django-nativemojo 0.1.10__py3-none-any.whl → 0.1.15__py3-none-any.whl

mojo/apps/account/models/member.py

@@ -34,7 +34,6 @@ class GroupMember(models.Model, MojoModel):
             "default": {
                 "fields": [
                     'id',
-                    'name',
                     'created',
                     'modified',
                     'is_active',
@@ -61,11 +60,11 @@ class GroupMember(models.Model, MojoModel):
             return req_member.has_permission(["manage_group", "manage_members"])
         return False
 
-    def set_permissions(self, value, request):
+    def set_permissions(self, value):
             if not isinstance(value, dict):
                 return
             for perm, perm_value in value.items():
-                if not self.can_change_permission(perm, perm_value, request):
+                if not self.can_change_permission(perm, perm_value, self.active_request):
                     raise merrors.PermissionDeniedException()
                 if bool(perm_value):
                     self.add_permission(perm)
@@ -73,12 +72,24 @@ class GroupMember(models.Model, MojoModel):
                     self.remove_permission(perm)
 
     def has_permission(self, perm_key):
-        """Check if user has a specific permission in JSON field."""
+        """
+        Check if user has a specific permission—supports system-level permissions via 'sys.' prefix.
+        If perm_key starts with 'sys.', only the user-level permission is checked.
+        Otherwise, checks group-member-level permission as before.
+        """
+        # Support lists for "OR" logic
         if isinstance(perm_key, list):
             for pk in perm_key:
                 if self.has_permission(pk):
                     return True
             return False
+
+        # System-level: only check user permission
+        SYS_PREFIX = "sys."
+        if isinstance(perm_key, str) and perm_key.startswith(SYS_PREFIX):
+            bare_perm = perm_key[len(SYS_PREFIX):]
+            return self.user.has_permission(bare_perm)
+
         if perm_key == "all":
             return True
         return self.permissions.get(perm_key, False)

mojo/apps/account/models/user.py

@@ -5,10 +5,29 @@ from mojo.helpers.settings import settings
 from mojo import errors as merrors
 from mojo.helpers import dates
 from mojo.apps.account.utils.jwtoken import JWToken
+from mojo.apps import metrics
 import uuid
 
+SYS_USER_PERMS_PROTECTION = {
+    "manage_users": "manage_users",
+    "manage_groups": "manage_users",
+    "view_logs": "manage_users",
+    "view_incidents": "manage_users",
+    "view_admin": "manage_users",
+    "view_taskqueue": "manage_users",
+    "view_global": "manage_users",
+    "manage_notifications": "manage_users",
+    "manage_files": "manage_users",
+    "force_single_session": "manage_users",
+    "file_vault": "manage_users",
+    "manage_aws": "manage_users"
+}
+
 USER_PERMS_PROTECTION = settings.get("USER_PERMS_PROTECTION", {})
+USER_PERMS_PROTECTION.update(SYS_USER_PERMS_PROTECTION)
+
 USER_LAST_ACTIVITY_FREQ = settings.get("USER_LAST_ACTIVITY_FREQ", 300)
+METRICS_TIMEZONE = settings.get("METRICS_TIMEZONE", "America/Los_Angeles")
 
 class CustomUserManager(BaseUserManager):
     def create_user(self, email, password=None, **extra_fields):
@@ -62,6 +81,9 @@ class User(MojoSecrets, AbstractBaseUser, MojoModel):
     is_email_verified = models.BooleanField(default=False)
     is_phone_verified = models.BooleanField(default=False)
 
+    avatar = models.ForeignKey('fileman.File', on_delete=models.SET_NULL,
+        null=True, blank=True, related_name='+')
+
     USERNAME_FIELD = 'username'
     objects = CustomUserManager()
 
@@ -80,12 +102,13 @@ class User(MojoSecrets, AbstractBaseUser, MojoModel):
                     'id',
                     'display_name',
                     'username',
-                    'email',
-                    'phone_number',
                     'last_login',
                     'last_activity',
                     'is_active'
-                ]
+                ],
+                "graphs": {
+                    "avatar": "basic"
+                }
             },
             "default": {
                 "fields": [
@@ -100,7 +123,15 @@ class User(MojoSecrets, AbstractBaseUser, MojoModel):
                     'metadata',
                     'is_active'
                 ],
+                "graphs": {
+                    "avatar": "basic"
+                }
             },
+            "full": {
+                "graphs": {
+                    "avatar": "basic"
+                }
+            }
         }
 
     def __str__(self):
@@ -115,6 +146,8 @@ class User(MojoSecrets, AbstractBaseUser, MojoModel):
 
     def touch(self):
         # can't subtract offset-naive and offset-aware datetimes
+        if self.last_activity and not dates.is_today(self.last_activity, METRICS_TIMEZONE):
+            metrics.record("user_activity_day", category="user", min_granularity="days")
         if self.last_activity is None or dates.has_time_elsapsed(self.last_activity, seconds=USER_LAST_ACTIVITY_FREQ):
             self.last_activity = dates.utcnow()
             self.atomic_save()
@@ -125,19 +158,24 @@ class User(MojoSecrets, AbstractBaseUser, MojoModel):
             self.atomic_save()
         return self.auth_key
 
-    def set_permissions(self, value, request):
+    def set_username(self, value):
+        if not isinstance(value, str):
+            raise ValueError("Username must be a string")
+        self.username = value
+
+    def set_permissions(self, value):
         if not isinstance(value, dict):
             return
         for key in value:
             if key in USER_PERMS_PROTECTION:
-                if not request.user.has_permission(USER_PERMS_PROTECTION[key]):
+                if not self.active_user.has_permission(USER_PERMS_PROTECTION[key]):
                     raise merrors.PermissionDeniedException()
-            elif not request.user.has_permission("manage_users"):
+            elif not self.active_user.has_permission("manage_users"):
                 raise merrors.PermissionDeniedException()
             if bool(value[key]):
-                self.add_permission(key)
+                self.add_permission(key, commit=False)
             else:
-                self.remove_permission(key)
+                self.remove_permission(key, commit=False)
 
     def has_module_perms(self, app_label):
         """Check if user has any permissions in a given app."""
@@ -145,7 +183,7 @@ class User(MojoSecrets, AbstractBaseUser, MojoModel):
 
     def has_permission(self, perm_key):
         """Check if user has a specific permission in JSON field."""
-        if isinstance(perm_key, list):
+        if isinstance(perm_key, (list, set)):
             for pk in perm_key:
                 if self.has_permission(pk):
                     return True
@@ -154,25 +192,39 @@ class User(MojoSecrets, AbstractBaseUser, MojoModel):
             return True
         return self.permissions.get(perm_key, False)
 
-    def add_permission(self, perm_key, value=True):
+    def add_permission(self, perm_key, value=True, commit=True):
         """Dynamically add a permission."""
+        changed = False
         if isinstance(perm_key, (list, set)):
             for pk in perm_key:
-                self.permissions[pk] = value
+                if self.permissions.get(pk) != value:
+                    self.permissions[pk] = value
+                    changed = True
         else:
-            self.permissions[perm_key] = value
-        self.save()
+            if self.permissions.get(perm_key) != value:
+                self.permissions[perm_key] = value
+                changed = True
+        if changed:
+            self.log(f"Added permission {perm_key}", "permission:added")
+        if commit and changed:
+            self.save()
 
-    def remove_permission(self, perm_key):
+    def remove_permission(self, perm_key, commit=True):
         """Remove a permission."""
+        changed = False
         if isinstance(perm_key, (list, set)):
             for pk in perm_key:
                 if pk in self.permissions:
                     del self.permissions[pk]
+                    changed = True
         else:
             if perm_key in self.permissions:
                 del self.permissions[perm_key]
-        self.save()
+                changed = True
+        if changed:
+            self.log(f"Removed permission {perm_key}", "permission:removed")
+        if commit and changed:
+            self.save()
 
     def remove_all_permissions(self):
         self.permissions = {}
@@ -182,12 +234,137 @@ class User(MojoSecrets, AbstractBaseUser, MojoModel):
         self.set_password(value)
         self.save()
 
-    def save(self, *args, **kwargs):
+    def validate_email(self):
+        import re
+        if not self.email:
+            raise merrors.ValueException("Email is required")
+        if not re.match(r"[^@]+@[^@]+\.[^@]+", str(self.email)):
+            raise merrors.ValueException("Invalid email format")
+        return True
+
+    def validate_username(self):
         if not self.username:
-            self.username = self.email.split("@")[0]
-        if not self.display_name:
-            self.display_name = self.username
-        super().save(*args, **kwargs)
+            raise merrors.ValueException("Username is required")
+        if len(str(self.username)) <= 2:
+            raise merrors.ValueException("Username must be more than 2 characters")
+        # Check for special characters (only allow alphanumeric, underscore, dot, and @)
+        import re
+        if not re.match(r'^[a-zA-Z0-9_.@]+$', str(self.username)):
+            raise merrors.ValueException("Username can only contain letters, numbers, underscores, dots, and @")
+        # If username contains @, it must match the email field
+        if '@' in str(self.username) and str(self.username) != str(self.email):
+            raise merrors.ValueException("Username containing @ must match the email address")
+        return True
+
+    def set_new_password(self, new_password):
+        self.debug("SET NEW PASSWORD")
+        # Validate password strength
+        if len(new_password) < 8:
+            raise merrors.ValueException("Password must be at least 8 characters long")
+
+        strength_score = 0
+
+        # Length contributes to strength (longer is better)
+        if len(new_password) >= 12:
+            strength_score += 2
+        elif len(new_password) >= 10:
+            strength_score += 1
+
+        # Check for mixed case
+        has_upper = any(c.isupper() for c in new_password)
+        has_lower = any(c.islower() for c in new_password)
+        if has_upper and has_lower:
+            strength_score += 1
+
+        # Check for numbers
+        has_numbers = any(c.isdigit() for c in new_password)
+        if has_numbers:
+            strength_score += 1
+
+        # Check for special characters
+        import re
+        has_special = bool(re.search(r'[!@#$%^&*(),.?":{}|<>]', new_password))
+        if has_special:
+            strength_score += 1
+
+        # Require minimum strength score
+        if strength_score < 2:
+            raise merrors.ValueException("Password is too weak. Use a longer password or include a mix of uppercase, lowercase, numbers, and special characters")
+
+        self.set_password(new_password)
+        self._set_field_change("new_password", "*", "*********")
+
+    def can_change_password(self):
+        if self.pk == self.active_user.pk:
+            return True
+        if self.active_user.is_superuser:
+            return True
+        if self.active_user.has_permission(["manage_users"]):
+            return True
+        return False
+
+    def generate_username_from_email(self):
+        """Generate a username from email, falling back to email if username exists."""
+        if not self.email:
+            raise merrors.ValueException("Email is required to generate username")
+
+        # Try using the part before @ as username
+        potential_username = self.email.split("@")[0].lower()
+
+        # Check if this username already exists
+        qset = User.objects.filter(username=potential_username)
+        if self.pk is not None:
+            qset = qset.exclude(pk=self.pk)
+
+        # If username doesn't exist, use it
+        if not qset.exists():
+            return potential_username
+
+        # Fall back to using the full email as username
+        return self.email.lower()
+
+    def on_rest_pre_save(self, changed_fields, created):
+        self.debug("PRE SAVE")
+        creds_changed = False
+        if "email" in changed_fields:
+            creds_changed = True
+            self.validate_email()
+            self.email = self.email.lower()
+            if not self.username:
+                self.username = self.generate_username_from_email()
+            elif "@" in self.username and self.username != self.email:
+                self.username = self.email
+            qset = User.objects.filter(email=self.email)
+            if self.pk is not None:
+                qset = qset.exclude(pk=self.pk)
+            if qset.exists():
+                raise merrors.ValueException("Email already exists")
+        if "username" in changed_fields:
+            creds_changed = True
+            self.validate_username()
+            self.username = self.username.lower()
+            qset = User.objects.filter(username=self.username)
+            if self.pk is not None:
+                qset = qset.exclude(pk=self.pk)
+            if qset.exists():
+                raise merrors.ValueException("Username already exists")
+        if self.pk is not None:
+            # only super user can change email or username
+            if creds_changed and not self.active_user.is_superuser:
+                raise merrors.PermissionDeniedException("You are not allowed to change email or username")
+            if "password" in changed_fields:
+                raise merrors.PermissionDeniedException("You are not allowed to change password")
+            if "new_password" in changed_fields:
+                if not self.can_change_password():
+                    raise merrors.PermissionDeniedException("You are not allowed to change password")
+                self.debug("CHANGING PASSWORD")
+                self.log("****", kind="password:changed")
+            if "email" in changed_fields:
+                self.log(kind="email:changed", log=f"{changed_fields['email']} to {self.email}")
+            if "username" in changed_fields:
+                self.log(kind="username:changed", log=f"{changed_fields['username']} to {self.username}")
+        self.debug("on_rest_pre_save", changed_fields, creds_changed, self.active_user.is_superuser)
+
 
     def check_edit_permission(self, perms, request):
         if "owner" in perms and self.is_request_user():

mojo/apps/account/rest/group.py

@@ -19,6 +19,7 @@ def on_group_me_member(request, pk=None):
     request.group = Group.objects.filter(pk=pk).last()
     if request.group is None:
         return Group.rest_error_response(request, 403, error="GET permission denied: Group")
+    request.group.touch()
     member = request.group.get_member_for_user(request.user)
     if member is None:
         return Group.rest_error_response(request, 403, error="GET permission denied: Member")

mojo/apps/account/rest/user.py

@@ -3,7 +3,7 @@ from mojo.apps.account.utils.jwtoken import JWToken
 # from django.http import JsonResponse
 from mojo.helpers.response import JsonResponse
 from mojo.apps.account.models.user import User
-import datetime
+from mojo.helpers import dates
 
 @md.URL('user')
 @md.URL('user/<int:pk>')
@@ -17,6 +17,8 @@ def on_user_me(request):
 
 
 @md.POST('refresh_token')
+@md.POST('token/refresh')
+@md.POST("auth/token/refresh")
 @md.requires_params("refresh_token")
 def on_refresh_token(request):
     user, error = User.validate_jwt(request.DATA.refresh_token)
@@ -30,6 +32,7 @@ def on_refresh_token(request):
 
 
 @md.POST("login")
+@md.POST("auth/login")
 @md.requires_params("username", "password")
 def on_user_login(request):
     username = request.DATA.username
@@ -41,7 +44,8 @@ def on_user_login(request):
         # Authentication successful
         user.report_incident(f"{user.username} enter an invalid password", "invalid_password")
         return JsonResponse(dict(status=False, error="Invalid username or password", code=401))
-    user.last_login = datetime.datetime.utcnow()
+    user.last_login = dates.utcnow()
     user.touch()
     token_package = JWToken(user.get_auth_key()).create(uid=user.id)
+    token_package['user'] = user.to_dict("basic")
     return JsonResponse(dict(status=True, data=token_package))

mojo/apps/aws/rest/__init__.py

@@ -0,0 +1 @@
+from .s3 import *

mojo/apps/aws/rest/s3.py

@@ -0,0 +1,64 @@
+from mojo import decorators as md
+from mojo import JsonResponse
+from mojo.helpers.aws import s3
+
+
+@md.URL('s3/bucket')
+@md.URL('s3/bucket/<str:bucket_name>')
+@md.requires_perms("manage_aws")
+def on_s3_bucket(request, bucket_name=None):
+    bucket_name = request.DATA.get('bucket_name', bucket_name)
+    if request.method == "GET":
+        if bucket_name is None:
+            # List all buckets
+            buckets = s3.S3.list_all_buckets()
+            return JsonResponse({
+                "size": len(buckets),
+                "count": len(buckets),
+                "data": buckets,
+                "status": True
+            })
+        else:
+            # Get specific bucket info
+            bucket = s3.S3Bucket(bucket_name)
+            if bucket._check_exists():
+                return JsonResponse({"data": {"name": bucket_name, "exists": True}, "status": True})
+            else:
+                return JsonResponse({"error": "Bucket not found", "code": 404}, status=404)
+
+    elif request.method == "POST":
+        if bucket_name is None:
+            return JsonResponse({"error": "Bucket name required"}, status=400)
+
+        # Create or update bucket
+        bucket = s3.S3Bucket(bucket_name)
+        try:
+            if not bucket._check_exists():
+                bucket.create()
+                bucket.enable_cors()
+                return JsonResponse({"message": f"Bucket {bucket_name} created successfully"})
+            else:
+                return JsonResponse({"message": f"Bucket {bucket_name} already exists"})
+        except Exception as e:
+            return JsonResponse({"error": str(e)}, status=500)
+
+    # elif request.method == "DELETE":
+    #     if bucket_name is None:
+    #         return JsonResponse({"error": "Bucket name required"}, status=400)
+
+    #     # Check for confirmation
+    #     if request.DATA.get("confirm_delete") != "yes delete bucket":
+    #         return JsonResponse({"error": "Confirmation required: confirm_delete = 'yes delete bucket'"}, status=400)
+
+    #     # Delete bucket
+    #     bucket = s3.S3Bucket(bucket_name)
+    #     try:
+    #         if bucket._check_exists():
+    #             bucket.delete()
+    #             return JsonResponse({"message": f"Bucket {bucket_name} deleted successfully"})
+    #         else:
+    #             return JsonResponse({"error": "Bucket not found"}, status=404)
+    #     except Exception as e:
+    #         return JsonResponse({"error": str(e)}, status=500)
+
+    return JsonResponse({"message": "Invalid request method"}, status=405)

mojo/apps/fileman/README.md

@@ -103,8 +103,8 @@ const data = await response.json();
     "files": [
         {
             "id": 123,
-            "filename": "document_20231201_abc12345.pdf",
-            "original_filename": "document.pdf",
+            "storage_filename": "document_20231201_abc12345.pdf",
+            "filename": "document.pdf",
             "upload_token": "a1b2c3d4e5f6...",
             "upload_url": "https://s3.amazonaws.com/my-bucket/...",
             "method": "POST",
@@ -297,12 +297,12 @@ class FileUploader {
 
     async uploadFile(file, uploadData) {
         const formData = new FormData();
-        
+
         // Add fields for S3 or other backends
         Object.entries(uploadData.fields || {}).forEach(([key, value]) => {
             formData.append(key, value);
         });
-        
+
         formData.append('file', file);
 
         const response = await fetch(uploadData.upload_url, {
@@ -411,7 +411,7 @@ file_manager = FileManager.objects.create(
     allowed_extensions=["jpg", "jpeg", "png", "gif", "webp"],
     allowed_mime_types=[
         "image/jpeg",
-        "image/png", 
+        "image/png",
         "image/gif",
         "image/webp"
     ],
@@ -429,13 +429,13 @@ def validate_upload(request, file_data):
     # Custom business logic
     if file_data['filename'].startswith('temp_'):
         raise ValidationError('Temporary files not allowed')
-    
+
     # Check file size against user's quota
     user_files_size = File.objects.filter(
         uploaded_by=request.user,
         upload_status=File.COMPLETED
     ).aggregate(total=Sum('file_size'))['total'] or 0
-    
+
     if user_files_size + file_data['size'] > USER_QUOTA:
         raise ValidationError('Upload would exceed user quota')
 ```
@@ -546,4 +546,4 @@ print(f"Backend valid: {is_valid}, Errors: {errors}")
 
 ## License
 
-This project is licensed under the MIT License - see the LICENSE file for details.
+This project is licensed under the MIT License - see the LICENSE file for details.