PyPI - arthexis - Versions diffs - 0.1.22__py3-none-any.whl → 0.1.24__py3-none-any.whl - Mend

arthexis 0.1.22py3-none-any.whl → 0.1.24py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of arthexis might be problematic. Click here for more details.

Files changed (26) hide show

{arthexis-0.1.22.dist-info → arthexis-0.1.24.dist-info}/METADATA +6 -5
{arthexis-0.1.22.dist-info → arthexis-0.1.24.dist-info}/RECORD +26 -26
config/settings.py +4 -0
core/admin.py +200 -16
core/models.py +878 -118
core/release.py +0 -5
core/tasks.py +25 -0
core/tests.py +29 -1
core/user_data.py +42 -2
core/views.py +33 -26
nodes/admin.py +153 -132
nodes/models.py +9 -1
nodes/tests.py +106 -81
nodes/urls.py +6 -0
nodes/views.py +620 -48
ocpp/admin.py +543 -166
ocpp/models.py +57 -2
ocpp/tasks.py +336 -1
ocpp/tests.py +123 -0
ocpp/views.py +19 -3
pages/tests.py +25 -6
pages/urls.py +5 -0
pages/views.py +117 -11
{arthexis-0.1.22.dist-info → arthexis-0.1.24.dist-info}/WHEEL +0 -0
{arthexis-0.1.22.dist-info → arthexis-0.1.24.dist-info}/licenses/LICENSE +0 -0
{arthexis-0.1.22.dist-info → arthexis-0.1.24.dist-info}/top_level.txt +0 -0

nodes/models.py CHANGED Viewed

@@ -4,6 +4,7 @@ from collections.abc import Iterable
 from copy import deepcopy
 from dataclasses import dataclass
 from django.db import models
+from django.db.models import Q
 from django.db.utils import DatabaseError
 from django.db.models.signals import post_delete
 from django.dispatch import Signal, receiver
@@ -294,7 +295,14 @@ class Node(Entity):
         """Return the node representing the current host if it exists."""
         mac = cls.get_current_mac()
         try:
-            return cls.objects.filter(mac_address=mac).first()
+            node = cls.objects.filter(mac_address__iexact=mac).first()
+            if node:
+                return node
+            return (
+                cls.objects.filter(current_relation=cls.Relation.SELF)
+                .filter(Q(mac_address__isnull=True) | Q(mac_address=""))
+                .first()
+            )
         except DatabaseError:
             logger.debug("nodes.Node.get_local skipped: database unavailable", exc_info=True)
             return None

nodes/tests.py CHANGED Viewed

@@ -66,6 +66,7 @@ from .models import (
 )
 from .backends import OutboxEmailBackend
 from .tasks import capture_node_screenshot, poll_unreachable_upstream, sample_clipboard
+from ocpp.models import Charger
 from cryptography.hazmat.primitives.asymmetric import rsa, padding
 from cryptography.hazmat.primitives import serialization, hashes
 from core.models import Package, PackageRelease, SecurityGroup, RFID, EnergyAccount, Todo
@@ -1816,84 +1817,6 @@ class NodeAdminTests(TestCase):
         self.assertEqual(response.status_code, 200)
         self.assertContains(response, "data:image/png;base64")
-    @patch("nodes.admin.requests.post")
-    def test_proxy_view_uses_remote_login_url(self, mock_post):
-        self.client.get(reverse("admin:nodes_node_register_current"))
-        local_node = Node.objects.get()
-        remote = Node.objects.create(
-            hostname="remote",
-            address="192.0.2.10",
-            port=8443,
-            mac_address="aa:bb:cc:dd:ee:ff",
-        )
-        mock_post.return_value = SimpleNamespace(
-            ok=True,
-            json=lambda: {
-                "login_url": "https://remote.example/nodes/proxy/login/token",
-                "expires": "2025-01-01T00:00:00",
-            },
-            status_code=200,
-            text="ok",
-        )
-        response = self.client.get(
-            reverse("admin:nodes_node_proxy", args=[remote.pk])
-        )
-        self.assertEqual(response.status_code, 200)
-        self.assertTemplateUsed(response, "admin/nodes/node/proxy.html")
-        self.assertContains(response, "<iframe", html=False)
-        mock_post.assert_called()
-        payload = json.loads(mock_post.call_args[1]["data"])
-        self.assertEqual(payload.get("requester"), str(local_node.uuid))
-    @patch("nodes.admin.requests.post")
-    def test_proxy_view_falls_back_to_http_after_ssl_error(self, mock_post):
-        self.client.get(reverse("admin:nodes_node_register_current"))
-        remote = Node.objects.create(
-            hostname="remote-https",
-            address="198.51.100.20",
-            port=443,
-            mac_address="aa:bb:cc:dd:ee:10",
-        )
-        local_node = Node.get_local()
-        success_response = SimpleNamespace(
-            ok=True,
-            json=lambda: {
-                "login_url": "http://remote.example/nodes/proxy/login/token",
-                "expires": "2025-01-01T00:00:00",
-            },
-            status_code=200,
-            text="ok",
-        )
-        mock_post.side_effect = [
-            SSLError("wrong version number"),
-            success_response,
-        ]
-        response = self.client.get(
-            reverse("admin:nodes_node_proxy", args=[remote.pk])
-        )
-        self.assertEqual(response.status_code, 200)
-        self.assertEqual(mock_post.call_count, 2)
-        first_url = mock_post.call_args_list[0].args[0]
-        second_url = mock_post.call_args_list[1].args[0]
-        self.assertTrue(first_url.startswith("https://"))
-        self.assertTrue(second_url.startswith("http://"))
-        self.assertIn("/nodes/proxy/session/", second_url)
-        payload = json.loads(mock_post.call_args_list[-1].kwargs["data"])
-        self.assertEqual(payload.get("requester"), str(local_node.uuid))
-    def test_proxy_link_displayed_for_remote_nodes(self):
-        Node.objects.create(
-            hostname="remote",
-            address="203.0.113.1",
-            port=8000,
-            mac_address="aa:aa:aa:aa:aa:01",
-        )
-        response = self.client.get(reverse("admin:nodes_node_changelist"))
-        proxy_url = reverse("admin:nodes_node_proxy", args=[1])
-        self.assertContains(response, proxy_url)
     def test_visit_link_uses_local_admin_dashboard_for_local_node(self):
         node_admin = admin.site._registry[Node]
         local_node = self._create_local_node()
@@ -1926,14 +1849,14 @@ class NodeAdminTests(TestCase):
             port=8443,
         )
-        urls = list(node_admin._iter_remote_urls(remote, "/nodes/proxy/session/"))
+        urls = list(node_admin._iter_remote_urls(remote, "/nodes/info/"))
         self.assertIn(
-            "https://example.com:8443/interface/nodes/proxy/session/",
+            "https://example.com:8443/interface/nodes/info/",
             urls,
         )
         self.assertIn(
-            "http://example.com:8443/interface/nodes/proxy/session/",
+            "http://example.com:8443/interface/nodes/info/",
             urls,
         )
         combined = "".join(urls)
@@ -2629,6 +2552,32 @@ class NodeProxyGatewayTests(TestCase):
         second = self.client.get(parsed.path)
         self.assertEqual(second.status_code, 410)
+    def test_proxy_session_accepts_mac_hint_when_uuid_unknown(self):
+        payload = {
+            "requester": str(uuid.uuid4()),
+            "requester_mac": self.node.mac_address,
+            "requester_public_key": self.node.public_key,
+            "user": {
+                "username": "proxy-user",
+                "email": "proxy@example.com",
+                "first_name": "Proxy",
+                "last_name": "User",
+                "is_staff": True,
+                "is_superuser": True,
+                "groups": [],
+                "permissions": [],
+            },
+            "target": "/admin/",
+        }
+        body, signature = self._sign(payload)
+        response = self.client.post(
+            reverse("node-proxy-session"),
+            data=body,
+            content_type="application/json",
+            HTTP_X_SIGNATURE=signature,
+        )
+        self.assertEqual(response.status_code, 200)
     def test_proxy_execute_lists_nodes(self):
         Node.objects.create(
             hostname="target",
@@ -3531,6 +3480,82 @@ class NetMessageSignatureTests(TestCase):
         self.assertTrue(signature_one)
         self.assertTrue(signature_two)
         self.assertNotEqual(signature_one, signature_two)
+class NetworkChargerActionSecurityTests(TestCase):
+    def setUp(self):
+        self.client = Client()
+        self.local_node = Node.objects.create(
+            hostname="local-node",
+            address="127.0.0.1",
+            port=8000,
+            mac_address="00:aa:bb:cc:dd:10",
+            public_endpoint="local-endpoint",
+        )
+        self.authorized_node = Node.objects.create(
+            hostname="authorized-node",
+            address="127.0.0.2",
+            port=8001,
+            mac_address="00:aa:bb:cc:dd:11",
+            public_endpoint="authorized-endpoint",
+        )
+        self.unauthorized_node, self.unauthorized_key = self._create_signed_node(
+            "unauthorized-node",
+            mac_suffix=0x12,
+        )
+        self.charger = Charger.objects.create(
+            charger_id="SECURE-TEST-1",
+            allow_remote=True,
+            manager_node=self.authorized_node,
+            node_origin=self.local_node,
+        )
+    def _create_signed_node(self, hostname: str, *, mac_suffix: int):
+        key = rsa.generate_private_key(public_exponent=65537, key_size=2048)
+        public_bytes = key.public_key().public_bytes(
+            encoding=serialization.Encoding.PEM,
+            format=serialization.PublicFormat.SubjectPublicKeyInfo,
+        )
+        node = Node.objects.create(
+            hostname=hostname,
+            address="10.0.0.{:d}".format(mac_suffix),
+            port=8020,
+            mac_address="00:aa:bb:cc:dd:{:02x}".format(mac_suffix),
+            public_key=public_bytes.decode(),
+            public_endpoint=f"{hostname}-endpoint",
+        )
+        return node, key
+    def test_rejects_requests_from_unmanaged_nodes(self):
+        url = reverse("node-network-charger-action")
+        payload = {
+            "requester": str(self.unauthorized_node.uuid),
+            "charger_id": self.charger.charger_id,
+            "action": "reset",
+        }
+        body = json.dumps(payload).encode()
+        signature = self.unauthorized_key.sign(
+            body,
+            padding.PKCS1v15(),
+            hashes.SHA256(),
+        )
+        headers = {"HTTP_X_SIGNATURE": base64.b64encode(signature).decode()}
+        with patch.object(Node, "get_local", return_value=self.local_node):
+            response = self.client.post(
+                url,
+                data=body,
+                content_type="application/json",
+                **headers,
+            )
+        self.assertEqual(response.status_code, 403)
+        self.assertEqual(
+            response.json().get("detail"),
+            "requester does not manage this charger",
+        )
 class StartupNotificationTests(TestCase):
     def test_startup_notification_uses_hostname_and_revision(self):
         from nodes.apps import _startup_notification

nodes/urls.py CHANGED Viewed

@@ -11,6 +11,12 @@ urlpatterns = [
     path("net-message/pull/", views.net_message_pull, name="net-message-pull"),
     path("rfid/export/", views.export_rfids, name="node-rfid-export"),
     path("rfid/import/", views.import_rfids, name="node-rfid-import"),
+    path("network/chargers/", views.network_chargers, name="node-network-chargers"),
+    path(
+        "network/chargers/action/",
+        views.network_charger_action,
+        name="node-network-charger-action",
+    ),
     path("proxy/session/", views.proxy_session, name="node-proxy-session"),
     path("proxy/login/<str:token>/", views.proxy_login, name="node-proxy-login"),
     path("proxy/execute/", views.proxy_execute, name="node-proxy-execute"),

arthexis 0.1.22__py3-none-any.whl → 0.1.24__py3-none-any.whl

Potentially problematic release.

arthexis 0.1.22py3-none-any.whl → 0.1.24py3-none-any.whl