Security fix

VERSION.md

@@ -1 +1,4 @@
-24.1
+24.2
+- Security Update. DZGA now reads smart-home-key.json file from config folder. Move .json file or upload a new.
+- Added new device, Door Lock Inverted.
+- Changed check version, get latest updates.

modules/config.py

@@ -1,5 +1,5 @@
 DEVICES_DIRECTORY = "config"
-KEYFILE_DIRECTORY = "uploads"
+KEYFILE_DIRECTORY = "config"
 CONFIG_DIRECTORY = "config"
 UPLOAD_DIRECTORY = "uploads"
 DATABASE_DIRECTORY = "instance"

modules/domoticz.py

@@ -168,7 +168,7 @@ def getAog(device, user_id=None):
     aog.customData['idx'] = device.get('idx')
     aog.customData['domain'] = domain
     aog.customData['protected'] = device.get('Protected')
-    aog.notificationSupportedByAgent = (True if domain in ['SmokeDetector', 'Doorbell', 'DoorLock'] else False)
+    aog.notificationSupportedByAgent = (True if domain in ['SmokeDetector', 'Doorbell', 'DoorLock', 'DoorLockInverted'] else False)
 
     if domain == 'Scene':
         aog.type = 'action.devices.types.SCENE'
@@ -220,7 +220,7 @@ def getAog(device, user_id=None):
         aog.traits.append('action.devices.traits.OnOff')
     if domain == 'Dimmer':
         aog.traits.append('action.devices.traits.Brightness')
-    if domain == 'DoorLock':
+    if domain in ['DoorLock', 'DoorLockInverted']:
         aog.type = 'action.devices.types.LOCK'
         aog.traits.append('action.devices.traits.LockUnlock')
 

modules/helpers.py

@@ -43,9 +43,9 @@ def getVersion():
     if os.path.isfile(filename) and os.access(filename, os.R_OK):
         with open(filename, mode='r') as f:
             text = f.read()
-            text = text.split()
+            text = text.split("\n")
 
-            return text[0]
+            return text
     else:
         return None
 

modules/routes.py

@@ -313,7 +313,10 @@ def uploader():
             logger.warning("Uploadfile is not allowed")
             flash("Uploadfile is not allowed, '.jpg','.png' files or 'smart-home-key.json' is allowed!")
         else:
-            f.save(os.path.join(config.UPLOAD_DIRECTORY, secure_filename(f.filename)))
+            if f.filename == 'smart-home-key.json':
+                f.save(os.path.join(config.KEYFILE_DIRECTORY, secure_filename(f.filename)))
+            else:
+                f.save(os.path.join(config.UPLOAD_DIRECTORY, secure_filename(f.filename)))
             logger.info("Upload success")
 
     return redirect(url_for('settings'))

static/js/smarthome.js

@@ -109,6 +109,7 @@ function refreshSwitches(updateSwitches) {
 			}
 			if (data == 'Unlocked'){
 				$('#icon_DoorLock_' + idx).html("lock_open").css('color','#008000')
+				$('#icon_DoorLockInverted_' + idx).html("lock_open").css('color','#008000')
 			}
 			if (data == 'Off'){
 				$('#icon_OnOff_' + idx).removeAttr('style')
@@ -122,6 +123,7 @@ function refreshSwitches(updateSwitches) {
 			}
 			if (data == 'Locked'){
 				$('#icon_DoorLock_' + idx).html("lock").css('color','#ED2939')
+				$('#icon_DoorLockInverted_' + idx).html("lock").css('color','#ED2939')
 			}
 			if (data == 'Normal'){
 				$('#icon_security_' + idx).removeAttr('style')
@@ -371,11 +373,11 @@ function checkVersion() {
     url: "https://raw.githubusercontent.com/DewGew/DZGA-Flask/development/VERSION.md",
     cache: false,
     success: function( data ) {
-		dataFloat = data.split(",")[0];
+		dataFloat = data.split("\n")[0];
     var compare = versionCompare(dataFloat, dzga_version);
     if (compare == 1) {
       $('#newver').html(" <i> (New version " + dataFloat + " is avalible.)</i>");
-	  $('#newver_note').html('A new version ' + dataFloat + ' is avalible <a href="https://github.com/DewGew/DZGA-Flask" target="_blank">here</a>');  
+	  $('#newver_note').html('A new version ' + dataFloat + ' is avalible <a href="https://github.com/DewGew/DZGA-Flask" target="_blank">here</a>');
 	  $('#badge').show();
       $("#notes").html('You have 1 new notifications');
       $("#shownotes" ).show();

templates/dashboard.html

@@ -159,7 +159,7 @@ <h5 class="card-title">Device log <span>| {{ v['name']['name'] }}</span></h5>
 					  </div><!-- End Vertically centered Modal-->
 					</div>
 				</div>		
-				{% elif v['customData']['domain'] == 'DoorLock' %}
+				{% elif v['customData']['domain'] in ('DoorLock', 'DoorLockInverted') %}
 				<div class="icon">
 					<div class="click" onclick="toogleSwitch({{ v['customData']['idx'] }}, '{{ v['customData']['protected'] }}')">
 						<i class="material-symbols-outlined" id="icon_{{ v['customData']['domain'] }}_{{ v['customData']['idx'] }}">lock</i>
@@ -673,7 +673,7 @@ <h5 id="title_other">Other devices <i class="bi bi-chevron-compact-down"></i></h
 			  {% for k, v in devices.items() %}
 			    {% if  (v['customData']['domain'] not in (
 					'Group','Scene','Thermostat', 'Setpoint','Temp', 'TempHumidity', 'TempHumidityBaro','SmokeDetector', 'Security',
-					'VenetianBlindsEU', 'OnOff', 'Dimmer', 'VenetianBlindsUS', 'Doorbell', 'DoorLock', 'Selector', 'DoorContact', 'BlindsPercentage',
+					'VenetianBlindsEU', 'OnOff', 'Dimmer', 'VenetianBlindsUS', 'Doorbell', 'DoorLock', 'DoorLockInverted', 'Selector', 'DoorContact', 'BlindsPercentage',
 					'MotionSensor', 'PushOnButton', 'PushOffButton', 'ColorSwitch', 'Contact') and 'Hidden' not in v['customData']['domain'] ) %}
 				<div class="icon">
 					<i class="material-symbols-outlined" id="icon_{{ v['customData']['idx'] }}">unknown_2</i>
@@ -760,7 +760,7 @@ <h5 id="title_hidden" style="cursor: pointer;">Hidden devices <i class="bi bi-ch
 		updateSwitches_block.push("{{ v['customData']['idx'] }}")
 		$('#title_security').show()
 	{% elif  (v['customData']['domain'] not in (
-					'SmokeDetector', 'Security', 'VenetianBlindsEU', 'OnOff', 'VenetianBlindsUS', 'Doorbell', 'DoorLock', 'DoorContact', 'BlindsPercentage',
+					'SmokeDetector', 'Security', 'VenetianBlindsEU', 'OnOff', 'VenetianBlindsUS', 'Doorbell', 'DoorLock', 'DoorLockInverted', 'DoorContact', 'BlindsPercentage',
 					'MotionSensor', 'PushOnButton', 'PushOffButton', 'Contact') and 'Hidden' not in v['customData']['domain']) %}
 		updateOthers_block.push("{{ v['customData']['idx'] }}")
 		$('#title_other').show()

templates/footer.html

@@ -38,7 +38,7 @@
 <script>
 var csrf_token = "{{ _csrf_token }}";
 var flask_server = "{{ request.url_root[:-1] }}".replace('http://', '//');
-var dzga_version = "{{ version }}";
+var dzga_version = "{{ version[0] }}";
 getDzVersion()
 checkVersion()
 </script>

templates/info.html

@@ -15,6 +15,16 @@ <h4><a href="https://smarthome-test-suite.withgoogle.com/devices" target="_blank
 			</p>
 
 		</div>
+		<div class="post-item clearfix">
+			<h4><a href="https://smarthome-test-suite.withgoogle.com/devices" target="_blank">Latest Updates </a></h4>
+			<p>
+			{% for x in version %}
+				{% if x != version[0] %}
+					{{ x }} </br>
+				{% endif %}
+			{% endfor %}
+			</p>
+		</div>
 	  {% if user.googleassistant %}
 		<div class="post-item clearfix">
 			<h4><a href="https://smarthome-test-suite.withgoogle.com/devices" target="_blank">Home Graph Viewer </a></h4>
@@ -28,8 +38,12 @@ <h4><a href="https://developers.home.google.com/cloud-to-cloud" target="_blank">
 		<div class="post-item clearfix">
 			<h4><a href="" target="_blank">Sync your devices</a></h4>
 			<p>When you click 'Sync Devices' button to syncronize your domoticz devices {% if user.googleassistant %}with Google Assistant or just tell Google Assistant to "Sync my devices"{% endif %}.</p>
-			<div class="text-center"><button type="button" class="btn btn-primary" onclick="syncdevices();">Sync Devices</button>
-			<button type="button" class="btn btn-danger" onclick="restart();">Restart Server</button></div>
+			<div class="text-center">
+			<button type="button" class="btn btn-primary" onclick="syncdevices();">Sync Devices</button>
+			{% if user.admin %}
+			<button type="button" class="btn btn-danger" onclick="restart();">Restart Server</button>
+			{% endif %}
+			</div>
 		</div>
 		<div class="post-item clearfix">