From d84e9de33cf9e32d00d0758702437e10eda8872f Mon Sep 17 00:00:00 2001 From: dv Date: Tue, 14 Apr 2026 15:47:28 +0300 Subject: [PATCH] =?UTF-8?q?=D1=84=D0=B8=D0=BA=D1=81=20=D0=BA=D0=B0=D0=BC?= =?UTF-8?q?=D0=B5=D1=80=D1=8B=206?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- backend/app/services/camera.py | 6 ++---- backend/app/services/discovery/orchestrator.py | 13 +++++++++++-- 2 files changed, 13 insertions(+), 6 deletions(-) diff --git a/backend/app/services/camera.py b/backend/app/services/camera.py index 275ac86..9552caf 100644 --- a/backend/app/services/camera.py +++ b/backend/app/services/camera.py @@ -52,15 +52,13 @@ def _resolve_camera_credentials(device: Device, obj: Object) -> tuple[str, str, user = (cp.get("username") or device.ssh_user_override or obj.ssh_user or "admin") if cp.get("password"): - password = str(cp["password"]) # plaintext from connection_params + password = str(cp["password"]) # plaintext from connection_params (DeviceEditModal) pwd_source = "connection_params.password" elif device.ssh_pass_override_enc: password = decrypt(device.ssh_pass_override_enc) pwd_source = "ssh_pass_override_enc" - elif obj.ssh_pass_enc: - password = decrypt(obj.ssh_pass_enc) - pwd_source = "obj.ssh_pass_enc" else: + # Do NOT fall back to obj.ssh_pass_enc — object SSH password is for servers, not cameras password = "" pwd_source = "empty" diff --git a/backend/app/services/discovery/orchestrator.py b/backend/app/services/discovery/orchestrator.py index 145ed12..742a57f 100644 --- a/backend/app/services/discovery/orchestrator.py +++ b/backend/app/services/discovery/orchestrator.py @@ -22,7 +22,7 @@ from sqlalchemy.ext.asyncio import AsyncSession from app.models.device import Device from app.models.object import Object from app.models.rack import Rack -from app.services.crypto import decrypt, encrypt +from app.services.crypto import decrypt from .config_parser import parse_config, parse_slave_check from .db_resolver import autodetect_db_from_server, get_rack_hosts @@ -603,6 +603,15 @@ async def _upsert_plugin_device( existing.rack_id = rack_id changes.append(f"rack_id: None→{rack_id}") + # Always sync credentials from config — they may have changed + if found.http_username: + cp = dict(existing.connection_params or {}) + if cp.get("username") != found.http_username or cp.get("password") != found.http_password: + cp["username"] = found.http_username + cp["password"] = found.http_password # plaintext — camera web auth + existing.connection_params = cp + changes.append(f"connection_params.credentials updated") + if changes: logger.info("[discovery] %s (%s) - UPDATED: %s", found.ip, found.plugin_name, ", ".join(changes)) result.updated += 1 @@ -625,7 +634,7 @@ async def _upsert_plugin_device( conn_params: dict = {} if found.http_username: conn_params["username"] = found.http_username - conn_params["password_enc"] = encrypt(found.http_password) if found.http_password else "" + conn_params["password"] = found.http_password # plaintext — camera web auth, not SSH db.add(Device( object_id=obj.id, ip=found.ip, hostname=hostname, category=found.category, role=found.role, source="auto_ssh",