arthexis 0.1.23__py3-none-any.whl → 0.1.24__py3-none-any.whl

core/tasks.py

@@ -405,3 +405,28 @@ def run_client_report_schedule(schedule_id: int) -> None:
     except Exception:
         logger.exception("ClientReportSchedule %s failed", schedule_id)
         raise
+
+
+@shared_task
+def ensure_recurring_client_reports() -> None:
+    """Ensure scheduled consumer reports run for the current period."""
+
+    from core.models import ClientReportSchedule
+
+    reference = timezone.localdate()
+    schedules = ClientReportSchedule.objects.filter(
+        periodicity__in=[
+            ClientReportSchedule.PERIODICITY_DAILY,
+            ClientReportSchedule.PERIODICITY_WEEKLY,
+            ClientReportSchedule.PERIODICITY_MONTHLY,
+        ]
+    ).prefetch_related("chargers")
+
+    for schedule in schedules:
+        try:
+            schedule.generate_missing_reports(reference=reference)
+        except Exception:
+            logger.exception(
+                "Automatic consumer report generation failed for schedule %s",
+                schedule.pk,
+            )

nodes/admin.py

@@ -60,6 +60,7 @@ from .models import (
 )
 from . import dns as dns_utils
 from core.models import RFID
+from ocpp.models import Charger, Location
 from core.user_data import EntityModelAdmin
 
 
@@ -237,7 +238,6 @@ class NodeAdmin(EntityModelAdmin):
         "relation",
         "last_seen",
         "visit_link",
-        "proxy_link",
     )
     search_fields = ("hostname", "address", "mac_address")
     change_list_template = "admin/nodes/node/change_list.html"
@@ -287,6 +287,7 @@ class NodeAdmin(EntityModelAdmin):
         "register_visitor",
         "run_task",
         "take_screenshots",
+        "discover_charge_points",
         "import_rfids_from_selected",
         "export_rfids_to_selected",
     ]
@@ -296,16 +297,6 @@ class NodeAdmin(EntityModelAdmin):
     def relation(self, obj):
         return obj.get_current_relation_display()
 
-    @admin.display(description=_("Proxy"))
-    def proxy_link(self, obj):
-        if not obj or obj.is_local:
-            return ""
-        try:
-            url = reverse("admin:nodes_node_proxy", args=[obj.pk])
-        except NoReverseMatch:
-            return ""
-        return format_html('<a class="button" href="{}">{}</a>', url, _("Proxy"))
-
     @admin.display(description=_("Visit"))
     def visit_link(self, obj):
         if not obj:
@@ -372,11 +363,6 @@ class NodeAdmin(EntityModelAdmin):
                 self.admin_site.admin_view(self.update_selected_progress),
                 name="nodes_node_update_selected_progress",
             ),
-            path(
-                "<int:node_id>/proxy/",
-                self.admin_site.admin_view(self.proxy_node),
-                name="nodes_node_proxy",
-            ),
         ]
         return custom + urls
 
@@ -409,162 +395,6 @@ class NodeAdmin(EntityModelAdmin):
         )
         return response
 
-    def _load_local_private_key(self, node):
-        security_dir = Path(node.base_path or settings.BASE_DIR) / "security"
-        priv_path = security_dir / f"{node.public_endpoint}"
-        if not priv_path.exists():
-            return None, _("Local node private key not found.")
-        try:
-            return (
-                serialization.load_pem_private_key(
-                    priv_path.read_bytes(), password=None
-                ),
-                "",
-            )
-        except Exception as exc:  # pragma: no cover - unexpected errors
-            return None, str(exc)
-
-    def _build_proxy_payload(self, request, local_node):
-        user = request.user
-        payload = {
-            "requester": str(local_node.uuid),
-            "user": {
-                "username": user.get_username(),
-                "email": user.email or "",
-                "first_name": user.first_name or "",
-                "last_name": user.last_name or "",
-                "is_staff": user.is_staff,
-                "is_superuser": user.is_superuser,
-                "groups": list(user.groups.values_list("name", flat=True)),
-                "permissions": sorted(user.get_all_permissions()),
-            },
-            "target": reverse("admin:index"),
-        }
-        mac_address = str(local_node.mac_address or "").strip()
-        if mac_address:
-            payload["requester_mac"] = mac_address
-        public_key = local_node.public_key
-        if public_key:
-            payload["requester_public_key"] = public_key
-        return payload
-
-    def _start_proxy_session(self, request, node):
-        if node.is_local:
-            return {"ok": False, "message": _("Local node cannot be proxied.")}
-
-        local_node = Node.get_local()
-        if local_node is None:
-            try:
-                local_node, _ = Node.register_current()
-            except Exception as exc:  # pragma: no cover - unexpected errors
-                return {"ok": False, "message": str(exc)}
-
-        private_key, error = self._load_local_private_key(local_node)
-        if private_key is None:
-            return {"ok": False, "message": error}
-
-        payload = self._build_proxy_payload(request, local_node)
-        body = json.dumps(payload, separators=(",", ":"), sort_keys=True)
-        try:
-            signature = private_key.sign(
-                body.encode(),
-                padding.PKCS1v15(),
-                hashes.SHA256(),
-            )
-        except Exception as exc:  # pragma: no cover - unexpected errors
-            return {"ok": False, "message": str(exc)}
-
-        headers = {
-            "Content-Type": "application/json",
-            "X-Signature": base64.b64encode(signature).decode(),
-        }
-
-        last_error = ""
-        redirect_codes = {301, 302, 303, 307, 308}
-
-        for url in self._iter_remote_urls(node, "/nodes/proxy/session/"):
-            candidate_url = url
-            redirects_followed = 0
-            success = False
-
-            while True:
-                try:
-                    response = requests.post(
-                        candidate_url,
-                        data=body,
-                        headers=headers,
-                        timeout=5,
-                        allow_redirects=False,
-                    )
-                except RequestException as exc:
-                    last_error = str(exc)
-                    break
-
-                if response.status_code in redirect_codes:
-                    location = response.headers.get("Location")
-                    if not location:
-                        last_error = f"{response.status_code} redirect missing Location header"
-                        break
-
-                    redirects_followed += 1
-                    if redirects_followed > 3:
-                        last_error = "Too many redirects"
-                        break
-
-                    candidate_url = urljoin(candidate_url, location)
-                    continue
-
-                if not response.ok:
-                    last_error = f"{response.status_code} {response.text}"
-                    break
-
-                try:
-                    data = response.json()
-                except ValueError:
-                    last_error = "Invalid JSON response"
-                    break
-
-                login_url = data.get("login_url")
-                if not login_url:
-                    last_error = "login_url missing"
-                    break
-
-                success = True
-                break
-
-            if success:
-                return {
-                    "ok": True,
-                    "login_url": login_url,
-                    "expires": data.get("expires"),
-                }
-
-        return {
-            "ok": False,
-            "message": last_error or "Unable to initiate proxy.",
-        }
-
-    def proxy_node(self, request, node_id):
-        node = self.get_queryset(request).filter(pk=node_id).first()
-        if not node:
-            raise Http404
-        if not self.has_view_permission(request):
-            raise PermissionDenied
-        result = self._start_proxy_session(request, node)
-        if not result.get("ok"):
-            message = result.get("message") or _("Unable to proxy node.")
-            self.message_user(request, message, messages.ERROR)
-            return redirect("admin:nodes_node_changelist")
-
-        context = {
-            **self.admin_site.each_context(request),
-            "opts": self.model._meta,
-            "node": node,
-            "frame_url": result.get("login_url"),
-            "expires": result.get("expires"),
-        }
-        return TemplateResponse(request, "admin/nodes/node/proxy.html", context)
-
     @admin.action(description="Register Visitor")
     def register_visitor(self, request, queryset=None):
         return self.register_visitor_view(request)
@@ -1230,6 +1060,156 @@ class NodeAdmin(EntityModelAdmin):
 
         return self._render_rfid_sync(request, "export", results)
 
+    @admin.action(description=_("Discover Charge Points"))
+    def discover_charge_points(self, request, queryset):
+        local_node, private_key, error = self._load_local_node_credentials()
+        if error:
+            self.message_user(request, error, level=messages.ERROR)
+            return
+
+        nodes = [node for node in queryset if not local_node.pk or node.pk != local_node.pk]
+        if not nodes:
+            self.message_user(request, _("No remote nodes selected."), level=messages.WARNING)
+            return
+
+        payload = json.dumps(
+            {"requester": str(local_node.uuid)},
+            separators=(",", ":"),
+            sort_keys=True,
+        )
+        signature = self._sign_payload(private_key, payload)
+        headers = {
+            "Content-Type": "application/json",
+            "X-Signature": signature,
+        }
+
+        created = 0
+        updated = 0
+        errors: list[str] = []
+
+        for node in nodes:
+            url = f"http://{node.address}:{node.port}/nodes/network/chargers/"
+            try:
+                response = requests.post(url, data=payload, headers=headers, timeout=5)
+            except RequestException as exc:
+                errors.append(f"{node}: {exc}")
+                continue
+
+            if response.status_code != 200:
+                errors.append(f"{node}: {response.status_code} {response.text}")
+                continue
+
+            try:
+                data = response.json()
+            except ValueError:
+                errors.append(f"{node}: invalid JSON response")
+                continue
+
+            for entry in data.get("chargers", []):
+                applied = self._apply_remote_charger_payload(node, entry)
+                if applied == "created":
+                    created += 1
+                elif applied == "updated":
+                    updated += 1
+
+        if created or updated:
+            summary = _("Imported %(created)s new and %(updated)s existing charge point(s).") % {
+                "created": created,
+                "updated": updated,
+            }
+            self.message_user(request, summary, level=messages.SUCCESS)
+        if errors:
+            for error in errors:
+                self.message_user(request, error, level=messages.ERROR)
+
+    def _apply_remote_charger_payload(self, node, payload: Mapping) -> str | None:
+        serial = Charger.normalize_serial(payload.get("charger_id"))
+        if not serial or Charger.is_placeholder_serial(serial):
+            return None
+
+        connector_value = payload.get("connector_id")
+        if connector_value in ("", None):
+            connector_value = None
+        elif isinstance(connector_value, str):
+            try:
+                connector_value = int(connector_value)
+            except ValueError:
+                connector_value = None
+
+        charger, created = Charger.objects.get_or_create(
+            charger_id=serial,
+            connector_id=connector_value,
+        )
+
+        location_obj = None
+        location_payload = payload.get("location")
+        if isinstance(location_payload, Mapping):
+            name = location_payload.get("name")
+            if name:
+                location_obj, _ = Location.objects.get_or_create(name=name)
+                simple_fields = [
+                    "latitude",
+                    "longitude",
+                    "zone",
+                    "contract_type",
+                ]
+                for field in simple_fields:
+                    value = location_payload.get(field)
+                    setattr(location_obj, field, value)
+                location_obj.save()
+
+        datetime_fields = [
+            "firmware_timestamp",
+            "last_heartbeat",
+            "availability_state_updated_at",
+            "availability_requested_at",
+            "availability_request_status_at",
+            "diagnostics_timestamp",
+            "last_status_timestamp",
+        ]
+
+        updates: dict[str, object] = {
+            "node_origin": node,
+            "allow_remote": bool(payload.get("allow_remote", False)),
+            "export_transactions": bool(payload.get("export_transactions", False)),
+            "last_online_at": timezone.now(),
+        }
+
+        simple_fields = [
+            "display_name",
+            "language",
+            "public_display",
+            "require_rfid",
+            "firmware_status",
+            "firmware_status_info",
+            "last_status",
+            "last_error_code",
+            "last_status_vendor_info",
+            "availability_state",
+            "availability_requested_state",
+            "availability_request_status",
+            "availability_request_details",
+            "temperature",
+            "temperature_unit",
+            "diagnostics_status",
+            "diagnostics_location",
+        ]
+        for field in simple_fields:
+            updates[field] = payload.get(field)
+
+        if location_obj is not None:
+            updates["location"] = location_obj
+
+        for field in datetime_fields:
+            value = payload.get(field)
+            updates[field] = parse_datetime(value) if value else None
+
+        for field in ("last_meter_values",):
+            updates[field] = payload.get(field) or {}
+
+        Charger.objects.filter(pk=charger.pk).update(**updates)
+        return "created" if created else "updated"
+
     def changeform_view(self, request, object_id=None, form_url="", extra_context=None):
         extra_context = extra_context or {}
         if object_id:

nodes/tests.py

@@ -66,6 +66,7 @@ from .models import (
 )
 from .backends import OutboxEmailBackend
 from .tasks import capture_node_screenshot, poll_unreachable_upstream, sample_clipboard
+from ocpp.models import Charger
 from cryptography.hazmat.primitives.asymmetric import rsa, padding
 from cryptography.hazmat.primitives import serialization, hashes
 from core.models import Package, PackageRelease, SecurityGroup, RFID, EnergyAccount, Todo
@@ -1816,132 +1817,6 @@ class NodeAdminTests(TestCase):
         self.assertEqual(response.status_code, 200)
         self.assertContains(response, "data:image/png;base64")
 
-    @patch("nodes.admin.requests.post")
-    def test_proxy_view_uses_remote_login_url(self, mock_post):
-        self.client.get(reverse("admin:nodes_node_register_current"))
-        local_node = Node.objects.get()
-        remote = Node.objects.create(
-            hostname="remote",
-            address="192.0.2.10",
-            port=8443,
-            mac_address="aa:bb:cc:dd:ee:ff",
-        )
-        mock_post.return_value = SimpleNamespace(
-            ok=True,
-            json=lambda: {
-                "login_url": "https://remote.example/nodes/proxy/login/token",
-                "expires": "2025-01-01T00:00:00",
-            },
-            status_code=200,
-            text="ok",
-        )
-        response = self.client.get(
-            reverse("admin:nodes_node_proxy", args=[remote.pk])
-        )
-        self.assertEqual(response.status_code, 200)
-        self.assertTemplateUsed(response, "admin/nodes/node/proxy.html")
-        self.assertContains(response, "<iframe", html=False)
-        mock_post.assert_called()
-        payload = json.loads(mock_post.call_args[1]["data"])
-        self.assertEqual(payload.get("requester"), str(local_node.uuid))
-        self.assertEqual(payload.get("requester_mac"), local_node.mac_address)
-        self.assertEqual(payload.get("requester_public_key"), local_node.public_key)
-
-    @patch("nodes.admin.requests.post")
-    def test_proxy_view_falls_back_to_http_after_ssl_error(self, mock_post):
-        self.client.get(reverse("admin:nodes_node_register_current"))
-        remote = Node.objects.create(
-            hostname="remote-https",
-            address="198.51.100.20",
-            port=443,
-            mac_address="aa:bb:cc:dd:ee:10",
-        )
-        local_node = Node.get_local()
-        success_response = SimpleNamespace(
-            ok=True,
-            json=lambda: {
-                "login_url": "http://remote.example/nodes/proxy/login/token",
-                "expires": "2025-01-01T00:00:00",
-            },
-            status_code=200,
-            text="ok",
-        )
-        mock_post.side_effect = [
-            SSLError("wrong version number"),
-            success_response,
-        ]
-
-        response = self.client.get(
-            reverse("admin:nodes_node_proxy", args=[remote.pk])
-        )
-
-        self.assertEqual(response.status_code, 200)
-        self.assertEqual(mock_post.call_count, 2)
-        first_url = mock_post.call_args_list[0].args[0]
-        second_url = mock_post.call_args_list[1].args[0]
-        self.assertTrue(first_url.startswith("https://"))
-        self.assertTrue(second_url.startswith("http://"))
-        self.assertIn("/nodes/proxy/session/", second_url)
-        payload = json.loads(mock_post.call_args_list[-1].kwargs["data"])
-        self.assertEqual(payload.get("requester"), str(local_node.uuid))
-        self.assertEqual(payload.get("requester_mac"), local_node.mac_address)
-        self.assertEqual(payload.get("requester_public_key"), local_node.public_key)
-
-    @patch("nodes.admin.requests.post")
-    def test_proxy_view_retries_post_after_redirect(self, mock_post):
-        self.client.get(reverse("admin:nodes_node_register_current"))
-        remote = Node.objects.create(
-            hostname="redirect-node",
-            public_endpoint="http://remote.example",
-            address="198.51.100.30",
-            mac_address="aa:bb:cc:dd:ee:20",
-        )
-
-        redirect_response = SimpleNamespace(
-            status_code=301,
-            ok=True,
-            text="redirect",
-            headers={"Location": "https://remote.example/nodes/proxy/session/"},
-        )
-        success_response = SimpleNamespace(
-            status_code=200,
-            ok=True,
-            text="ok",
-            headers={},
-            json=lambda: {
-                "login_url": "https://remote.example/nodes/proxy/login/token",
-                "expires": "2025-01-01T00:00:00",
-            },
-        )
-
-        mock_post.side_effect = [redirect_response, success_response]
-
-        response = self.client.get(
-            reverse("admin:nodes_node_proxy", args=[remote.pk])
-        )
-
-        self.assertEqual(response.status_code, 200)
-        self.assertEqual(mock_post.call_count, 2)
-
-        first_call_kwargs = mock_post.call_args_list[0].kwargs
-        self.assertFalse(first_call_kwargs.get("allow_redirects", True))
-
-        second_url = mock_post.call_args_list[1].args[0]
-        self.assertEqual(second_url, "https://remote.example/nodes/proxy/session/")
-        second_call_kwargs = mock_post.call_args_list[1].kwargs
-        self.assertFalse(second_call_kwargs.get("allow_redirects", True))
-
-    def test_proxy_link_displayed_for_remote_nodes(self):
-        Node.objects.create(
-            hostname="remote",
-            address="203.0.113.1",
-            port=8000,
-            mac_address="aa:aa:aa:aa:aa:01",
-        )
-        response = self.client.get(reverse("admin:nodes_node_changelist"))
-        proxy_url = reverse("admin:nodes_node_proxy", args=[1])
-        self.assertContains(response, proxy_url)
-
     def test_visit_link_uses_local_admin_dashboard_for_local_node(self):
         node_admin = admin.site._registry[Node]
         local_node = self._create_local_node()
@@ -1974,14 +1849,14 @@ class NodeAdminTests(TestCase):
             port=8443,
         )
 
-        urls = list(node_admin._iter_remote_urls(remote, "/nodes/proxy/session/"))
+        urls = list(node_admin._iter_remote_urls(remote, "/nodes/info/"))
 
         self.assertIn(
-            "https://example.com:8443/interface/nodes/proxy/session/",
+            "https://example.com:8443/interface/nodes/info/",
             urls,
         )
         self.assertIn(
-            "http://example.com:8443/interface/nodes/proxy/session/",
+            "http://example.com:8443/interface/nodes/info/",
             urls,
         )
         combined = "".join(urls)
@@ -3605,6 +3480,82 @@ class NetMessageSignatureTests(TestCase):
         self.assertTrue(signature_one)
         self.assertTrue(signature_two)
         self.assertNotEqual(signature_one, signature_two)
+
+
+class NetworkChargerActionSecurityTests(TestCase):
+    def setUp(self):
+        self.client = Client()
+        self.local_node = Node.objects.create(
+            hostname="local-node",
+            address="127.0.0.1",
+            port=8000,
+            mac_address="00:aa:bb:cc:dd:10",
+            public_endpoint="local-endpoint",
+        )
+        self.authorized_node = Node.objects.create(
+            hostname="authorized-node",
+            address="127.0.0.2",
+            port=8001,
+            mac_address="00:aa:bb:cc:dd:11",
+            public_endpoint="authorized-endpoint",
+        )
+        self.unauthorized_node, self.unauthorized_key = self._create_signed_node(
+            "unauthorized-node",
+            mac_suffix=0x12,
+        )
+        self.charger = Charger.objects.create(
+            charger_id="SECURE-TEST-1",
+            allow_remote=True,
+            manager_node=self.authorized_node,
+            node_origin=self.local_node,
+        )
+
+    def _create_signed_node(self, hostname: str, *, mac_suffix: int):
+        key = rsa.generate_private_key(public_exponent=65537, key_size=2048)
+        public_bytes = key.public_key().public_bytes(
+            encoding=serialization.Encoding.PEM,
+            format=serialization.PublicFormat.SubjectPublicKeyInfo,
+        )
+        node = Node.objects.create(
+            hostname=hostname,
+            address="10.0.0.{:d}".format(mac_suffix),
+            port=8020,
+            mac_address="00:aa:bb:cc:dd:{:02x}".format(mac_suffix),
+            public_key=public_bytes.decode(),
+            public_endpoint=f"{hostname}-endpoint",
+        )
+        return node, key
+
+    def test_rejects_requests_from_unmanaged_nodes(self):
+        url = reverse("node-network-charger-action")
+        payload = {
+            "requester": str(self.unauthorized_node.uuid),
+            "charger_id": self.charger.charger_id,
+            "action": "reset",
+        }
+        body = json.dumps(payload).encode()
+        signature = self.unauthorized_key.sign(
+            body,
+            padding.PKCS1v15(),
+            hashes.SHA256(),
+        )
+        headers = {"HTTP_X_SIGNATURE": base64.b64encode(signature).decode()}
+
+        with patch.object(Node, "get_local", return_value=self.local_node):
+            response = self.client.post(
+                url,
+                data=body,
+                content_type="application/json",
+                **headers,
+            )
+
+        self.assertEqual(response.status_code, 403)
+        self.assertEqual(
+            response.json().get("detail"),
+            "requester does not manage this charger",
+        )
+
+
 class StartupNotificationTests(TestCase):
     def test_startup_notification_uses_hostname_and_revision(self):
         from nodes.apps import _startup_notification

nodes/urls.py

@@ -11,6 +11,12 @@ urlpatterns = [
     path("net-message/pull/", views.net_message_pull, name="net-message-pull"),
     path("rfid/export/", views.export_rfids, name="node-rfid-export"),
     path("rfid/import/", views.import_rfids, name="node-rfid-import"),
+    path("network/chargers/", views.network_chargers, name="node-network-chargers"),
+    path(
+        "network/chargers/action/",
+        views.network_charger_action,
+        name="node-network-charger-action",
+    ),
     path("proxy/session/", views.proxy_session, name="node-proxy-session"),
     path("proxy/login/<str:token>/", views.proxy_login, name="node-proxy-login"),
     path("proxy/execute/", views.proxy_execute, name="node-proxy-execute"),