Fix bugs

8 years ago · 954780f384
6 changed files with 28 additions and 11 deletions
--- a/agent/monitoring_agent.py
+++ b/agent/monitoring_agent.py
@ -4,7 +4,7 @@ import re
 from hashlib import sha256
 import requests

-API_AUTH_SECRET = 'asihdfaoisydoiayosidyaoisydoiasydaisydasd'
+API_AUTH_SECRET = 'your api key'

 SERVER_DOMAIN = 'http://localhost:8000'

@ -60,6 +60,10 @@ if __name__ == '__main__':
        print('You forget parameters, example of usage:\n'
              '$ python3 ./monitoring_agent.py 192.168.0.100 DOWN|UP|UNREACHABLE')
        exit(0)
+
+    if API_AUTH_SECRET == 'your api key':
+        raise NotImplementedError('You must specified secret api key')
+
    dev_ip = validate(IP_REGEXP, sys.argv[1])
    status = validate_status(sys.argv[2])

--- a/cron.py
+++ b/cron.py
@ -26,7 +26,7 @@ def main():
                amount=0,
                author=None,
                date=now,
-                comment=_("Срок действия услуги '%(service_name)s' истёк") % {
+                comment="Срок действия услуги '%(service_name)s' истёк" % {
                    'service_name': ex_srv['tariff__title']
                }
            )
--- a/devapp/locale/ru/LC_MESSAGES/django.po
+++ b/devapp/locale/ru/LC_MESSAGES/django.po
@ -32,11 +32,11 @@ msgstr "не нашёл мак"

 #: dev_types.py:108
 msgid "PON OLT"
-msgstr "PON OLT голова"
+msgstr ""

 #: dev_types.py:160
 msgid "PON ONU"
-msgstr "Онушка"
+msgstr ""

 #: dev_types.py:205
 msgid "ONU not connected"
--- a/devapp/views.py
+++ b/devapp/views.py
@ -108,7 +108,7 @@ def dev(request, group_id, device_id=0):

                # check if that device is exist
                try:
-                    already_dev = Device.objects.get(mac_addr=request.POST.get('mac_addr'))
+                    already_dev = Device.objects.exclude(pk=device_id).get(mac_addr=request.POST.get('mac_addr'))
                    if already_dev.user_group:
                        messages.warning(request, _('You have redirected to existing device'))
                        return redirect('devapp:view', already_dev.user_group.pk, already_dev.pk)
@ -405,14 +405,14 @@ def group_list(request):
@login_required
 def search_dev(request):
    word = request.GET.get('s')
-    if word is None:
+    if word is None or word == '':
        results = [{'id': 0, 'text': ''}]
    else:
        results = Device.objects.filter(
            Q(comment__icontains=word) | Q(ip_address=word)
        ).only('pk', 'ip_address', 'comment')[:16]
        results = [{'id': dev.pk, 'text': "%s: %s" % (dev.ip_address, dev.comment)} for dev in results]
-    return JsonResponse(results, json_dumps_params={'ensure_ascii': False})
+    return JsonResponse(results, json_dumps_params={'ensure_ascii': False}, safe=False)


@login_required
@ -502,7 +502,7 @@ class OnDevDown(AllowedSubnetMixin, HashAuthView):
                return {'text': 'ip does not passed'}

            if not bool(re.match(ip_addr_regex, dev_ip)):
-                return {'text': 'ip address is not valid'}
+                return {'text': 'ip address %s is not valid' % dev_ip}

            possible_devices = Device.objects.filter(ip_address=dev_ip)

@ -513,6 +513,9 @@ class OnDevDown(AllowedSubnetMixin, HashAuthView):
            else:
                device_down = possible_devices[0]

+            if not device_down.is_noticeable:
+                return {'text': 'Notification for %s is unnecessary' % device_down.ip_address}
+
            recipients = device_down.user_group.profiles.all()
            names = list()

--- a/djing/global_base_views.py
+++ b/djing/global_base_views.py
@ -26,18 +26,21 @@ class HashAuthView(View):
        return sign == my_sign

    def __init__(self, *args, **kwargs):
-        if API_AUTH_SECRET is None:
-            raise ImportError('You must specified API_AUTH_SECRET is settings')
+        if API_AUTH_SECRET is None or API_AUTH_SECRET == 'your api secret':
+            raise NotImplementedError('You must specified API_AUTH_SECRET in settings')
        else:
            super(HashAuthView, self).__init__(*args, **kwargs)

    def dispatch(self, request, *args, **kwargs):
        sign = request.GET.get('sign')
+        if sign is None or sign == '':
+            return HttpResponseForbidden('Access Denied')

        # Transmittent get list without sign
        get_values = request.GET.copy()
        del get_values['sign']
-        if HashAuthView.check_sign(list(get_values.values()) + [API_AUTH_SECRET], sign):
+        heshable = (get_values.get('ip'), get_values.get('status'), API_AUTH_SECRET)
+        if HashAuthView.check_sign(heshable, sign):
            return super(HashAuthView, self).dispatch(request, *args, **kwargs)
        else:
            return HttpResponseForbidden('Access Denied')
--- a/djing/local_settings.py.template
+++ b/djing/local_settings.py.template
@ -50,3 +50,10 @@ ASTERISK_MANAGER_AUTH = {
    'password': 'password',
    'host': '127.0.0.1'
 }
+
+# Secret word for auth to api views by hash
+API_AUTH_SECRET = 'your api secret'
+
+# Allowed subnet for api
+API_AUTH_SUBNET = '127.0.0.0/8'
+