arthexis 0.1.26__py3-none-any.whl → 0.1.28__py3-none-any.whl

core/tests.py

@@ -5,6 +5,7 @@ import django
 
 django.setup()
 
+from django import forms
 from django.test import Client, TestCase, RequestFactory, override_settings
 from django.urls import reverse
 from django.http import HttpRequest
@@ -51,6 +52,7 @@ from core.admin import (
     PackageReleaseAdmin,
     PackageAdmin,
     RFIDResource,
+    SecurityGroupAdmin,
     UserAdmin,
     USER_PROFILE_INLINES,
 )
@@ -309,6 +311,16 @@ class UserAdminInlineTests(TestCase):
         self.assertEqual(len(other_profiles), len(USER_PROFILE_INLINES))
 
 
+class SecurityGroupAdminTests(TestCase):
+    def setUp(self):
+        self.site = AdminSite()
+        self.admin = SecurityGroupAdmin(SecurityGroup, self.site)
+
+    def test_search_fields_include_name_and_parent(self):
+        self.assertIn("name", self.admin.search_fields)
+        self.assertIn("parent__name", self.admin.search_fields)
+
+
 class RFIDLoginTests(TestCase):
     def setUp(self):
         self.client = Client()
@@ -324,7 +336,9 @@ class RFIDLoginTests(TestCase):
             content_type="application/json",
         )
         self.assertEqual(response.status_code, 200)
-        self.assertEqual(response.json()["username"], "alice")
+        payload = response.json()
+        self.assertEqual(payload["username"], "alice")
+        self.assertEqual(payload["redirect"], "/")
 
     def test_rfid_login_invalid(self):
         response = self.client.post(
@@ -348,6 +362,7 @@ class RFIDLoginTests(TestCase):
         )
 
         self.assertEqual(response.status_code, 200)
+        self.assertEqual(response.json().get("redirect"), "/")
         run_args, run_kwargs = mock_run.call_args
         self.assertEqual(run_args[0], "echo ok")
         self.assertTrue(run_kwargs.get("shell"))
@@ -384,6 +399,7 @@ class RFIDLoginTests(TestCase):
         )
 
         self.assertEqual(response.status_code, 200)
+        self.assertEqual(response.json().get("redirect"), "/")
         mock_popen.assert_called_once()
         args, kwargs = mock_popen.call_args
         self.assertEqual(args[0], "echo welcome")
@@ -410,6 +426,24 @@ class RFIDLoginTests(TestCase):
         self.assertEqual(response.status_code, 401)
         mock_popen.assert_not_called()
 
+    def test_rfid_login_uses_next_redirect(self):
+        response = self.client.post(
+            reverse("rfid-login"),
+            data={"rfid": "CARD123", "next": "/dashboard/"},
+            content_type="application/json",
+        )
+        self.assertEqual(response.status_code, 200)
+        self.assertEqual(response.json().get("redirect"), "/dashboard/")
+
+    def test_rfid_login_ignores_unsafe_redirect(self):
+        response = self.client.post(
+            reverse("rfid-login"),
+            data={"rfid": "CARD123", "next": "https://example.com/"},
+            content_type="application/json",
+        )
+        self.assertEqual(response.status_code, 200)
+        self.assertEqual(response.json().get("redirect"), "/")
+
 
 class RFIDBatchApiTests(TestCase):
     def setUp(self):
@@ -442,6 +476,140 @@ class RFIDBatchApiTests(TestCase):
             },
         )
 
+
+class UserAdminPasswordChangeTests(TestCase):
+    def setUp(self):
+        self.client = Client()
+        self.admin = User.objects.create_superuser(
+            username="admin", email="admin@example.com", password="adminpass"
+        )
+        self.user = User.objects.create_user(username="target", password="oldpass")
+        self.client.force_login(self.admin)
+
+    def test_change_password_form_excludes_rfid_field(self):
+        url = reverse("admin:core_user_password_change", args=[self.user.pk])
+        response = self.client.get(url)
+        self.assertEqual(response.status_code, 200)
+        self.assertNotContains(response, 'name="rfid"')
+        self.assertNotContains(response, "Login RFID")
+
+    def test_change_password_does_not_alter_existing_rfid_assignment(self):
+        account = EnergyAccount.objects.create(user=self.user, name="TARGET")
+        tag = RFID.objects.create(rfid="CARD778")
+        account.rfids.add(tag)
+        url = reverse("admin:core_user_password_change", args=[self.user.pk])
+        response = self.client.post(
+            url,
+            {
+                "new_password1": "NewStrongPass123",
+                "new_password2": "NewStrongPass123",
+            },
+        )
+        self.assertRedirects(
+            response, reverse("admin:core_user_change", args=[self.user.pk])
+        )
+        account.refresh_from_db()
+        self.assertTrue(account.rfids.filter(pk=tag.pk).exists())
+        self.user.refresh_from_db()
+        self.assertTrue(self.user.check_password("NewStrongPass123"))
+
+
+class UserAdminLoginRFIDTests(TestCase):
+    def setUp(self):
+        self.client = Client()
+        self.admin = User.objects.create_superuser(
+            username="admin", email="admin@example.com", password="adminpass"
+        )
+        self.user = User.objects.create_user(username="target", password="oldpass")
+        self.client.force_login(self.admin)
+
+    def _build_change_form_data(self, response, **overrides):
+        form = response.context["adminform"].form
+        data = {}
+        for name, field in form.fields.items():
+            if isinstance(field, forms.ModelMultipleChoiceField):
+                initial = form.initial.get(name, field.initial) or []
+                data[name] = [str(value.pk) for value in initial]
+            elif isinstance(field, forms.BooleanField):
+                initial = form.initial.get(name, field.initial)
+                if initial:
+                    data[name] = "on"
+            elif name != "login_rfid":
+                value = form.initial.get(name, field.initial)
+                data[name] = "" if value is None else value
+        data["_save"] = "Save"
+        data.update({key: value for key, value in overrides.items() if value is not None})
+        return data
+
+    def test_change_form_includes_login_rfid_field(self):
+        tag = RFID.objects.create(rfid="CARD777")
+        EnergyAccount.objects.create(user=self.user, name="TARGET")
+        url = reverse("admin:core_user_change", args=[self.user.pk])
+        response = self.client.get(url)
+        self.assertEqual(response.status_code, 200)
+        self.assertContains(response, 'name="login_rfid"')
+        self.assertContains(response, str(tag.pk))
+
+    def test_change_form_assigns_login_rfid(self):
+        account = EnergyAccount.objects.create(user=self.user, name="TARGET")
+        tag = RFID.objects.create(rfid="CARD778")
+        url = reverse("admin:core_user_change", args=[self.user.pk])
+        response = self.client.get(url)
+        form_data = self._build_change_form_data(response, login_rfid=str(tag.pk))
+        post_response = self.client.post(url, form_data)
+        self.assertRedirects(
+            post_response, reverse("admin:core_user_change", args=[self.user.pk])
+        )
+        account.refresh_from_db()
+        self.assertTrue(account.rfids.filter(pk=tag.pk).exists())
+
+    def test_change_form_creates_energy_account_when_missing(self):
+        tag = RFID.objects.create(rfid="CARD779")
+        url = reverse("admin:core_user_change", args=[self.user.pk])
+        response = self.client.get(url)
+        form_data = self._build_change_form_data(response, login_rfid=str(tag.pk))
+        post_response = self.client.post(url, form_data)
+        self.assertRedirects(
+            post_response, reverse("admin:core_user_change", args=[self.user.pk])
+        )
+        account = EnergyAccount.objects.get(user=self.user)
+        self.assertTrue(account.rfids.filter(pk=tag.pk).exists())
+
+
+class AdminSitePasswordChangeTests(TestCase):
+    def setUp(self):
+        self.client = Client()
+        self.admin = User.objects.create_superuser(
+            username="admin", email="admin@example.com", password="adminpass"
+        )
+        self.client.force_login(self.admin)
+
+    def test_admin_password_change_form_excludes_rfid_field(self):
+        response = self.client.get(reverse("admin:password_change"))
+        self.assertEqual(response.status_code, 200)
+        self.assertNotContains(response, 'name="rfid"')
+        self.assertNotContains(response, "Login RFID")
+
+    def test_admin_password_change_keeps_existing_rfid_assignment(self):
+        account = EnergyAccount.objects.create(user=self.admin, name="ADMIN")
+        tag = RFID.objects.create(rfid="CARD881")
+        account.rfids.add(tag)
+        response = self.client.post(
+            reverse("admin:password_change"),
+            {
+                "old_password": "adminpass",
+                "new_password1": "UltraSecurePass123",
+                "new_password2": "UltraSecurePass123",
+                "password1": "UltraSecurePass123",
+                "password2": "UltraSecurePass123",
+            },
+        )
+        self.assertRedirects(response, reverse("admin:password_change_done"))
+        self.admin.refresh_from_db()
+        self.assertTrue(self.admin.check_password("UltraSecurePass123"))
+        account.refresh_from_db()
+        self.assertTrue(account.rfids.filter(pk=tag.pk).exists())
+
     def test_export_rfids_color_filter(self):
         RFID.objects.create(rfid="CARD111", color=RFID.WHITE)
         response = self.client.get(reverse("rfid-batch"), {"color": "W"})
@@ -990,6 +1158,38 @@ class RFIDImportExportCommandTests(TestCase):
         result = resource.import_data(dataset, dry_run=False)
         self.assertFalse(result.has_errors())
 
+    def test_admin_import_restores_soft_deleted_label(self):
+        tag = RFID.objects.create(rfid="DELETEME01")
+        label = tag.label_id
+        tag.delete()
+        self.assertFalse(RFID.objects.filter(label_id=label).exists())
+        self.assertTrue(
+            RFID.all_objects.filter(label_id=label, is_deleted=True).exists()
+        )
+
+        resource = RFIDResource()
+        headers = resource.get_export_headers()
+        dataset = Dataset()
+        dataset.headers = headers
+        row = {header: "" for header in headers}
+        row.update(
+            {
+                "label_id": str(label),
+                "rfid": "DELETEME02",
+                "allowed": "true",
+                "color": RFID.BLACK,
+                "kind": RFID.CLASSIC,
+            }
+        )
+        dataset.append([row[h] for h in headers])
+
+        result = resource.import_data(dataset, dry_run=False)
+
+        self.assertFalse(result.has_errors())
+        restored = RFID.all_objects.get(label_id=label)
+        self.assertEqual(restored.rfid, "DELETEME02")
+        self.assertFalse(restored.is_deleted)
+
         account = EnergyAccount.objects.get(name="IMPORTED ADMIN ACCOUNT")
         tag = RFID.objects.get(rfid="NAMETAG002")
         self.assertTrue(tag.energy_accounts.filter(pk=account.pk).exists())
@@ -2534,7 +2734,7 @@ class TodoFocusViewTests(TestCase):
     def test_focus_view_sanitizes_loopback_absolute_url(self):
         todo = Todo.objects.create(
             request="Task",
-            url="http://127.0.0.1:8000/docs/?section=chart",
+            url="http://127.0.0.1:8888/docs/?section=chart",
         )
         resp = self.client.get(reverse("todo-focus", args=[todo.pk]))
         self.assertContains(resp, 'src="/docs/?section=chart"')

core/user_data.py

@@ -1,5 +1,6 @@
 from __future__ import annotations
 
+from functools import lru_cache
 from pathlib import Path
 from io import BytesIO
 from zipfile import ZipFile
@@ -65,9 +66,13 @@ def _fixture_path(user, instance) -> Path:
     return _data_dir(user) / filename
 
 
-def _seed_fixture_path(instance) -> Path | None:
-    label = f"{instance._meta.app_label}.{instance._meta.model_name}"
+_SEED_FIXTURE_IGNORED_FIELDS = {"is_seed_data", "is_deleted", "is_user_data"}
+
+
+@lru_cache(maxsize=1)
+def _seed_fixture_index():
     base = Path(settings.BASE_DIR)
+    index: dict[str, dict[str, object]] = {}
     for path in base.glob("**/fixtures/*.json"):
         try:
             data = json.loads(path.read_text(encoding="utf-8"))
@@ -76,28 +81,55 @@ def _seed_fixture_path(instance) -> Path | None:
         if not isinstance(data, list) or not data:
             continue
         obj = data[0]
-        if obj.get("model") != label:
+        if not isinstance(obj, dict):
             continue
-        pk = obj.get("pk")
-        if pk is not None and pk == instance.pk:
-            return path
-        fields = obj.get("fields", {}) or {}
+        label = obj.get("model")
+        if not isinstance(label, str):
+            continue
+        fields = obj.get("fields") or {}
+        if not isinstance(fields, dict):
+            fields = {}
         comparable_fields = {
             key: value
             for key, value in fields.items()
-            if key not in {"is_seed_data", "is_deleted", "is_user_data"}
+            if key not in _SEED_FIXTURE_IGNORED_FIELDS
         }
+        pk = obj.get("pk")
+        entries = index.setdefault(label, {"pk": {}, "fields": []})
+        pk_index = entries.setdefault("pk", {})
+        field_index = entries.setdefault("fields", [])
+        if pk is not None:
+            pk_index[pk] = path
         if comparable_fields:
-            match = True
-            for field_name, value in comparable_fields.items():
-                if not hasattr(instance, field_name):
-                    match = False
-                    break
-                if getattr(instance, field_name) != value:
-                    match = False
-                    break
-            if match:
-                return path
+            field_index.append((comparable_fields, path))
+    return index
+
+
+def _seed_fixture_path(instance, *, index=None) -> Path | None:
+    label = f"{instance._meta.app_label}.{instance._meta.model_name}"
+    fixture_index = index or _seed_fixture_index()
+    entries = fixture_index.get(label)
+    if not entries:
+        return None
+    pk = getattr(instance, "pk", None)
+    pk_index = entries.get("pk", {})
+    if pk is not None:
+        path = pk_index.get(pk)
+        if path is not None:
+            return path
+    for comparable_fields, path in entries.get("fields", []):
+        match = True
+        if not isinstance(comparable_fields, dict):
+            continue
+        for field_name, value in comparable_fields.items():
+            if not hasattr(instance, field_name):
+                match = False
+                break
+            if getattr(instance, field_name) != value:
+                match = False
+                break
+        if match:
+            return path
     return None
 
 
@@ -581,6 +613,7 @@ def _iter_entity_admin_models():
 
 def _seed_data_view(request):
     sections = []
+    fixture_index = _seed_fixture_index()
     for model, model_admin in _iter_entity_admin_models():
         objs = model.objects.filter(is_seed_data=True)
         if not objs.exists():
@@ -591,7 +624,7 @@ def _seed_data_view(request):
                 f"admin:{obj._meta.app_label}_{obj._meta.model_name}_change",
                 args=[obj.pk],
             )
-            fixture = _seed_fixture_path(obj)
+            fixture = _seed_fixture_path(obj, index=fixture_index)
             items.append({"url": url, "label": str(obj), "fixture": fixture})
         sections.append({"opts": model._meta, "items": items})
     context = admin.site.each_context(request)

core/views.py

@@ -11,7 +11,7 @@ import requests
 from django.conf import settings
 from django.contrib.admin.sites import site as admin_site
 from django.contrib.admin.views.decorators import staff_member_required
-from django.contrib.auth import authenticate, login
+from django.contrib.auth import REDIRECT_FIELD_NAME, authenticate, login
 from django.contrib import messages
 from django.contrib.sites.models import Site
 from django.http import Http404, JsonResponse, HttpResponse
@@ -99,7 +99,7 @@ def odoo_quote_report(request):
 
     if not profile or not profile.is_verified:
         context["error"] = _(
-            "Configure and verify your Odoo employee credentials before generating the report."
+            "Configure and verify your CRM employee credentials before generating the report."
         )
         return TemplateResponse(
             request, "admin/core/odoo_quote_report.html", context
@@ -470,9 +470,60 @@ def _resolve_release_log_dir(preferred: Path) -> tuple[Path, str | None]:
     return fallback, warning
 
 
+def _commit_todo_fixtures_if_needed(log_path: Path) -> None:
+    """Stage and commit modified TODO fixtures before syncing with origin/main."""
+
+    try:
+        status = subprocess.run(
+            ["git", "status", "--porcelain"],
+            check=True,
+            capture_output=True,
+            text=True,
+        )
+    except subprocess.CalledProcessError:
+        return
+
+    todo_paths: set[Path] = set()
+    for line in (status.stdout or "").splitlines():
+        if not line:
+            continue
+        path_fragment = line[3:].strip()
+        if "->" in path_fragment:
+            path_fragment = path_fragment.split("->", 1)[1].strip()
+        path = Path(path_fragment)
+        if path.suffix == ".json" and path.parent == Path("core/fixtures"):
+            if path.name.startswith("todo__"):
+                todo_paths.add(path)
+
+    if not todo_paths:
+        return
+
+    sorted_paths = sorted(todo_paths)
+    subprocess.run(
+        ["git", "add", *[str(path) for path in sorted_paths]],
+        check=True,
+    )
+    formatted = ", ".join(_format_path(path) for path in sorted_paths)
+    _append_log(log_path, f"Staged TODO fixtures {formatted}")
+
+    diff = subprocess.run(
+        ["git", "diff", "--cached", "--name-only", "--", *[str(path) for path in sorted_paths]],
+        check=True,
+        capture_output=True,
+        text=True,
+    )
+
+    if (diff.stdout or "").strip():
+        message = "chore: update TODO fixtures"
+        subprocess.run(["git", "commit", "-m", message], check=True)
+        _append_log(log_path, f"Committed TODO fixtures ({message})")
+
+
 def _sync_with_origin_main(log_path: Path) -> None:
     """Ensure the current branch is rebased onto ``origin/main``."""
 
+    _commit_todo_fixtures_if_needed(log_path)
+
     if not _has_remote("origin"):
         _append_log(log_path, "No git remote configured; skipping sync with origin/main")
         return
@@ -1549,12 +1600,28 @@ def rfid_login(request):
     if not rfid:
         return JsonResponse({"detail": "rfid required"}, status=400)
 
+    redirect_to = data.get(REDIRECT_FIELD_NAME) or data.get("next")
+    if redirect_to and not url_has_allowed_host_and_scheme(
+        redirect_to,
+        allowed_hosts={request.get_host()},
+        require_https=request.is_secure(),
+    ):
+        redirect_to = ""
+
     user = authenticate(request, rfid=rfid)
     if user is None:
         return JsonResponse({"detail": "invalid RFID"}, status=401)
 
     login(request, user)
-    return JsonResponse({"id": user.id, "username": user.username})
+    if redirect_to:
+        target = redirect_to
+    elif user.is_staff:
+        target = reverse("admin:index")
+    else:
+        target = "/"
+    return JsonResponse(
+        {"id": user.id, "username": user.username, "redirect": target}
+    )
 
 
 @api_login_required