messagefoundry 0.1.0__py3-none-any.whl

messagefoundry/console/connections.py

@@ -0,0 +1,324 @@
+# SPDX-License-Identifier: AGPL-3.0-or-later
+# Copyright (C) 2026 MessageFoundry Organization and contributors
+"""Connections dashboard: one row per endpoint (each inbound + each outbound connection).
+
+A toolbar acts on the selected rows — Start/Stop/Restart operate on the selected **inbound**
+connections; Purge clears the queue of the selected **outbound** connections. The table is fed by
+the server-computed ``GET /connections`` rows, so the page stays thin. Clicking a row's *Logs*
+link asks the shell to open the Log Search page filtered to that connection.
+"""
+
+from __future__ import annotations
+
+from dataclasses import dataclass
+from typing import Callable
+
+from PySide6.QtCore import QItemSelectionModel, Qt, Signal
+from PySide6.QtGui import QBrush, QColor
+from PySide6.QtWidgets import (
+    QHBoxLayout,
+    QLabel,
+    QMenu,
+    QMessageBox,
+    QPushButton,
+    QTableWidgetItem,
+    QToolButton,
+    QVBoxLayout,
+    QWidget,
+)
+
+from messagefoundry.api.models import ConnectionRow
+from messagefoundry.console._async import AsyncRunner
+from messagefoundry.console.client import ApiError, EngineClient
+from messagefoundry.console.widgets import ConfigurableTable
+
+_COLUMNS = [
+    "Name",
+    "Status",
+    "Direction",
+    "Method",
+    "Logs",
+    "Queue Depth",
+    "Idle",
+    "Alerts",
+    "# Errored",
+    "# Read",
+    "# Written",
+    "Peer",
+    "Port",
+    "Backlog",
+    "Delivered Age",
+]
+_LOGS_COL = 4
+
+# (role, channel_id, destination) identifies a row across refreshes for selection + actions.
+_RowKey = tuple[str, str, str]
+
+
+def _fmt_int(n: int | None) -> str:
+    return "—" if n is None else str(n)
+
+
+def _fmt_secs(s: float | None) -> str:
+    if s is None:
+        return "—"
+    if s < 1:
+        return "0s"
+    if s < 60:
+        return f"{s:.0f}s"
+    if s < 3600:
+        return f"{s / 60:.0f}m"
+    return f"{s / 3600:.1f}h"
+
+
+def _style_link(item: QTableWidgetItem) -> None:
+    """Make a cell look like a clickable link (blue, underlined)."""
+    item.setForeground(QBrush(QColor("#1a73e8")))
+    font = item.font()
+    font.setUnderline(True)
+    item.setFont(font)
+
+
+@dataclass(frozen=True)
+class _Snapshot:
+    """One off-thread refresh result, applied on the main thread. ``error`` set ⇒ the read failed
+    (the table is left as-is); otherwise ``rows`` holds the endpoint list to render."""
+
+    rows: list[ConnectionRow] | None
+    error: str | None
+
+
+class ConnectionsPage(QWidget):
+    """Endpoint table + action toolbar."""
+
+    error = Signal(str)
+    open_logs = Signal(str)  # channel_id — ask the shell to open Log Search filtered to it
+
+    def __init__(self, client: EngineClient, *, poll_client: EngineClient | None = None) -> None:
+        super().__init__()
+        self._client = client  # actions (start/stop/purge) — main thread, may step-up/MFA
+        self._poll = poll_client or client  # reads — run off the main thread (see _async)
+        self._runner = AsyncRunner(self)
+        self._loading = False  # in-flight refresh guard (don't pile up during a slow call)
+        # A refresh requested while one is in flight is latched (not dropped) and re-fired on
+        # completion, so a post-action refresh (start/stop/purge) isn't lost when it lands during a
+        # periodic tick. None = none pending; bool = pending autosize (OR-merged).
+        self._pending: bool | None = None
+
+        self._start = QPushButton("Start")
+        self._stop = QPushButton("Stop")
+        self._actions = QToolButton()
+        self._actions.setText("Actions ▾")
+        self._actions.setPopupMode(QToolButton.ToolButtonPopupMode.InstantPopup)
+        menu = QMenu(self._actions)
+        act_restart = menu.addAction("Restart")
+        menu.addSeparator()
+        act_purge_top = menu.addAction("Purge Top Message")
+        act_purge_all = menu.addAction("Purge All Queued Messages")
+        self._actions.setMenu(menu)
+
+        self._start.clicked.connect(lambda: self._inbound_action(self._client.start_connection))
+        self._stop.clicked.connect(lambda: self._inbound_action(self._client.stop_connection))
+        act_restart.triggered.connect(lambda: self._inbound_action(self._client.restart_connection))
+        act_purge_top.triggered.connect(lambda: self._purge("top"))
+        act_purge_all.triggered.connect(lambda: self._purge("all"))
+
+        toolbar = QHBoxLayout()
+        toolbar.addWidget(QLabel("Connections"))
+        toolbar.addStretch(1)
+        toolbar.addWidget(self._start)
+        toolbar.addWidget(self._stop)
+        toolbar.addWidget(self._actions)
+
+        self._table = ConfigurableTable(
+            _COLUMNS, settings_key="connections/header_state", multi=True
+        )
+        self._table.itemSelectionChanged.connect(self._sync_toolbar)
+        self._table.cellClicked.connect(self._on_cell_clicked)
+        self._loaded = False  # autosize columns on the first (and user-initiated) loads
+
+        layout = QVBoxLayout(self)
+        layout.addLayout(toolbar)
+        layout.addWidget(self._table)
+        self._sync_toolbar()
+
+    def refresh(self, *, autosize: bool = False) -> None:
+        # Read the endpoint list OFF the main thread (a slow/wedged engine can stall /connections for
+        # up to the client timeout); the result applies on the main thread via _apply.
+        if self._loading:
+            self._pending = autosize if self._pending is None else (self._pending or autosize)
+            return  # a fetch is already in flight — latch this one, don't pile up or drop it
+        self._pending = None
+        self._loading = True
+        self._runner.submit(
+            self._fetch,
+            on_done=lambda snap: self._apply(snap, autosize=autosize),
+            on_error=self._on_error,
+        )
+
+    def stop(self) -> None:
+        """Stop the background runner (call on window close) so a late result can't touch dead widgets."""
+        self._runner.stop()
+
+    def _on_error(self, exc: BaseException) -> None:
+        # Belt-and-suspenders: connections() raises only ApiError (handled via the snapshot in _apply),
+        # but an unexpected error must still clear the in-flight guard or the page wedges forever.
+        self._loading = False
+        self.error.emit(str(exc))
+        self._drain_pending()
+
+    def _drain_pending(self) -> bool:
+        """Re-fire a refresh that was latched while one was in flight. Returns True if it did."""
+        if self._pending is None:
+            return False
+        autosize = self._pending
+        self._pending = None
+        self.refresh(autosize=autosize)
+        return True
+
+    def _fetch(self) -> _Snapshot:
+        """Runs on a worker thread — only blocking I/O, no widget access."""
+        try:
+            return _Snapshot(self._poll.connections(), None)
+        except ApiError as exc:
+            return _Snapshot(None, str(exc))
+
+    def _apply(self, snap: _Snapshot, *, autosize: bool = False) -> None:
+        """Runs on the main thread (result slot) — safe to touch widgets."""
+        self._loading = False
+        if self._drain_pending():
+            return  # a refresh was requested mid-flight — re-fire it, skip this superseded snapshot
+        if snap.error is not None:
+            self.error.emit(snap.error)
+            return
+        rows = snap.rows or []
+        selected = self._selected_keys()
+        self._table.begin_populate()
+        self._table.setRowCount(len(rows))
+        for r, row in enumerate(rows):
+            key: _RowKey = (row.role, row.channel_id, row.destination or "")
+            cells = [
+                row.name,
+                f"{row.status} [SIMULATED]" if row.simulated else row.status,
+                row.direction,
+                row.method,
+                "Logs",  # clickable cell -> open_logs (see _on_cell_clicked)
+                _fmt_int(row.queue_depth),
+                _fmt_secs(row.idle_seconds),
+                _fmt_int(row.alerts_active),
+                _fmt_int(row.errored),
+                _fmt_int(row.read),
+                _fmt_int(row.written),
+                row.peer or "",
+                _fmt_int(row.port),
+                _fmt_secs(row.backlog_seconds),
+                _fmt_secs(row.delivered_age_seconds),
+            ]
+            for c, text in enumerate(cells):
+                item = QTableWidgetItem(text)
+                if c == 0:
+                    item.setData(Qt.ItemDataRole.UserRole, key)
+                elif c == _LOGS_COL:
+                    _style_link(item)
+                self._table.setItem(r, c, item)
+        self._table.end_populate(autosize=autosize or not self._loaded)
+        self._loaded = True
+        self._reselect(selected)
+
+    def reload(self) -> None:
+        """User-initiated load (nav/open) — autosizes columns to contents."""
+        self.refresh(autosize=True)
+
+    # --- selection -----------------------------------------------------------
+
+    def _selected_keys(self) -> list[_RowKey]:
+        model = self._table.selectionModel()
+        if model is None:
+            return []
+        keys: list[_RowKey] = []
+        for index in model.selectedRows():
+            item = self._table.item(index.row(), 0)
+            data = item.data(Qt.ItemDataRole.UserRole) if item else None
+            if data:
+                keys.append((data[0], data[1], data[2]))
+        return keys
+
+    def _reselect(self, keys: list[_RowKey]) -> None:
+        model = self._table.selectionModel()
+        if model is None or not keys:
+            self._sync_toolbar()
+            return
+        wanted = set(keys)
+        self._table.blockSignals(True)
+        model.clearSelection()
+        flags = QItemSelectionModel.SelectionFlag.Select | QItemSelectionModel.SelectionFlag.Rows
+        for r in range(self._table.rowCount()):
+            item = self._table.item(r, 0)
+            data = item.data(Qt.ItemDataRole.UserRole) if item else None
+            if data and (data[0], data[1], data[2]) in wanted:
+                model.select(self._table.model().index(r, 0), flags)
+        self._table.blockSignals(False)
+        self._sync_toolbar()
+
+    def _sync_toolbar(self) -> None:
+        has = bool(self._selected_keys())
+        self._start.setEnabled(has)
+        self._stop.setEnabled(has)
+        self._actions.setEnabled(has)
+
+    # --- actions -------------------------------------------------------------
+
+    def _inbound_action(self, action: Callable[[str], None]) -> None:
+        """Start/Stop/Restart the inbound connection(s) in the selected source rows."""
+        names: list[str] = []
+        for role, channel_id, _dest in self._selected_keys():
+            if role == "source" and channel_id not in names:
+                names.append(channel_id)
+        if not names:
+            self.error.emit("Select one or more inbound (source) rows.")
+            return
+        try:
+            for name in names:
+                action(name)
+        except ApiError as exc:
+            self.error.emit(str(exc))
+            return
+        self.refresh()
+
+    def _purge(self, scope: str) -> None:
+        """Purge the queue of the outbound connection(s) in the selected destination rows."""
+        names: list[str] = []
+        for role, _channel_id, dest in self._selected_keys():
+            if role == "destination" and dest and dest not in names:
+                names.append(dest)
+        if not names:
+            self.error.emit("Select one or more outbound (destination) rows to purge.")
+            return
+        if scope == "all":
+            # Bulk + destructive: cancels every queued delivery (they won't retry). Confirm, default
+            # No, so an accidental click next to "Purge Top Message" can't wipe a queue (review M-28).
+            answer = QMessageBox.question(
+                self,
+                "Purge all queued messages",
+                f"Cancel ALL queued deliveries to {', '.join(names)}?\n\n"
+                "Queued messages won't be sent and won't retry. This can't be undone.",
+                QMessageBox.StandardButton.Yes | QMessageBox.StandardButton.No,
+                QMessageBox.StandardButton.No,
+            )
+            if answer != QMessageBox.StandardButton.Yes:
+                return
+        try:
+            for name in names:
+                self._client.purge_connection(name, scope)
+        except ApiError as exc:
+            self.error.emit(str(exc))
+            return
+        self.refresh()
+
+    def _on_cell_clicked(self, row: int, col: int) -> None:
+        if col != _LOGS_COL:
+            return
+        item = self._table.item(row, 0)
+        key = item.data(Qt.ItemDataRole.UserRole) if item else None
+        if key:
+            self.open_logs.emit(key[1])  # channel_id

messagefoundry/console/login.py

@@ -0,0 +1,107 @@
+# SPDX-License-Identifier: AGPL-3.0-or-later
+# Copyright (C) 2026 MessageFoundry Organization and contributors
+"""Sign-in dialog shown before the main window when the engine requires authentication."""
+
+from __future__ import annotations
+
+from PySide6.QtWidgets import (
+    QComboBox,
+    QDialog,
+    QFormLayout,
+    QLabel,
+    QLineEdit,
+    QMessageBox,
+    QPushButton,
+    QVBoxLayout,
+    QWidget,
+)
+
+from messagefoundry.console.client import ApiError, EngineClient
+from messagefoundry.console.widgets import ERROR_COLOR
+
+
+class LoginDialog(QDialog):
+    """Collects credentials and a provider, then calls :meth:`EngineClient.login`.
+
+    On success the client holds the session token; the caller persists it (OS keyring) and opens
+    the main window. ``providers()`` decides which provider options to offer.
+
+    When the engine reports ``must_change_password`` the dialog still ``accept()``s so the
+    entrypoint regains control, but exposes :attr:`must_change_password` and
+    :attr:`entered_password` so it can chain a :class:`ChangePasswordDialog` and re-prompt sign-in.
+    """
+
+    def __init__(self, client: EngineClient, parent: QWidget | None = None) -> None:
+        super().__init__(parent)
+        self.setWindowTitle("Sign in — MessageFoundry")
+        self._client = client
+        # Seams read by _authenticate() after the dialog is accepted.
+        self.must_change_password = False
+        self.mfa_required = False  # engine wants a second factor before sensitive ops (WP-14)
+        self.entered_password = ""  # nosec B105 (empty seam init, not a credential)
+
+        self._username = QLineEdit()
+        self._password = QLineEdit()
+        self._password.setEchoMode(QLineEdit.EchoMode.Password)
+        self._provider = QComboBox()
+        self._provider.addItem("Local", "local")
+        try:
+            providers = client.providers()
+        except ApiError:
+            providers = None
+        if providers is not None and providers.ad:
+            self._provider.addItem("Active Directory", "ad")
+
+        form = QFormLayout()
+        form.addRow("Username", self._username)
+        form.addRow("Password", self._password)
+        form.addRow("Provider", self._provider)
+
+        self._error = QLabel("")
+        self._error.setStyleSheet(f"color: {ERROR_COLOR};")
+        self._error.setWordWrap(True)
+
+        sign_in = QPushButton("Sign in")
+        sign_in.setDefault(True)
+        sign_in.clicked.connect(self._attempt)
+
+        layout = QVBoxLayout(self)
+        layout.addLayout(form)
+        layout.addWidget(self._error)
+        layout.addWidget(sign_in)
+
+        self._username.returnPressed.connect(self._password.setFocus)
+        self._password.returnPressed.connect(self._attempt)
+
+    def _attempt(self) -> None:
+        username = self._username.text().strip()
+        password = self._password.text()
+        provider = str(self._provider.currentData())
+        if not username or not password:
+            self._error.setText("Enter a username and password.")
+            return
+        try:
+            result = self._client.login(username, password, provider=provider)
+        except ApiError as exc:
+            self._error.setText("Sign-in failed." if exc.status == 401 else str(exc))
+            return
+        if result.must_change_password and result.user.auth_provider == "ad":
+            # The console can't rotate AD passwords (the server rejects /me/password for AD
+            # accounts) — advise and admit; the user changes it in Active Directory. (AD logins
+            # don't set must_change_password today, so this branch is a forward-guard.)
+            QMessageBox.information(
+                self,
+                "Password change required",
+                "This Active Directory account must change its password. Update it in Active "
+                "Directory (or ask an administrator) before your access is restricted.",
+            )
+        else:
+            # Hand the must-change flag and the just-entered plaintext back to _authenticate, which
+            # chains a ChangePasswordDialog (prefilling the current password) and re-prompts sign-in.
+            self.must_change_password = result.must_change_password
+            self.entered_password = password
+        # The engine accepted the password but wants a second factor (local MFA-enrolled / required
+        # admin); _authenticate prompts for the TOTP code before opening the window (always False for
+        # an MFA-delegated AD login).
+        self.mfa_required = result.mfa_required
+        self.accept()

messagefoundry/console/mfa.py

@@ -0,0 +1,205 @@
+# SPDX-License-Identifier: AGPL-3.0-or-later
+# Copyright (C) 2026 MessageFoundry Organization and contributors
+"""MFA (TOTP) console dialogs (WP-14, ASVS 6.3.3).
+
+Two flows over :class:`~messagefoundry.console.client.EngineClient`:
+
+- :class:`MfaVerifyDialog` + :func:`make_mfa_handler` — collect a 6-digit TOTP code (or a recovery
+  code) and call ``verify_mfa``. Wired into the client as the **X-MFA-Required** handler so any
+  sensitive action transparently prompts-and-retries (mirrors the step-up handler in ``reauth.py``),
+  and shown at login when the engine reports ``mfa_required``.
+- :class:`MfaEnrollDialog` / :func:`manage_mfa` — enroll a TOTP authenticator (show the setup key +
+  ``otpauth://`` URI, confirm a live code, then reveal the one-time recovery codes) or turn MFA off.
+
+Note: the setup key / URI are shown as text for manual entry — rendering an actual QR image would
+need a new dependency (qrcode), which isn't pulled in; authenticator apps accept manual key entry.
+"""
+
+from __future__ import annotations
+
+from collections.abc import Callable
+
+from PySide6.QtWidgets import (
+    QApplication,
+    QDialog,
+    QFormLayout,
+    QLabel,
+    QLineEdit,
+    QMessageBox,
+    QPushButton,
+    QVBoxLayout,
+    QWidget,
+)
+
+from messagefoundry.console.client import ApiError, EngineClient
+from messagefoundry.console.widgets import ERROR_COLOR
+
+
+class MfaVerifyDialog(QDialog):
+    """Collect a TOTP code (or single-use recovery code) and call :meth:`EngineClient.verify_mfa`.
+    Accepts on success; surfaces a wrong code (401) inline."""
+
+    def __init__(self, client: EngineClient, *, parent: QWidget | None = None) -> None:
+        super().__init__(parent)
+        self.setWindowTitle("Two-factor verification — MessageFoundry")
+        self._client = client
+
+        prompt = QLabel(
+            "Enter the 6-digit code from your authenticator app (or a recovery code) to continue."
+        )
+        prompt.setWordWrap(True)
+
+        self._code = QLineEdit()
+        self._code.setPlaceholderText("123456")
+        form = QFormLayout()
+        form.addRow("Code", self._code)
+
+        self._error = QLabel("")
+        self._error.setStyleSheet(f"color: {ERROR_COLOR};")
+        self._error.setWordWrap(True)
+
+        confirm = QPushButton("Verify")
+        confirm.setDefault(True)
+        confirm.clicked.connect(self._attempt)
+
+        layout = QVBoxLayout(self)
+        layout.addWidget(prompt)
+        layout.addLayout(form)
+        layout.addWidget(self._error)
+        layout.addWidget(confirm)
+
+        self._code.returnPressed.connect(self._attempt)
+
+    def _attempt(self) -> None:
+        code = self._code.text().strip()
+        if not code:
+            self._error.setText("Enter a code.")
+            return
+        try:
+            self._client.verify_mfa(code)
+        except ApiError as exc:
+            self._error.setText("That code is not valid." if exc.status == 401 else str(exc))
+            return
+        self._code.clear()  # don't leave the code in the field
+        self.accept()
+
+
+def make_mfa_handler(client: EngineClient) -> Callable[[], bool]:
+    """Handler for :meth:`EngineClient.set_mfa_handler`: prompt for a second factor on the active
+    window and return ``True`` iff verified. Runs on the calling thread (the console's sensitive
+    actions run on the Qt main thread, so the modal dialog shows directly)."""
+
+    def handler() -> bool:
+        dialog = MfaVerifyDialog(client, parent=QApplication.activeWindow())
+        return dialog.exec() == QDialog.DialogCode.Accepted
+
+    return handler
+
+
+class MfaEnrollDialog(QDialog):
+    """Two-step TOTP enrollment: show the setup key + ``otpauth://`` URI, collect a confirming code,
+    then reveal the one-time recovery codes. ``enroll_mfa()`` stages the secret (step-up gated, so the
+    client's step-up handler may prompt for the password first)."""
+
+    def __init__(self, client: EngineClient, *, parent: QWidget | None = None) -> None:
+        super().__init__(parent)
+        self.setWindowTitle("Enable two-factor authentication — MessageFoundry")
+        self._client = client
+
+        layout = QVBoxLayout(self)
+        self._error = QLabel("")
+        self._error.setStyleSheet(f"color: {ERROR_COLOR};")
+        self._error.setWordWrap(True)
+
+        try:
+            enroll = client.enroll_mfa()
+        except ApiError as exc:
+            failed = QLabel(f"Could not start enrollment: {exc}")
+            failed.setWordWrap(True)
+            close = QPushButton("Close")
+            close.clicked.connect(self.reject)
+            layout.addWidget(failed)
+            layout.addWidget(close)
+            return
+
+        intro = QLabel(
+            "Add this account to an authenticator app (Google Authenticator, Microsoft "
+            "Authenticator, Authy, 1Password): enter the setup key manually, or paste the setup URL "
+            "if your app accepts it. Then enter the current 6-digit code to confirm."
+        )
+        intro.setWordWrap(True)
+
+        key = QLineEdit(enroll.secret)
+        key.setReadOnly(True)
+        uri = QLineEdit(enroll.otpauth_uri)
+        uri.setReadOnly(True)
+        self._code = QLineEdit()
+        self._code.setPlaceholderText("123456")
+        form = QFormLayout()
+        form.addRow("Setup key", key)
+        form.addRow("Setup URL", uri)
+        form.addRow("Code", self._code)
+
+        confirm = QPushButton("Confirm")
+        confirm.setDefault(True)
+        confirm.clicked.connect(self._confirm)
+
+        layout.addWidget(intro)
+        layout.addLayout(form)
+        layout.addWidget(self._error)
+        layout.addWidget(confirm)
+        self._code.returnPressed.connect(self._confirm)
+
+    def _confirm(self) -> None:
+        code = self._code.text().strip()
+        if not code:
+            self._error.setText("Enter the 6-digit code from your app.")
+            return
+        try:
+            codes = self._client.confirm_mfa(code)
+        except ApiError as exc:
+            self._error.setText("That code is not valid." if exc.status == 400 else str(exc))
+            return
+        self._show_recovery_codes(codes)
+        self.accept()
+
+    def _show_recovery_codes(self, codes: list[str]) -> None:
+        box = QMessageBox(self)
+        box.setWindowTitle("Save your recovery codes")
+        box.setIcon(QMessageBox.Icon.Information)
+        box.setText(
+            "Two-factor authentication is now on. Save these single-use recovery codes somewhere "
+            "safe — each works once if you lose your authenticator. They will not be shown again."
+        )
+        box.setInformativeText("\n".join(codes) if codes else "(no recovery codes configured)")
+        box.exec()
+
+
+def manage_mfa(client: EngineClient, parent: QWidget | None = None) -> None:
+    """Open the right MFA flow for the current state: enroll if off, or offer to turn it off if on."""
+    try:
+        status = client.mfa_status()
+    except ApiError as exc:
+        QMessageBox.warning(parent, "Two-factor authentication", str(exc))
+        return
+    if not status.enabled:
+        MfaEnrollDialog(client, parent=parent).exec()
+        return
+    ask = QMessageBox.question(
+        parent,
+        "Two-factor authentication",
+        f"Two-factor authentication is ON ({status.recovery_codes_remaining} recovery code(s) "
+        "left).\n\nTurn it off? You will then sign in with your password only.",
+        QMessageBox.StandardButton.Yes | QMessageBox.StandardButton.No,
+        QMessageBox.StandardButton.No,
+    )
+    if ask != QMessageBox.StandardButton.Yes:
+        return
+    try:
+        client.disable_mfa()
+    except ApiError as exc:
+        QMessageBox.warning(parent, "Two-factor authentication", str(exc))
+        return
+    QMessageBox.information(
+        parent, "Two-factor authentication", "Two-factor authentication is now off."
+    )