arthexis 0.1.9__py3-none-any.whl → 0.1.26__py3-none-any.whl

core/temp_passwords.py

@@ -0,0 +1,181 @@
+"""Utilities for temporary password lock files."""
+
+from __future__ import annotations
+
+import hashlib
+import json
+import re
+import secrets
+import string
+from dataclasses import dataclass
+from datetime import datetime, timedelta
+from pathlib import Path
+from typing import Optional
+
+from django.conf import settings
+from django.contrib.auth.hashers import check_password, make_password
+from django.utils import timezone
+from django.utils.dateparse import parse_datetime
+
+
+DEFAULT_PASSWORD_LENGTH = 16
+DEFAULT_EXPIRATION = timedelta(hours=1)
+_SAFE_COMPONENT_RE = re.compile(r"[^A-Za-z0-9_.-]+")
+
+
+def _base_lock_dir() -> Path:
+    """Return the root directory used for temporary password lock files."""
+
+    configured = getattr(settings, "TEMP_PASSWORD_LOCK_DIR", None)
+    if configured:
+        path = Path(configured)
+    else:
+        path = Path(settings.BASE_DIR) / "locks" / "temp-passwords"
+    path.mkdir(parents=True, exist_ok=True)
+    return path
+
+
+def _safe_component(value: str) -> str:
+    """Return a filesystem safe component derived from ``value``."""
+
+    if not value:
+        return ""
+    safe = _SAFE_COMPONENT_RE.sub("_", value)
+    safe = safe.strip("._")
+    return safe[:64]
+
+
+def _lockfile_name(username: str) -> str:
+    """Return the filename used for the provided ``username``."""
+
+    digest = hashlib.sha256(username.encode("utf-8")).hexdigest()[:12]
+    safe = _safe_component(username)
+    if safe:
+        return f"{safe}-{digest}.json"
+    return f"user-{digest}.json"
+
+
+def _lockfile_path(username: str) -> Path:
+    """Return the lockfile path for ``username``."""
+
+    return _base_lock_dir() / _lockfile_name(username)
+
+
+def _parse_timestamp(value: str | None) -> Optional[datetime]:
+    """Return a timezone aware datetime parsed from ``value``."""
+
+    if not value:
+        return None
+    parsed = parse_datetime(value)
+    if parsed is None:
+        return None
+    if timezone.is_naive(parsed):
+        parsed = timezone.make_aware(parsed)
+    return parsed
+
+
+@dataclass(frozen=True)
+class TempPasswordEntry:
+    """Details for a temporary password stored on disk."""
+
+    username: str
+    password_hash: str
+    expires_at: datetime
+    created_at: datetime
+    path: Path
+    allow_change: bool = False
+
+    @property
+    def is_expired(self) -> bool:
+        return timezone.now() >= self.expires_at
+
+    def check_password(self, raw_password: str) -> bool:
+        """Return ``True`` if ``raw_password`` matches this entry."""
+
+        return check_password(raw_password, self.password_hash)
+
+
+def generate_password(length: int = DEFAULT_PASSWORD_LENGTH) -> str:
+    """Return a random password composed of letters and digits."""
+
+    if length <= 0:
+        raise ValueError("length must be a positive integer")
+    alphabet = string.ascii_letters + string.digits
+    return "".join(secrets.choice(alphabet) for _ in range(length))
+
+
+def store_temp_password(
+    username: str,
+    raw_password: str,
+    expires_at: Optional[datetime] = None,
+    *,
+    allow_change: bool = False,
+) -> TempPasswordEntry:
+    """Persist a temporary password for ``username`` and return the entry."""
+
+    if expires_at is None:
+        expires_at = timezone.now() + DEFAULT_EXPIRATION
+    if timezone.is_naive(expires_at):
+        expires_at = timezone.make_aware(expires_at)
+    created_at = timezone.now()
+    path = _lockfile_path(username)
+    data = {
+        "username": username,
+        "password_hash": make_password(raw_password),
+        "expires_at": expires_at.isoformat(),
+        "created_at": created_at.isoformat(),
+        "allow_change": allow_change,
+    }
+    path.write_text(json.dumps(data, indent=2, sort_keys=True))
+    return TempPasswordEntry(
+        username=username,
+        password_hash=data["password_hash"],
+        expires_at=expires_at,
+        created_at=created_at,
+        path=path,
+        allow_change=allow_change,
+    )
+
+
+def load_temp_password(username: str) -> Optional[TempPasswordEntry]:
+    """Return the stored temporary password for ``username``, if any."""
+
+    path = _lockfile_path(username)
+    if not path.exists():
+        return None
+    try:
+        data = json.loads(path.read_text())
+    except (json.JSONDecodeError, UnicodeDecodeError):
+        path.unlink(missing_ok=True)
+        return None
+
+    expires_at = _parse_timestamp(data.get("expires_at"))
+    created_at = _parse_timestamp(data.get("created_at")) or timezone.now()
+    password_hash = data.get("password_hash")
+    if not expires_at or not password_hash:
+        path.unlink(missing_ok=True)
+        return None
+
+    username = data.get("username") or username
+    allow_change_value = data.get("allow_change", False)
+    if isinstance(allow_change_value, str):
+        allow_change = allow_change_value.lower() in {"1", "true", "yes", "on"}
+    else:
+        allow_change = bool(allow_change_value)
+
+    return TempPasswordEntry(
+        username=username,
+        password_hash=password_hash,
+        expires_at=expires_at,
+        created_at=created_at,
+        path=path,
+        allow_change=allow_change,
+    )
+
+
+def discard_temp_password(username: str) -> None:
+    """Remove any stored temporary password for ``username``."""
+
+    path = _lockfile_path(username)
+    path.unlink(missing_ok=True)
+

core/test_system_info.py

@@ -1,43 +1,202 @@
-import os
-from pathlib import Path
-
-os.environ.setdefault("DJANGO_SETTINGS_MODULE", "config.settings")
-
-import django
-
-django.setup()
-
-from django.conf import settings
-from django.test import SimpleTestCase, override_settings
-from core.system import _gather_info
-
-
-class SystemInfoRoleTests(SimpleTestCase):
-    @override_settings(NODE_ROLE="Terminal")
-    def test_defaults_to_terminal(self):
-        info = _gather_info()
-        self.assertEqual(info["role"], "Terminal")
-
-    @override_settings(NODE_ROLE="Satellite")
-    def test_uses_settings_role(self):
-        info = _gather_info()
-        self.assertEqual(info["role"], "Satellite")
-
-
-class SystemInfoScreenModeTests(SimpleTestCase):
-    def test_without_lockfile(self):
-        info = _gather_info()
-        self.assertEqual(info["screen_mode"], "")
-
-    def test_with_lockfile(self):
-        lock_dir = Path(settings.BASE_DIR) / "locks"
-        lock_dir.mkdir(exist_ok=True)
-        lock_file = lock_dir / "screen_mode.lck"
-        lock_file.write_text("tft")
-        try:
-            info = _gather_info()
-            self.assertEqual(info["screen_mode"], "tft")
-        finally:
-            lock_file.unlink()
-            if not any(lock_dir.iterdir()):
-                lock_dir.rmdir()
+import json
+import os
+from datetime import timedelta
+from pathlib import Path
+from subprocess import CompletedProcess
+from tempfile import TemporaryDirectory
+from unittest.mock import Mock, patch
+
+
+os.environ.setdefault("DJANGO_SETTINGS_MODULE", "config.settings")
+
+import django
+
+django.setup()
+
+from django.conf import settings
+from django.test import SimpleTestCase, override_settings
+from nodes.models import Node, NodeFeature, NodeRole
+from core.system import (
+    _gather_info,
+    _load_auto_upgrade_log_entries,
+    _read_auto_upgrade_mode,
+    get_system_sigil_values,
+)
+
+
+class SystemInfoRoleTests(SimpleTestCase):
+    @override_settings(NODE_ROLE="Terminal")
+    def test_defaults_to_terminal(self):
+        info = _gather_info()
+        self.assertEqual(info["role"], "Terminal")
+
+    @override_settings(NODE_ROLE="Satellite")
+    def test_uses_settings_role(self):
+        info = _gather_info()
+        self.assertEqual(info["role"], "Satellite")
+
+
+class SystemInfoScreenModeTests(SimpleTestCase):
+    def test_without_lockfile(self):
+        info = _gather_info()
+        self.assertEqual(info["screen_mode"], "")
+
+    def test_with_lockfile(self):
+        lock_dir = Path(settings.BASE_DIR) / "locks"
+        lock_dir.mkdir(exist_ok=True)
+        lock_file = lock_dir / "screen_mode.lck"
+        lock_file.write_text("tft")
+        try:
+            info = _gather_info()
+            self.assertEqual(info["screen_mode"], "tft")
+        finally:
+            lock_file.unlink()
+            if not any(lock_dir.iterdir()):
+                lock_dir.rmdir()
+
+
+class SystemInfoModeTests(SimpleTestCase):
+    def test_public_mode_case_insensitive(self):
+        lock_dir = Path(settings.BASE_DIR) / "locks"
+        lock_dir.mkdir(exist_ok=True)
+        lock_file = lock_dir / "nginx_mode.lck"
+        lock_file.write_text("PUBLIC", encoding="utf-8")
+        try:
+            info = _gather_info()
+            self.assertEqual(info["mode"], "public")
+            self.assertEqual(info["port"], 8000)
+        finally:
+            lock_file.unlink()
+            if not any(lock_dir.iterdir()):
+                lock_dir.rmdir()
+
+
+class SystemInfoRevisionTests(SimpleTestCase):
+    @patch("core.system.revision.get_revision", return_value="abcdef1234567890")
+    def test_includes_full_revision(self, mock_revision):
+        info = _gather_info()
+        self.assertEqual(info["revision"], "abcdef1234567890")
+        mock_revision.assert_called_once()
+
+
+class SystemInfoDatabaseTests(SimpleTestCase):
+    def test_collects_database_definitions(self):
+        info = _gather_info()
+        self.assertIn("databases", info)
+        aliases = {entry["alias"] for entry in info["databases"]}
+        self.assertIn("default", aliases)
+
+    @override_settings(
+        DATABASES={
+            "default": {
+                "ENGINE": "django.db.backends.sqlite3",
+                "NAME": Path("/tmp/db.sqlite3"),
+            }
+        }
+    )
+    def test_serializes_path_database_names(self):
+        info = _gather_info()
+        databases = info["databases"]
+        self.assertEqual(databases[0]["name"], "/tmp/db.sqlite3")
+
+
+class AutoUpgradeModeTests(SimpleTestCase):
+    def test_lock_file_read_error_marks_enabled(self):
+        mock_path = Mock()
+        mock_path.exists.return_value = True
+        mock_path.read_text.side_effect = OSError
+
+        with patch("core.system._auto_upgrade_mode_file", return_value=mock_path):
+            info = _read_auto_upgrade_mode(Path("/tmp"))
+
+        self.assertTrue(info["lock_exists"])
+        self.assertTrue(info["enabled"])
+        self.assertTrue(info["read_error"])
+
+
+class AutoUpgradeLogParsingTests(SimpleTestCase):
+    def test_parses_zulu_timestamp_entries(self):
+        with TemporaryDirectory() as tmpdir:
+            base_dir = Path(tmpdir)
+            log_dir = base_dir / "logs"
+            log_dir.mkdir()
+            log_path = log_dir / "auto-upgrade.log"
+            log_path.write_text("2024-01-01T12:34:56Z Started\n", encoding="utf-8")
+
+            with patch("core.system._format_timestamp", return_value="formatted") as mock_format:
+                result = _load_auto_upgrade_log_entries(base_dir)
+
+        entries = result["entries"]
+        self.assertEqual(len(entries), 1)
+        entry = entries[0]
+        self.assertEqual(entry["message"], "Started")
+        self.assertEqual(entry["timestamp"], "formatted")
+
+        mock_format.assert_called_once()
+        parsed_dt = mock_format.call_args[0][0]
+        self.assertEqual(parsed_dt.year, 2024)
+        self.assertEqual(parsed_dt.month, 1)
+        self.assertEqual(parsed_dt.day, 1)
+        self.assertEqual(parsed_dt.utcoffset(), timedelta(0))
+
+
+class SystemInfoRunserverDetectionTests(SimpleTestCase):
+    @patch("core.system.subprocess.run")
+    def test_detects_runserver_process_port(self, mock_run):
+        mock_run.return_value = CompletedProcess(
+            args=["pgrep"],
+            returncode=0,
+            stdout="123 python manage.py runserver 0.0.0.0:8000 --noreload\n",
+        )
+
+        info = _gather_info()
+
+        self.assertTrue(info["running"])
+        self.assertEqual(info["port"], 8000)
+
+    @patch("core.system._probe_ports", return_value=(True, 8000))
+    @patch("core.system.subprocess.run", side_effect=FileNotFoundError)
+    def test_falls_back_to_port_probe_when_pgrep_missing(self, mock_run, mock_probe):
+        info = _gather_info()
+
+        self.assertTrue(info["running"])
+        self.assertEqual(info["port"], 8000)
+
+
+class SystemSigilValueTests(SimpleTestCase):
+    def test_exports_values_for_sigil_resolution(self):
+        sample_info = {
+            "installed": True,
+            "revision": "abcdef",
+            "service": "gunicorn",
+            "mode": "internal",
+            "port": 8888,
+            "role": "Terminal",
+            "screen_mode": "",
+            "features": [
+                {"display": "Feature", "expected": True, "actual": False, "slug": "feature"}
+            ],
+            "running": True,
+            "service_status": "active",
+            "hostname": "example.local",
+            "ip_addresses": ["127.0.0.1"],
+            "databases": [
+                {
+                    "alias": "default",
+                    "engine": "django.db.backends.sqlite3",
+                    "name": "db.sqlite3",
+                }
+            ],
+        }
+        with patch("core.system._gather_info", return_value=sample_info):
+            values = get_system_sigil_values()
+
+        self.assertEqual(values["REVISION"], "abcdef")
+        self.assertEqual(values["RUNNING"], "True")
+        self.assertEqual(values["NGINX_MODE"], "internal (8888)")
+        self.assertEqual(values["IP_ADDRESSES"], "127.0.0.1")
+        features = json.loads(values["FEATURES"])
+        self.assertEqual(features[0]["display"], "Feature")
+        databases = json.loads(values["DATABASES"])
+        self.assertEqual(databases[0]["alias"], "default")
+