), strip=False
+    )
+    node, error_response = _load_signed_node(
+        request,
+        requester,
+        mac_address=requester_mac,
+        public_key=requester_public_key,
+    )
     if error_response is not None:
         return error_response
 

ocpp/admin.py

@@ -112,12 +112,19 @@ class LogViewAdminMixin:
 
 @admin.register(ChargerConfiguration)
 class ChargerConfigurationAdmin(admin.ModelAdmin):
-    list_display = ("charger_identifier", "connector_display", "created_at")
+    list_display = (
+        "charger_identifier",
+        "connector_display",
+        "origin_display",
+        "created_at",
+    )
     list_filter = ("connector_id",)
     search_fields = ("charger_identifier",)
     readonly_fields = (
         "charger_identifier",
         "connector_id",
+        "origin_display",
+        "evcs_snapshot_at",
         "created_at",
         "updated_at",
         "linked_chargers",
@@ -132,6 +139,8 @@ class ChargerConfigurationAdmin(admin.ModelAdmin):
                 "fields": (
                     "charger_identifier",
                     "connector_id",
+                    "origin_display",
+                    "evcs_snapshot_at",
                     "linked_chargers",
                     "created_at",
                     "updated_at",
@@ -185,11 +194,21 @@ class ChargerConfigurationAdmin(admin.ModelAdmin):
     def raw_payload_display(self, obj):
         return self._render_json(obj.raw_payload)
 
+    @admin.display(description="Origin")
+    def origin_display(self, obj):
+        if obj.evcs_snapshot_at:
+            return "EVCS"
+        return "Local"
+
+    def save_model(self, request, obj, form, change):
+        obj.evcs_snapshot_at = None
+        super().save_model(request, obj, form, change)
+
 
 @admin.register(Location)
 class LocationAdmin(EntityModelAdmin):
     form = LocationAdminForm
-    list_display = ("name", "latitude", "longitude")
+    list_display = ("name", "zone", "contract_type", "latitude", "longitude")
     change_form_template = "admin/ocpp/location/change_form.html"
 
 
@@ -752,6 +771,17 @@ class ChargerAdmin(LogViewAdminMixin, EntityModelAdmin):
                     level=messages.ERROR,
                 )
                 continue
+            tx_obj = store.get_transaction(charger.charger_id, connector_value)
+            if tx_obj is not None:
+                self.message_user(
+                    request,
+                    (
+                        f"{charger}: reset skipped because a session is active; "
+                        "stop the session first."
+                    ),
+                    level=messages.WARNING,
+                )
+                continue
             message_id = uuid.uuid4().hex
             msg = json.dumps([
                 2,

ocpp/consumers.py

@@ -791,6 +791,7 @@ class CSMSConsumer(AsyncWebsocketConsumer):
             connector_id=connector_value,
             configuration_keys=normalized_entries,
             unknown_keys=unknown_values,
+            evcs_snapshot_at=timezone.now(),
             raw_payload=raw_payload,
         )
         Charger.objects.filter(charger_id=self.charger_id).update(