From 954780f384c48b09bb9b0b90fbb347186f5c2c61 Mon Sep 17 00:00:00 2001 From: Dmitry Novikov Date: Mon, 5 Feb 2018 16:33:32 +0300 Subject: [PATCH] Fix bugs --- agent/monitoring_agent.py | 6 +++++- cron.py | 2 +- devapp/locale/ru/LC_MESSAGES/django.po | 4 ++-- devapp/views.py | 11 +++++++---- djing/global_base_views.py | 9 ++++++--- djing/local_settings.py.template | 7 +++++++ 6 files changed, 28 insertions(+), 11 deletions(-) diff --git a/agent/monitoring_agent.py b/agent/monitoring_agent.py index 0e5cd74..95a3944 100755 --- a/agent/monitoring_agent.py +++ b/agent/monitoring_agent.py @@ -4,7 +4,7 @@ import re from hashlib import sha256 import requests -API_AUTH_SECRET = 'asihdfaoisydoiayosidyaoisydoiasydaisydasd' +API_AUTH_SECRET = 'your api key' SERVER_DOMAIN = 'http://localhost:8000' @@ -60,6 +60,10 @@ if __name__ == '__main__': print('You forget parameters, example of usage:\n' '$ python3 ./monitoring_agent.py 192.168.0.100 DOWN|UP|UNREACHABLE') exit(0) + + if API_AUTH_SECRET == 'your api key': + raise NotImplementedError('You must specified secret api key') + dev_ip = validate(IP_REGEXP, sys.argv[1]) status = validate_status(sys.argv[2]) diff --git a/cron.py b/cron.py index 587ada4..6119957 100755 --- a/cron.py +++ b/cron.py @@ -26,7 +26,7 @@ def main(): amount=0, author=None, date=now, - comment=_("Срок действия услуги '%(service_name)s' истёк") % { + comment="Срок действия услуги '%(service_name)s' истёк" % { 'service_name': ex_srv['tariff__title'] } ) diff --git a/devapp/locale/ru/LC_MESSAGES/django.po b/devapp/locale/ru/LC_MESSAGES/django.po index 5c75bb6..a6cd989 100644 --- a/devapp/locale/ru/LC_MESSAGES/django.po +++ b/devapp/locale/ru/LC_MESSAGES/django.po @@ -32,11 +32,11 @@ msgstr "не нашёл мак" #: dev_types.py:108 msgid "PON OLT" -msgstr "PON OLT голова" +msgstr "" #: dev_types.py:160 msgid "PON ONU" -msgstr "Онушка" +msgstr "" #: dev_types.py:205 msgid "ONU not connected" diff --git a/devapp/views.py b/devapp/views.py index 76e1914..537ac48 100644 --- a/devapp/views.py +++ b/devapp/views.py @@ -108,7 +108,7 @@ def dev(request, group_id, device_id=0): # check if that device is exist try: - already_dev = Device.objects.get(mac_addr=request.POST.get('mac_addr')) + already_dev = Device.objects.exclude(pk=device_id).get(mac_addr=request.POST.get('mac_addr')) if already_dev.user_group: messages.warning(request, _('You have redirected to existing device')) return redirect('devapp:view', already_dev.user_group.pk, already_dev.pk) @@ -405,14 +405,14 @@ def group_list(request): @login_required def search_dev(request): word = request.GET.get('s') - if word is None: + if word is None or word == '': results = [{'id': 0, 'text': ''}] else: results = Device.objects.filter( Q(comment__icontains=word) | Q(ip_address=word) ).only('pk', 'ip_address', 'comment')[:16] results = [{'id': dev.pk, 'text': "%s: %s" % (dev.ip_address, dev.comment)} for dev in results] - return JsonResponse(results, json_dumps_params={'ensure_ascii': False}) + return JsonResponse(results, json_dumps_params={'ensure_ascii': False}, safe=False) @login_required @@ -502,7 +502,7 @@ class OnDevDown(AllowedSubnetMixin, HashAuthView): return {'text': 'ip does not passed'} if not bool(re.match(ip_addr_regex, dev_ip)): - return {'text': 'ip address is not valid'} + return {'text': 'ip address %s is not valid' % dev_ip} possible_devices = Device.objects.filter(ip_address=dev_ip) @@ -513,6 +513,9 @@ class OnDevDown(AllowedSubnetMixin, HashAuthView): else: device_down = possible_devices[0] + if not device_down.is_noticeable: + return {'text': 'Notification for %s is unnecessary' % device_down.ip_address} + recipients = device_down.user_group.profiles.all() names = list() diff --git a/djing/global_base_views.py b/djing/global_base_views.py index 87be17c..c4a20e2 100644 --- a/djing/global_base_views.py +++ b/djing/global_base_views.py @@ -26,18 +26,21 @@ class HashAuthView(View): return sign == my_sign def __init__(self, *args, **kwargs): - if API_AUTH_SECRET is None: - raise ImportError('You must specified API_AUTH_SECRET is settings') + if API_AUTH_SECRET is None or API_AUTH_SECRET == 'your api secret': + raise NotImplementedError('You must specified API_AUTH_SECRET in settings') else: super(HashAuthView, self).__init__(*args, **kwargs) def dispatch(self, request, *args, **kwargs): sign = request.GET.get('sign') + if sign is None or sign == '': + return HttpResponseForbidden('Access Denied') # Transmittent get list without sign get_values = request.GET.copy() del get_values['sign'] - if HashAuthView.check_sign(list(get_values.values()) + [API_AUTH_SECRET], sign): + heshable = (get_values.get('ip'), get_values.get('status'), API_AUTH_SECRET) + if HashAuthView.check_sign(heshable, sign): return super(HashAuthView, self).dispatch(request, *args, **kwargs) else: return HttpResponseForbidden('Access Denied') diff --git a/djing/local_settings.py.template b/djing/local_settings.py.template index 7f84de3..8f251a4 100644 --- a/djing/local_settings.py.template +++ b/djing/local_settings.py.template @@ -50,3 +50,10 @@ ASTERISK_MANAGER_AUTH = { 'password': 'password', 'host': '127.0.0.1' } + +# Secret word for auth to api views by hash +API_AUTH_SECRET = 'your api secret' + +# Allowed subnet for api +API_AUTH_SUBNET = '127.0.0.0/8' +