PyPI - arthexis - Versions diffs - 0.1.9__py3-none-any.whl → 0.1.10__py3-none-any.whl - Mend

arthexis 0.1.9py3-none-any.whl → 0.1.10py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of arthexis might be problematic. Click here for more details.

Files changed (39) hide show

{arthexis-0.1.9.dist-info → arthexis-0.1.10.dist-info}/METADATA +63 -20
{arthexis-0.1.9.dist-info → arthexis-0.1.10.dist-info}/RECORD +39 -36
config/settings.py +221 -23
config/urls.py +6 -0
core/admin.py +401 -35
core/apps.py +3 -0
core/auto_upgrade.py +57 -0
core/backends.py +77 -3
core/fields.py +93 -0
core/models.py +212 -7
core/reference_utils.py +97 -0
core/sigil_builder.py +16 -3
core/system.py +157 -143
core/tasks.py +151 -8
core/test_system_info.py +37 -1
core/tests.py +288 -12
core/user_data.py +103 -8
core/views.py +257 -15
nodes/admin.py +12 -4
nodes/backends.py +109 -17
nodes/models.py +205 -2
nodes/tests.py +370 -1
nodes/views.py +140 -7
ocpp/admin.py +63 -3
ocpp/consumers.py +252 -41
ocpp/evcs.py +6 -3
ocpp/models.py +49 -7
ocpp/simulator.py +62 -5
ocpp/store.py +30 -0
ocpp/tests.py +384 -8
ocpp/views.py +101 -76
pages/context_processors.py +20 -0
pages/forms.py +131 -0
pages/tests.py +434 -13
pages/urls.py +1 -0
pages/views.py +334 -92
{arthexis-0.1.9.dist-info → arthexis-0.1.10.dist-info}/WHEEL +0 -0
{arthexis-0.1.9.dist-info → arthexis-0.1.10.dist-info}/licenses/LICENSE +0 -0
{arthexis-0.1.9.dist-info → arthexis-0.1.10.dist-info}/top_level.txt +0 -0

pages/views.py CHANGED Viewed

@@ -1,7 +1,9 @@
+import base64
 import logging
 from pathlib import Path
 import datetime
 import calendar
+import io
 import shutil
 import re
 from html import escape
@@ -25,13 +27,16 @@ from django.utils import timezone
 from django.utils.encoding import force_bytes, force_str
 from django.utils.http import urlsafe_base64_decode, urlsafe_base64_encode
 from core import mailer, public_wifi
+from core.backends import TOTP_DEVICE_NAME
 from django.utils.translation import gettext as _
 from django.views.decorators.csrf import csrf_exempt, ensure_csrf_cookie
+from django.core.cache import cache
 from django.views.decorators.cache import never_cache
 from django.utils.cache import patch_vary_headers
 from django.core.exceptions import PermissionDenied
 from django.utils.text import slugify
 from django.core.validators import EmailValidator
+from django.db.models import Q
 from core.models import InviteLead, ClientReport, ClientReportSchedule
 try:  # pragma: no cover - optional dependency guard
@@ -44,6 +49,10 @@ except ImportError:  # pragma: no cover - handled gracefully in views
 import markdown
 from pages.utils import landing
 from core.liveupdate import live_update
+from django_otp import login as otp_login
+from django_otp.plugins.otp_totp.models import TOTPDevice
+import qrcode
+from .forms import AuthenticatorEnrollmentForm, AuthenticatorLoginForm
 from .models import Module
@@ -67,9 +76,13 @@ def _filter_models_for_request(models, request):
         model_admin = admin.site._registry.get(model)
         if model_admin is None:
             continue
-        if not model_admin.has_module_permission(request):
+        if not model_admin.has_module_permission(request) and not getattr(
+            request.user, "is_staff", False
+        ):
             continue
-        if not model_admin.has_view_permission(request, obj=None):
+        if not model_admin.has_view_permission(request, obj=None) and not getattr(
+            request.user, "is_staff", False
+        ):
             continue
         allowed.append(model)
     return allowed
@@ -80,8 +93,13 @@ def _admin_has_app_permission(request, app_label: str) -> bool:
     has_app_permission = getattr(admin.site, "has_app_permission", None)
     if callable(has_app_permission):
-        return has_app_permission(request, app_label)
-    return bool(admin.site.get_app_list(request, app_label))
+        allowed = has_app_permission(request, app_label)
+    else:
+        allowed = bool(admin.site.get_app_list(request, app_label))
+    if not allowed and getattr(request.user, "is_staff", False):
+        return True
+    return allowed
 def _resolve_related_model(field, default_app_label: str):
@@ -454,6 +472,7 @@ class CustomLoginView(LoginView):
     """Login view that redirects staff to the admin."""
     template_name = "pages/login.html"
+    form_class = AuthenticatorLoginForm
     def dispatch(self, request, *args, **kwargs):
         if request.user.is_authenticated:
@@ -481,13 +500,165 @@ class CustomLoginView(LoginView):
             return reverse("admin:index")
         return "/"
+    def form_valid(self, form):
+        response = super().form_valid(form)
+        device = form.get_verified_device()
+        if device is not None:
+            otp_login(self.request, device)
+        return response
 login_view = CustomLoginView.as_view()
+@staff_member_required
+def authenticator_setup(request):
+    """Allow staff to enroll an authenticator app for TOTP logins."""
+    user = request.user
+    device_qs = TOTPDevice.objects.filter(user=user)
+    if TOTP_DEVICE_NAME:
+        device_qs = device_qs.filter(name=TOTP_DEVICE_NAME)
+    pending_device = device_qs.filter(confirmed=False).order_by("-id").first()
+    confirmed_device = device_qs.filter(confirmed=True).order_by("-id").first()
+    enrollment_form = AuthenticatorEnrollmentForm(device=pending_device)
+    if request.method == "POST":
+        action = request.POST.get("action")
+        if action == "generate":
+            device = pending_device or confirmed_device or TOTPDevice(user=user)
+            if TOTP_DEVICE_NAME:
+                device.name = TOTP_DEVICE_NAME
+            if device.pk is None:
+                device.save()
+            device.key = TOTPDevice._meta.get_field("key").get_default()
+            device.confirmed = False
+            device.drift = 0
+            device.last_t = -1
+            device.throttling_failure_count = 0
+            device.throttling_failure_timestamp = None
+            device.throttle_reset(commit=False)
+            device.save()
+            messages.success(
+                request,
+                _(
+                    "Scan the QR code with your authenticator app, then "
+                    "enter a code below to confirm enrollment."
+                ),
+            )
+            return redirect("pages:authenticator-setup")
+        if action == "confirm" and pending_device is not None:
+            enrollment_form = AuthenticatorEnrollmentForm(
+                request.POST, device=pending_device
+            )
+            if enrollment_form.is_valid():
+                pending_device.confirmed = True
+                pending_device.save(update_fields=["confirmed"])
+                messages.success(
+                    request,
+                    _(
+                        "Authenticator app confirmed. You can now log in "
+                        "with codes from your device."
+                    ),
+                )
+                return redirect("pages:authenticator-setup")
+        if action == "remove":
+            if device_qs.exists():
+                device_qs.delete()
+                messages.success(
+                    request,
+                    _(
+                        "Authenticator enrollment removed. Password logins "
+                        "remain available."
+                    ),
+                )
+            return redirect("pages:authenticator-setup")
+    pending_device = device_qs.filter(confirmed=False).order_by("-id").first()
+    confirmed_device = device_qs.filter(confirmed=True).order_by("-id").first()
+    qr_data_uri = None
+    manual_key = None
+    if pending_device is not None:
+        config_url = pending_device.config_url
+        qr = qrcode.QRCode(box_size=10, border=4)
+        qr.add_data(config_url)
+        qr.make(fit=True)
+        image = qr.make_image(fill_color="black", back_color="white")
+        buffer = io.BytesIO()
+        image.save(buffer, format="PNG")
+        qr_data_uri = "data:image/png;base64," + base64.b64encode(buffer.getvalue()).decode(
+            "ascii"
+        )
+        secret = pending_device.key or ""
+        manual_key = " ".join(secret[i : i + 4] for i in range(0, len(secret), 4))
+    context = {
+        "pending_device": pending_device,
+        "confirmed_device": confirmed_device,
+        "qr_data_uri": qr_data_uri,
+        "manual_key": manual_key,
+        "enrollment_form": enrollment_form,
+    }
+    return TemplateResponse(request, "pages/authenticator_setup.html", context)
+INVITATION_REQUEST_MIN_SUBMISSION_INTERVAL = datetime.timedelta(seconds=3)
+INVITATION_REQUEST_THROTTLE_LIMIT = 3
+INVITATION_REQUEST_THROTTLE_WINDOW = datetime.timedelta(hours=1)
+INVITATION_REQUEST_HONEYPOT_MESSAGE = _(
+    "We could not process your request. Please try again."
+)
+INVITATION_REQUEST_TOO_FAST_MESSAGE = _(
+    "That was a little too fast. Please wait a moment and try again."
+)
+INVITATION_REQUEST_TIMESTAMP_ERROR = _(
+    "We could not verify your submission. Please reload the page and try again."
+)
+INVITATION_REQUEST_THROTTLE_MESSAGE = _(
+    "We've already received a few requests. Please try again later."
+)
 class InvitationRequestForm(forms.Form):
     email = forms.EmailField()
-    comment = forms.CharField(required=False, widget=forms.Textarea, label=_("Comment"))
+    comment = forms.CharField(
+        required=False, widget=forms.Textarea, label=_("Comment")
+    )
+    honeypot = forms.CharField(
+        required=False,
+        label=_("Leave blank"),
+        widget=forms.TextInput(attrs={"autocomplete": "off"}),
+    )
+    timestamp = forms.DateTimeField(required=False, widget=forms.HiddenInput())
+    min_submission_interval = INVITATION_REQUEST_MIN_SUBMISSION_INTERVAL
+    def __init__(self, *args, **kwargs):
+        super().__init__(*args, **kwargs)
+        if not self.is_bound:
+            self.fields["timestamp"].initial = timezone.now()
+        self.fields["honeypot"].widget.attrs.setdefault("aria-hidden", "true")
+        self.fields["honeypot"].widget.attrs.setdefault("tabindex", "-1")
+    def clean(self):
+        cleaned = super().clean()
+        honeypot_value = cleaned.get("honeypot", "")
+        if honeypot_value:
+            raise forms.ValidationError(INVITATION_REQUEST_HONEYPOT_MESSAGE)
+        timestamp = cleaned.get("timestamp")
+        if timestamp is None:
+            cleaned["timestamp"] = timezone.now()
+            return cleaned
+        now = timezone.now()
+        if timestamp > now or (now - timestamp) < self.min_submission_interval:
+            raise forms.ValidationError(INVITATION_REQUEST_TOO_FAST_MESSAGE)
+        return cleaned
 @csrf_exempt
@@ -499,68 +670,78 @@ def request_invite(request):
         email = form.cleaned_data["email"]
         comment = form.cleaned_data.get("comment", "")
         ip_address = request.META.get("REMOTE_ADDR")
-        mac_address = public_wifi.resolve_mac_address(ip_address)
-        lead = InviteLead.objects.create(
-            email=email,
-            comment=comment,
-            user=request.user if request.user.is_authenticated else None,
-            path=request.path,
-            referer=request.META.get("HTTP_REFERER", ""),
-            user_agent=request.META.get("HTTP_USER_AGENT", ""),
-            ip_address=ip_address,
-            mac_address=mac_address or "",
+        throttle_filters = Q(email__iexact=email)
+        if ip_address:
+            throttle_filters |= Q(ip_address=ip_address)
+        window_start = timezone.now() - INVITATION_REQUEST_THROTTLE_WINDOW
+        recent_requests = InviteLead.objects.filter(
+            throttle_filters, created_on__gte=window_start
         )
-        logger.info("Invitation requested for %s", email)
-        User = get_user_model()
-        users = list(User.objects.filter(email__iexact=email))
-        if not users:
-            logger.warning("Invitation requested for unknown email %s", email)
-        for user in users:
-            uid = urlsafe_base64_encode(force_bytes(user.pk))
-            token = default_token_generator.make_token(user)
-            link = request.build_absolute_uri(
-                reverse("pages:invitation-login", args=[uid, token])
+        if recent_requests.count() >= INVITATION_REQUEST_THROTTLE_LIMIT:
+            form.add_error(None, INVITATION_REQUEST_THROTTLE_MESSAGE)
+        else:
+            mac_address = public_wifi.resolve_mac_address(ip_address)
+            lead = InviteLead.objects.create(
+                email=email,
+                comment=comment,
+                user=request.user if request.user.is_authenticated else None,
+                path=request.path,
+                referer=request.META.get("HTTP_REFERER", ""),
+                user_agent=request.META.get("HTTP_USER_AGENT", ""),
+                ip_address=ip_address,
+                mac_address=mac_address or "",
             )
-            subject = _("Your invitation link")
-            body = _("Use the following link to access your account: %(link)s") % {
-                "link": link
-            }
-            try:
-                node_error = None
-                node = Node.get_local()
-                if node:
-                    try:
-                        result = node.send_mail(subject, body, [email])
-                    except Exception as exc:
-                        node_error = exc
-                        logger.exception(
-                            "Node send_mail failed, falling back to default backend"
-                        )
+            logger.info("Invitation requested for %s", email)
+            User = get_user_model()
+            users = list(User.objects.filter(email__iexact=email))
+            if not users:
+                logger.warning("Invitation requested for unknown email %s", email)
+            for user in users:
+                uid = urlsafe_base64_encode(force_bytes(user.pk))
+                token = default_token_generator.make_token(user)
+                link = request.build_absolute_uri(
+                    reverse("pages:invitation-login", args=[uid, token])
+                )
+                subject = _("Your invitation link")
+                body = _("Use the following link to access your account: %(link)s") % {
+                    "link": link
+                }
+                try:
+                    node_error = None
+                    node = Node.get_local()
+                    if node:
+                        try:
+                            result = node.send_mail(subject, body, [email])
+                        except Exception as exc:
+                            node_error = exc
+                            logger.exception(
+                                "Node send_mail failed, falling back to default backend"
+                            )
+                            result = mailer.send(
+                                subject, body, [email], settings.DEFAULT_FROM_EMAIL
+                            )
+                    else:
                         result = mailer.send(
                             subject, body, [email], settings.DEFAULT_FROM_EMAIL
                         )
-                else:
-                    result = mailer.send(
-                        subject, body, [email], settings.DEFAULT_FROM_EMAIL
-                    )
-                lead.sent_on = timezone.now()
-                if node_error:
-                    lead.error = (
-                        f"Node email send failed: {node_error}. "
-                        "Invite was sent using default mail backend; ensure the "
-                        "node's email service is running or check its configuration."
+                    lead.sent_on = timezone.now()
+                    if node_error:
+                        lead.error = (
+                            f"Node email send failed: {node_error}. "
+                            "Invite was sent using default mail backend; ensure the "
+                            "node's email service is running or check its configuration."
+                        )
+                    else:
+                        lead.error = ""
+                    logger.info(
+                        "Invitation email sent to %s (user %s): %s", email, user.pk, result
                     )
-                else:
-                    lead.error = ""
-                logger.info(
-                    "Invitation email sent to %s (user %s): %s", email, user.pk, result
-                )
-            except Exception as exc:
-                lead.error = f"{exc}. Ensure the email service is reachable and settings are correct."
-                logger.exception("Failed to send invitation email to %s", email)
-        if lead.sent_on or lead.error:
-            lead.save(update_fields=["sent_on", "error"])
-        sent = True
+                except Exception as exc:
+                    lead.error = f"{exc}. Ensure the email service is reachable and settings are correct."
+                    logger.exception("Failed to send invitation email to %s", email)
+            if lead.sent_on or lead.error:
+                lead.save(update_fields=["sent_on", "error"])
+            sent = True
     return render(request, "pages/request_invite.html", {"form": form, "sent": sent})
@@ -626,30 +807,41 @@ class ClientReportForm(forms.Form):
     ]
     RECURRENCE_CHOICES = ClientReportSchedule.PERIODICITY_CHOICES
     period = forms.ChoiceField(
-        choices=PERIOD_CHOICES, widget=forms.RadioSelect, initial="range"
+        choices=PERIOD_CHOICES,
+        widget=forms.RadioSelect,
+        initial="range",
+        help_text=_("Choose how the reporting window will be calculated."),
     )
     start = forms.DateField(
         label=_("Start date"),
         required=False,
         widget=forms.DateInput(attrs={"type": "date"}),
+        help_text=_("First day included when using a custom date range."),
     )
     end = forms.DateField(
         label=_("End date"),
         required=False,
         widget=forms.DateInput(attrs={"type": "date"}),
+        help_text=_("Last day included when using a custom date range."),
     )
     week = forms.CharField(
         label=_("Week"),
         required=False,
         widget=forms.TextInput(attrs={"type": "week"}),
+        help_text=_("Generates the report for the ISO week that you select."),
     )
     month = forms.DateField(
         label=_("Month"),
         required=False,
         widget=forms.DateInput(attrs={"type": "month"}),
+        help_text=_("Generates the report for the calendar month that you select."),
     )
     owner = forms.ModelChoiceField(
-        queryset=get_user_model().objects.all(), required=False
+        queryset=get_user_model().objects.all(),
+        required=False,
+        help_text=_(
+            "Sets who owns the report schedule and is listed as the requestor."
+        ),
     )
     destinations = forms.CharField(
         label=_("Email destinations"),
@@ -661,6 +853,7 @@ class ClientReportForm(forms.Form):
         label=_("Recurrency"),
         choices=RECURRENCE_CHOICES,
         initial=ClientReportSchedule.PERIODICITY_NONE,
+        help_text=_("Defines how often the report should be generated automatically."),
     )
     disable_emails = forms.BooleanField(
         label=_("Disable email delivery"),
@@ -723,36 +916,85 @@ def client_report(request):
     form = ClientReportForm(request.POST or None, request=request)
     report = None
     schedule = None
-    if request.method == "POST" and form.is_valid():
-        owner = form.cleaned_data.get("owner")
-        if not owner and request.user.is_authenticated:
-            owner = request.user
-        report = ClientReport.generate(
-            form.cleaned_data["start"],
-            form.cleaned_data["end"],
-            owner=owner,
-            recipients=form.cleaned_data.get("destinations"),
-            disable_emails=form.cleaned_data.get("disable_emails", False),
-        )
-        report.store_local_copy()
-        recurrence = form.cleaned_data.get("recurrence")
-        if recurrence and recurrence != ClientReportSchedule.PERIODICITY_NONE:
-            schedule = ClientReportSchedule.objects.create(
-                owner=owner,
-                created_by=request.user if request.user.is_authenticated else None,
-                periodicity=recurrence,
-                email_recipients=form.cleaned_data.get("destinations", []),
-                disable_emails=form.cleaned_data.get("disable_emails", False),
+    if request.method == "POST":
+        if not request.user.is_authenticated:
+            form.is_valid()  # Run validation to surface field errors alongside auth error.
+            form.add_error(
+                None, _("You must log in to generate client reports."),
             )
-            report.schedule = schedule
-            report.save(update_fields=["schedule"])
-            messages.success(
-                request,
-                _(
-                    "Client report schedule created; future reports will be generated automatically."
-                ),
-            )
-    context = {"form": form, "report": report, "schedule": schedule}
+        elif form.is_valid():
+            throttle_seconds = getattr(settings, "CLIENT_REPORT_THROTTLE_SECONDS", 60)
+            throttle_keys = []
+            if request.user.is_authenticated:
+                throttle_keys.append(f"client-report:user:{request.user.pk}")
+            remote_addr = request.META.get("HTTP_X_FORWARDED_FOR")
+            if remote_addr:
+                remote_addr = remote_addr.split(",")[0].strip()
+            remote_addr = remote_addr or request.META.get("REMOTE_ADDR")
+            if remote_addr:
+                throttle_keys.append(f"client-report:ip:{remote_addr}")
+            added_keys = []
+            blocked = False
+            for key in throttle_keys:
+                if cache.add(key, timezone.now(), throttle_seconds):
+                    added_keys.append(key)
+                else:
+                    blocked = True
+                    break
+            if blocked:
+                for key in added_keys:
+                    cache.delete(key)
+                form.add_error(
+                    None,
+                    _(
+                        "Client reports can only be generated periodically. Please wait before trying again."
+                    ),
+                )
+            else:
+                owner = form.cleaned_data.get("owner")
+                if not owner and request.user.is_authenticated:
+                    owner = request.user
+                report = ClientReport.generate(
+                    form.cleaned_data["start"],
+                    form.cleaned_data["end"],
+                    owner=owner,
+                    recipients=form.cleaned_data.get("destinations"),
+                    disable_emails=form.cleaned_data.get("disable_emails", False),
+                )
+                report.store_local_copy()
+                recurrence = form.cleaned_data.get("recurrence")
+                if recurrence and recurrence != ClientReportSchedule.PERIODICITY_NONE:
+                    schedule = ClientReportSchedule.objects.create(
+                        owner=owner,
+                        created_by=request.user if request.user.is_authenticated else None,
+                        periodicity=recurrence,
+                        email_recipients=form.cleaned_data.get("destinations", []),
+                        disable_emails=form.cleaned_data.get("disable_emails", False),
+                    )
+                    report.schedule = schedule
+                    report.save(update_fields=["schedule"])
+                    messages.success(
+                        request,
+                        _(
+                            "Client report schedule created; future reports will be generated automatically."
+                        ),
+                    )
+    try:
+        login_url = reverse("pages:login")
+    except NoReverseMatch:
+        try:
+            login_url = reverse("login")
+        except NoReverseMatch:
+            login_url = getattr(settings, "LOGIN_URL", None)
+    context = {
+        "form": form,
+        "report": report,
+        "schedule": schedule,
+        "login_url": login_url,
+    }
     return render(request, "pages/client_report.html", context)

{arthexis-0.1.9.dist-info → arthexis-0.1.10.dist-info}/WHEEL RENAMED Viewed

File without changes

{arthexis-0.1.9.dist-info → arthexis-0.1.10.dist-info}/licenses/LICENSE RENAMED Viewed

File without changes

{arthexis-0.1.9.dist-info → arthexis-0.1.10.dist-info}/top_level.txt RENAMED Viewed

File without changes

arthexis 0.1.9__py3-none-any.whl → 0.1.10__py3-none-any.whl

Potentially problematic release.

arthexis 0.1.9py3-none-any.whl → 0.1.10py3-none-any.whl