Added test for missing device

Added user agent to ws connection.

CHANGELOG.rst

@@ -2,7 +2,61 @@
 Changelog
 =========
 
+version 1.2.2
+=============
+
+Improvements:
+	* Added user agent to websocket headers
+
+Bugs:
+	* Fixed library's __version__ implementation
+	* Fixed data from certain devices not showing up due to overloading websocket packet sizes
+
+version 1.2.1
+=============
+
+Bugs:
+	* Fixed handling of meshcentral's list_devices return with details=True
+
+version 1.2.0
+=============
+
+Bugs:
+	* Fixed agent sometimes being None causing an oxception
+	* Fixed bad code in device_open_url
+
+Features:
+	* Changed websockets version to 15. This now uses the proxy implemention from that library, instead of the previous hack.
+	* Added lastaddr and lastconnect to list_devices API
+
+version 1.1.2
+=============
+Bugs:
+	* Fixed semver for requirements. New version of websockets broke this library.
+
+Security:
+	* Updated cryptogaphy to ~44.0.1 to fix ssl vulnerability.
+
+Version 1.1.1
+=============
+Bugs:
+	* Fixed bug when running device_info when user has access to multiple meshes
+
+Version 1.1.0
+=============
+Features:
+	* Added overrides for meshcentral files for testing purposes
+	* Added `users` field to `device` object
+
+Bugs:
+	* Fixed connection errors not raising immediately
+	* Fixed run_commands parsing return from multiple devices incorrectly
+	* Fixed listening to raw not removing its listener correctly
+	* Fixed javascript timecodes not being handled in gnu environments
+	* Changed some fstring formatting that locked the library into python >3.13
+
+
 Version 1.0.0
-===========
+=============
 
 First release

docs/requirements.txt

@@ -5,8 +5,8 @@ sphinx>=3.2.1
 sphinx-jinja2-compat>=0.1.1
 sphinx-toolbox>=2.16.0
 # sphinx_rtd_theme
-cffi==1.17.1
-cryptography==43.0.3
-pycparser==2.22
-websockets==13.1
+cffi~=1.17.1
+cryptography~=44.0.1
+pycparser~=2.22
+websockets~=15.0.0
 enum_tools

setup.cfg

@@ -44,9 +44,9 @@ python_requires = >=3.8
 # For more information, check out https://semver.org/.
 install_requires =
     importlib-metadata
-    cryptography>=43.0.3
-    websockets>=13.1
-    python-socks[asyncio]
+    cryptography~=44.0.1
+    websockets~=15.0.0
+    python-socks[asyncio]~=2.5.3
 
 
 [options.packages.find]

src/meshctrl/__init__.py

@@ -8,7 +8,7 @@ else:
 
 try:
     # Change here if project is renamed and does not equal the package name
-    dist_name = "meshctrl"
+    dist_name = "libmeshctrl"
     __version__ = version(dist_name)
 except PackageNotFoundError:  # pragma: no cover
     __version__ = "unknown"
@@ -24,4 +24,4 @@ from . import files
 from . import exceptions
 from . import device
 from . import mesh
-from . import user_group
+from . import user_group

src/meshctrl/device.py

@@ -59,7 +59,7 @@ class Device(object):
     def __init__(self, nodeid, session, agent=None,
                        name=None, desc=None, description=None,
                        tags=None, users=None,
-                       agct=None, created_at=None, 
+                       agct=None, created_at=None,
                        rname=None, computer_name=None, icon=constants.Icon.desktop,
                        mesh=None, mtype=None, meshtype=None, groupname=None, meshname=None,
                        domain=None, host=None, ip=None, conn=None, connected=None,
@@ -71,7 +71,7 @@ class Device(object):
         if links is None:
             links = {}
         self.links = links
-        if ("ver" in agent):
+        if agent and "ver" in agent:
             agent = {
                 "version": agent["ver"],
                 "id": agent["id"],

src/meshctrl/exceptions.py

@@ -2,7 +2,9 @@ class MeshCtrlError(Exception):
     """
     Base class for Meshctrl errors
     """
-    pass
+    def __init__(self, message, *args, **kwargs):
+        self.message = message
+        super().__init__(message, *args, **kwargs)
 
 class ServerError(MeshCtrlError):
     """
@@ -25,6 +27,7 @@ class FileTransferError(MeshCtrlError):
     """
     def __init__(self, message, stats):
         self.stats = stats
+        super().__init__(message)
 
 class FileTransferCancelled(FileTransferError):
     """

src/meshctrl/session.py

@@ -10,6 +10,8 @@ import io
 import ssl
 import urllib
 from python_socks.async_.asyncio import Proxy
+from platform import python_version
+from . import __version__
 from . import constants
 from . import exceptions
 from . import util
@@ -45,7 +47,8 @@ class Session(object):
         closed (asyncio.Event): Event that occurs when the session closes permanently
     '''
 
-    def __init__(self, url, user=None, domain=None, password=None, loginkey=None, proxy=None, token=None, ignore_ssl=False, auto_reconnect=False):
+    def __init__(self, url, user=None, domain=None, password=None, loginkey=None, proxy=None, token=None, ignore_ssl=False, auto_reconnect=False, user_agent_header=None):
+        default_user_agent_header = f"Python/{python_version()} websockets/{websockets.__version__} pylibmeshctrl/{__version__}" 
         parsed = urllib.parse.urlparse(url)
 
         if parsed.scheme not in ("wss", "ws"):
@@ -106,6 +109,10 @@ class Session(object):
         self._file_tunnels = {}
         self._ignore_ssl = ignore_ssl
         self.auto_reconnect = auto_reconnect
+        if user_agent_header:
+            self.user_agent_header = user_agent_header
+        else:
+            self.user_agent_header = default_user_agent_header
 
         self._eventer = util.Eventer()
 
@@ -144,7 +151,7 @@ class Session(object):
 
 
             options["additional_headers"] = headers
-            async for websocket in util.proxy_connect(self.url, proxy_url=self._proxy, process_exception=util._process_websocket_exception, **options):
+            async for websocket in websockets.asyncio.client.connect(self.url, proxy=self._proxy, process_exception=util._process_websocket_exception, max_size=None, user_agent_header=self.user_agent_header, **options):
                 self.alive = True
                 self._socket_open.set()
                 try:
@@ -177,7 +184,7 @@ class Session(object):
     async def _listen_data_task(self, websocket):
         async for message in websocket:
             await self._eventer.emit("raw", message)
-            # Meshcentral does pong wrong and breaks our parsing, so fix it here.
+            # Meshcentral does pong wrong and breaks our parsing, so fix it here. This is fixed now, but we want compatibility with old versions.
             if message == '{action:"pong"}':
                 message = '{"action":"pong"}'
 
@@ -478,10 +485,21 @@ class Session(object):
         if "result" in res0:
             raise exceptions.ServerError(res0["result"])
         if details:
-            nodes = json.loads(res0["data"])
+            nodes = res0["data"]
+            # Accept any number of nested strings, meshcentral is odd
+            while True:
+                try:
+                    nodes = json.loads(nodes)
+                except TypeError:
+                    break
+
             for node in nodes:
                 if node["node"].get("meshid", None):
                     node["node"]["mesh"] = mesh.Mesh(node["node"].get("meshid"), self)
+                if "lastConnect" in node and isinstance(node["lastConnect"], dict):
+                    node["node"]["lastconnect"] = node["lastConnect"].get("time")
+                    node["node"]["lastaddr"] = node["lastConnect"].get("addr")
+                    del node["lastConnect"]
                 details = {}
                 for key, val in node.items():
                     if key != "node":
@@ -1363,10 +1381,10 @@ class Session(object):
                         node["meshid"] = meshid
                         if _mesh is not None:
                             node["mesh"] = _mesh
-                sysinfo["node"] = node
-                sysinfo["nodeid"] = nodeid
-                del sysinfo["result"]
-                del sysinfo["noinfo"]
+                        break
+                else:
+                    continue
+                break
         if node is None:
             raise ValueError("Invalid device id")
         if lastconnect is not None:
@@ -1455,7 +1473,7 @@ class Session(object):
                     return nid
 
         result = {n: {"complete": False, "result": [], "command": command} for n in nodeids}
-        async def _():
+        async def _console():
             async for event in self.events({"action": "msg", "type": "console"}):
                 node = match_nodeid(event["nodeid"], nodeids)
                 if node:
@@ -1463,37 +1481,62 @@ class Session(object):
                         result.setdefault(node, {})["complete"] = True
                         if all(_["complete"] for key, _ in result.items()):
                             break
+                        continue
                     elif (event["value"].startswith("Run commands")):
                         continue
                     result[node]["result"].append(event["value"])
-        async def __(command):
+
+        # We create this task AFTER getting the first message, but I don't feel like implementing this twice, so we'll pass in the first message and have it parsed immediately
+        async def _reply(responseid, start_data=None):
+            # Returns True when all results are in, Falsey otherwise
+            def _parse_event(event):
+                node = match_nodeid(event["nodeid"], nodeids)
+                if node:
+                    result.setdefault(node, {})["complete"] = True
+                    result[node]["result"].append(event["result"])
+                    if all(_["complete"] for key, _ in result.items()):
+                        return True
+
+            if start_data is not None:
+                if _parse_event(start_data):
+                    return
+            async for event in self.events({"action": "msg", "type": "runcommands", "responseid": responseid}):
+                if _parse_event(event):
+                    break
+
+        async def __(command, tg, tasks):
             data = await self._send_command(command, "run_command", timeout=timeout)
 
-            if data.get("result", "ok").lower() != "ok":
+            if data.get("type", None) != "runcommands" and data.get("result", "ok").lower() != "ok":
                 raise exceptions.ServerError(data["result"])
-        
-        expect_response = False
-        if not ignore_output:
-            userid = (await self.user_info())["_id"]
-            for n in nodeids:
-                device_info = await self.device_info(n, timeout=timeout)
-                try:
-                    permissions = device_info.mesh.links.get(userid, {}).get("rights",constants.DeviceRights.norights)\
-                    # This should work for device rights, but it only seems to work for mesh rights. Not sure why, but I can't get the events to show up when the user only has individual device rights
-                    # |device_info.get("links", {}).get(userid, {}).get("rights", constants.DeviceRights.norights)
-                    # If we don't have agentconsole rights, we won't be able te read the output, so fill in blanks on this node
-                    if not permissions&constants.DeviceRights.agentconsole:
-                        result[n]["complete"] = True
-                    else:
-                        expect_response = True
-                except AttributeError:
-                    result[n]["complete"] = True
+            elif data.get("type", None) != "runcommands" and data.get("result", "ok").lower() == "ok":
+                expect_response = False
+                console_task = tg.create_task(asyncio.wait_for(_console(), timeout=timeout))
+                if not ignore_output:
+                    userid = (await self.user_info())["_id"]
+                    for n in nodeids:
+                        device_info = await self.device_info(n, timeout=timeout)
+                        try:
+                            permissions = device_info.mesh.links.get(userid, {}).get("rights",constants.DeviceRights.norights)\
+                            # This should work for device rights, but it only seems to work for mesh rights. Not sure why, but I can't get the events to show up when the user only has individual device rights
+                            # |device_info.get("links", {}).get(userid, {}).get("rights", constants.DeviceRights.norights)
+                            # If we don't have agentconsole rights, we won't be able te read the output, so fill in blanks on this node
+                            if not permissions&constants.DeviceRights.agentconsole:
+                                result[n]["complete"] = True
+                            else:
+                                expect_response = True
+                        except AttributeError:
+                            result[n]["complete"] = True
+                if expect_response:
+                    tasks.append(console_task)
+                else:
+                    console_task.cancel()
+            elif data.get("type", None) == "runcommands" and not ignore_output:
+                tasks.append(tg.create_task(asyncio.wait_for(_reply(data["responseid"], start_data=data), timeout=timeout)))
 
         tasks = []
         async with asyncio.TaskGroup() as tg:
-            if expect_response:
-                tasks.append(tg.create_task(asyncio.wait_for(_(), timeout=timeout)))
-            tasks.append(tg.create_task(__({ "action": 'runcommands', "nodeids": nodeids, "type": (2 if powershell else 0), "cmds": command, "runAsUser": runAsUser })))
+            tasks.append(tg.create_task(__({ "action": 'runcommands', "nodeids": nodeids, "type": (2 if powershell else 0), "cmds": command, "runAsUser": runAsUser, "reply": not ignore_output}, tg, tasks)))
 
         return {n: v | {"result": "".join(v["result"])} for n,v in result.items()}
 
@@ -1736,10 +1779,11 @@ class Session(object):
             tasks.append(tg.create_task(asyncio.wait_for(_(), timeout=timeout)))
             tasks.append({ "action": 'msg', "type": 'openUrl', "nodeid": nodeid, "url": url }, "device_open_url", timeout=timeout)
 
+        
+        success = tasks[0].result()
         res = tasks[1].result()
-        success = tasks[2].result()
 
-        if data.get("result", "ok").lower() != "ok":
+        if res.get("result", "ok").lower() != "ok":
             raise exceptions.ServerError(data["result"])
 
         if not success:
@@ -1963,4 +2007,4 @@ class _FileExplorerWrapper:
         return await self._files.__aenter__()
 
     async def __aexit__(self, exc_t, exc_v, exc_tb):
-        return await self._files.__aexit__(exc_t, exc_v, exc_tb)
+        return await self._files.__aexit__(exc_t, exc_v, exc_tb)

src/meshctrl/tunnel.py

@@ -67,7 +67,7 @@ class Tunnel(object):
             self.url = self._session.url.replace('/control.ashx', '/meshrelay.ashx?browser=1&p=' + str(self._protocol) + '&nodeid=' + self.node_id + '&id=' + self._tunnel_id + '&auth=' + self._authcookie["cookie"])
 
 
-            async for websocket in util.proxy_connect(self.url, proxy_url=self._session._proxy, process_exception=util._process_websocket_exception, **options):
+            async for websocket in websockets.asyncio.client.connect(self.url, proxy=self._session._proxy, process_exception=util._process_websocket_exception, **options):
                 self.alive = True
                 self._socket_open.set()
                 try:

src/meshctrl/util.py

@@ -11,7 +11,6 @@ import ssl
 import functools
 import urllib
 import python_socks
-from python_socks.async_.asyncio import Proxy
 from . import exceptions
 
 def _encode_cookie(o, key):
@@ -140,17 +139,20 @@ def compare_dict(dict1, dict2):
         return False
 
 def _check_socket(f):
+    async def _check_errs(self):
+        if not self.alive and self._main_loop_error is not None:
+            raise self._main_loop_error
+        elif not self.alive and self.initialized.is_set():
+            raise exceptions.SocketError("Socket Closed")
+
     @functools.wraps(f)
     async def wrapper(self, *args, **kwargs):
         try:
-            async with asyncio.TaskGroup() as tg:
-                tg.create_task(asyncio.wait_for(self.initialized.wait(), 10))
-                tg.create_task(asyncio.wait_for(self._socket_open.wait(), 10))
+            await asyncio.wait_for(self.initialized.wait(), 10)
+            await _check_errs(self)
+            await asyncio.wait_for(self._socket_open.wait(), 10)
         finally:
-            if not self.alive and self._main_loop_error is not None:
-                raise self._main_loop_error
-            elif not self.alive and self.initialized.is_set():
-                raise exceptions.SocketError("Socket Closed")
+            await _check_errs(self)
             return await f(self, *args, **kwargs)
     return wrapper
 
@@ -161,17 +163,7 @@ def _process_websocket_exception(exc):
         return exc
     if isinstance(exc, python_socks._errors.ProxyError):
         return None
-    return tmp
-
-class proxy_connect(websockets.asyncio.client.connect):
-    def __init__(self,*args, proxy_url=None, **kwargs):
-        self.proxy = None
-        if proxy_url is not None:
-            self.proxy = Proxy.from_url(proxy_url)
-        super().__init__(*args, **kwargs)
-
-    async def create_connection(self, *args, **kwargs):
-        if self.proxy is not None:
-            parsed = urllib.parse.urlparse(self.uri)
-            self.connection_kwargs["sock"] = await self.proxy.connect(dest_host=parsed.hostname, dest_port=parsed.port)
-        return await super().create_connection(*args, **kwargs)
+    # Proxy errors show up like this now, and it's default to error out. Handle explicitly.
+    if isinstance(exc, websockets.exceptions.InvalidProxyMessage):
+        return None
+    return tmp

tests/environment/__init__.py

@@ -62,7 +62,7 @@ class TestEnvironment(object):
             return self
         # Destroy the env in case it wasn't killed correctly last time.
         subprocess.check_call(["docker", "compose", "down"], stdout=subprocess.DEVNULL, cwd=thisdir)
-        self._subp = _docker_process = subprocess.Popen(["docker", "compose", "up", "--build", "--force-recreate", "--no-deps"], stdout=subprocess.DEVNULL, cwd=thisdir)
+        self._subp = _docker_process = subprocess.Popen(["docker", "compose", "up", "--build", "--force-recreate", "--no-deps"], cwd=thisdir)
         if not self._wait_for_meshcentral():
             self.__exit__(None, None, None)
             raise Exception("Failed to create docker instance")

tests/environment/client.dockerfile

@@ -1,4 +1,4 @@
-FROM python:3.12
+FROM python:3.13
 WORKDIR /usr/local/app
 
 # Install the application dependencies

tests/environment/config/meshcentral/overrides/.gitignore

@@ -0,0 +1,4 @@
+# Ignore everything in this directory
+*
+# Except this file
+!.gitignore

tests/environment/meshcentral.dockerfile

@@ -1,7 +1,8 @@
-FROM ghcr.io/ylianst/meshcentral:latest
+FROM ghcr.io/ylianst/meshcentral:1.1.50
 RUN apk add curl
 RUN apk add python3
 WORKDIR /opt/meshcentral/
 COPY ./scripts/meshcentral ./scripts
 COPY ./config/meshcentral/data /opt/meshcentral/meshcentral-data
-CMD ["python3", "/opt/meshcentral/scripts/create_users.py"]
+COPY ./config/meshcentral/overrides /opt/meshcentral/meshcentral
+ENTRYPOINT ["python3", "/opt/meshcentral/scripts/create_users.py"]

tests/environment/scripts/meshcentral/create_users.py

@@ -7,9 +7,9 @@ thisdir = os.path.abspath(os.path.dirname(__file__))
 with open(os.path.join(thisdir, "users.json")) as infile:
     users = json.load(infile)
 for username, password in users.items():
-    subprocess.check_output(["node", "/opt/meshcentral/meshcentral", "--createaccount", username, "--pass", password, "--name", username])
+    print(subprocess.check_output(["node", "/opt/meshcentral/meshcentral", "--createaccount", username, "--pass", password, "--name", username]))
 
 
-subprocess.check_output(["node", "/opt/meshcentral/meshcentral", "--adminaccount", "admin"])
+print(subprocess.check_output(["node", "/opt/meshcentral/meshcentral", "--adminaccount", "admin"]))
 
-subprocess.call(["bash", "/opt/meshcentral/startup.sh"])
+subprocess.call(["bash", "/opt/meshcentral/entrypoint.sh"])

tests/requirements.txt

@@ -1,6 +1,6 @@
 requests
 pytest-asyncio
 cffi==1.17.1
-cryptography==43.0.3
+cryptography~=44.0.1
 pycparser==2.22
-websockets==13.1
+websockets~=15.0.0

tests/test_files.py

@@ -120,7 +120,7 @@ async def test_upload_download(env):
                     downfilestream.seek(0)
 
                     start = time.perf_counter()
-                    r = await files.download(f"{pwd}/test", downfilestream, skip_http_attempt=True, timeout=5)
+                    r = await files.download(f"{pwd}/test", downfilestream, skip_http_attempt=True, timeout=20)
                     print("\ninfo files_download: {}\n".format(r))
                     assert r["result"] == True, "Download failed"
                     assert r["size"] == len(randdata), "Downloaded wrong number of bytes"

tests/test_sanity.py

@@ -9,16 +9,7 @@ import requests
 
 async def test_sanity(env):
     async with meshctrl.Session(env.mcurl, user="unprivileged", password=env.users["unprivileged"], ignore_ssl=True) as s:
-        got_pong = asyncio.Event()
-        async def _():
-            async for raw in s.raw_messages():
-                if raw == '{action:"pong"}':
-                    got_pong.set()
-                    break
-        ping_task = None
         async with asyncio.TaskGroup() as tg:
-            tg.create_task(asyncio.wait_for(_(), timeout=5))
-            tg.create_task(asyncio.wait_for(got_pong.wait(), timeout=5))
             ping_task = tg.create_task(s.ping(timeout=10))
         print("\ninfo ping: {}\n".format(ping_task.result()))
         print("\ninfo user_info: {}\n".format(await s.user_info()))

tests/test_session.py

@@ -5,6 +5,8 @@ import meshctrl
 import requests
 import random
 import io
+import traceback
+import time
 thisdir = os.path.dirname(os.path.realpath(__file__))
 
 async def test_admin(env):
@@ -44,9 +46,11 @@ async def test_auto_reconnect(env):
         for i in range(3):
             try:
                 await admin_session.ping(timeout=10)
-            except:
-                continue
-            break
+            except* Exception as e:
+                print("".join(traceback.format_exception(e)))
+                pass
+            else:
+                break
         else:
             raise Exception("Failed to reconnect")
 
@@ -55,6 +59,7 @@ async def test_auto_reconnect(env):
             try:
                 await admin_session.ping(timeout=10)
             except* Exception as e:
+                print("".join(traceback.format_exception(e)))
                 pass
             else:
                 break
@@ -77,6 +82,17 @@ async def test_users(env):
         pass
     else:
         raise Exception("Connected with no password")
+
+    start = time.time()
+    try:
+        async with meshctrl.Session(env.mcurl, user="admin", password="The wrong password", ignore_ssl=True) as admin_session:
+            pass
+    except* meshctrl.exceptions.ServerError as eg:
+        assert str(eg.exceptions[0]) == "Invalid Auth" or eg.exceptions[0].message == "Invalid Auth", "Didn't get invalid auth message"
+        assert time.time() - start < 10, "Invalid auth wasn't raised until after timeout"
+        pass
+    else:
+        raise Exception("Connected with bad password")
     async with meshctrl.Session(env.mcurl+"/", user="admin", password=env.users["admin"], ignore_ssl=True) as admin_session,\
                meshctrl.Session(env.mcurl, user="privileged", password=env.users["privileged"], ignore_ssl=True) as privileged_session,\
                meshctrl.Session(env.mcurl, user="unprivileged", password=env.users["unprivileged"], ignore_ssl=True) as unprivileged_session:
@@ -187,21 +203,24 @@ async def test_mesh_device(env):
 
         assert r[0].description == "New description", "Description either failed to change, or was changed by a user without permission to do so"
 
-        with env.create_agent(mesh.short_meshid) as agent:
+        # There once was a bug that occured whenever running run_commands with multiple meshes. We need to add devices to both meshes to be sure that bug is squashed.
+        with env.create_agent(mesh.short_meshid) as agent,\
+             env.create_agent(mesh.short_meshid) as agent2,\
+             env.create_agent(mesh2.short_meshid) as agent3:
             # Test agent added to device group being propagated correctly
             # Create agent isn't so good at waiting for the agent to show in the sessions. Give it a couple seconds to appear.
             for i in range(3):
                 try:
                     r = await admin_session.list_devices(timeout=10)
                     print("\ninfo list_devices: {}\n".format(r))
-                    assert len(r) == 1, "Incorrect number of agents connected"
+                    assert len(r) == 3, "Incorrect number of agents connected"
                 except:
                     if i == 2:
                         raise
                     await asyncio.sleep(1)
                 else:
                     break
-            assert len(await privileged_session.list_devices(timeout=10)) == 1, "Incorrect number of agents connected"
+            assert len(await privileged_session.list_devices(timeout=10)) == 2, "Incorrect number of agents connected"
             assert len(await unprivileged_session.list_devices(timeout=10)) == 0, "Unprivileged account has access to agent it should not"
 
             r = await admin_session.list_devices(details=True, timeout=10)
@@ -213,6 +232,9 @@ async def test_mesh_device(env):
             r = await admin_session.list_devices(meshid=mesh.meshid, timeout=10)
             print("\ninfo list_devices_meshid: {}\n".format(r))
 
+            r = await admin_session.device_info(agent.nodeid, timeout=10)
+            print("\ninfo admin_device_info: {}\n".format(r))
+
             # Test editing device info propagating correctly
             assert await admin_session.edit_device(agent.nodeid, name="new_name", description="New Description", tags="device", consent=meshctrl.constants.ConsentFlags.all, timeout=10), "Failed to edit device info"
 
@@ -221,12 +243,23 @@ async def test_mesh_device(env):
             assert await admin_session.edit_device(agent.nodeid, consent=meshctrl.constants.ConsentFlags.none, timeout=10), "Failed to edit device info"
 
             # Test run_commands
-            r = await admin_session.run_command(agent.nodeid, "ls", timeout=10)
+            r = await admin_session.run_command([agent.nodeid, agent2.nodeid], "ls", timeout=10)
             print("\ninfo run_command: {}\n".format(r))
             assert "meshagent" in r[agent.nodeid]["result"], "ls gave incorrect data"
+            assert "meshagent" in r[agent2.nodeid]["result"], "ls gave incorrect data"
+            assert "Run commands completed." not in r[agent.nodeid]["result"], "Didn't parse run command ending correctly"
+            assert "Run commands completed." not in r[agent2.nodeid]["result"], "Didn't parse run command ending correctly"
             assert "meshagent" in (await privileged_session.run_command(agent.nodeid, "ls", timeout=10))[agent.nodeid]["result"], "ls gave incorrect data"
 
-            # Test run commands with ndividual device permissions
+            # Test run_commands missing device
+            try:
+                await admin_session.run_command([agent.nodeid, "notanid"], "ls", timeout=10)
+            except* (meshctrl.exceptions.ServerError, ValueError):
+                pass
+            else:
+                raise Exception("Run command on a device that doesn't exist did not raise an exception")
+
+            # Test run commands with individual device permissions
             try:
                 await unprivileged_session.run_command(agent.nodeid, "ls", timeout=10)
             except* (meshctrl.exceptions.ServerError, ValueError):
@@ -241,7 +274,7 @@ async def test_mesh_device(env):
             else:
                 raise Exception("Unprivileged user has access to device it should not")
 
-            assert (await admin_session.add_users_to_device((await unprivileged_session.user_info())["_id"], agent.nodeid, meshctrl.constants.MeshRights.norights)), "Failed to add user to device"
+            assert (await admin_session.add_users_to_device((await unprivileged_session.user_info())["_id"], agent.nodeid, meshctrl.constants.DeviceRights.norights)), "Failed to add user to device"
 
             try:
                 await unprivileged_session.run_command(agent.nodeid, "ls", ignore_output=True, timeout=10)
@@ -252,19 +285,21 @@ async def test_mesh_device(env):
 
             # Test getting individual device info
             r = await unprivileged_session.device_info(agent.nodeid, timeout=10)
-            print("\ninfo device_info: {}\n".format(r))
+            print("\ninfo unprivileged_device_info: {}\n".format(r))
 
             # This device info includes the mesh ID of the device, even though the user doesn't have acces to that mesh. That's odd.
             # assert r.meshid is None, "Individual device is exposing its meshid"
 
             assert r.links[(await unprivileged_session.user_info())["_id"]]["rights"] == meshctrl.constants.DeviceRights.norights, "Unprivileged user has too many rights!"
 
-            assert (await admin_session.add_users_to_device([(await unprivileged_session.user_info())["_id"]], agent.nodeid, meshctrl.constants.DeviceRights.remotecontrol|meshctrl.constants.DeviceRights.agentconsole|meshctrl.constants.DeviceRights.remotecommands)), "Failed to modify user's permissions"
+            assert (await admin_session.add_users_to_device([(await unprivileged_session.user_info())["_id"]], agent.nodeid, meshctrl.constants.DeviceRights.fullrights)), "Failed to modify user's permissions"
 
-            assert (await unprivileged_session.device_info(agent.nodeid, timeout=10)).links[(await unprivileged_session.user_info())["_id"]]["rights"] == meshctrl.constants.DeviceRights.remotecontrol|meshctrl.constants.DeviceRights.agentconsole|meshctrl.constants.DeviceRights.remotecommands, "Adding permissions did not update unprivileged user."
+            assert (await unprivileged_session.device_info(agent.nodeid, timeout=10)).links[(await unprivileged_session.user_info())["_id"]]["rights"] == meshctrl.constants.DeviceRights.fullrights, "Adding permissions did not update unprivileged user."
 
-            # For now, this expects no response. If we ever figure out why the server isn't sending console information te us when it should, fix this.
+            # For now, this expects no response. If we ever figure out why the server isn't sending console information to us when it should, fix this.
             # assert "meshagent" in (await unprivileged_session.run_command(agent.nodeid, "ls", timeout=10))[agent.nodeid]["result"], "ls gave incorrect data"
+            # Meshcentral has a 10 second cache on user perms.
+            #await asyncio.sleep(15)
             await unprivileged_session.run_command(agent.nodeid, "ls", timeout=10)
 
             assert await admin_session.move_to_device_group(agent.nodeid, mesh2.meshid, timeout=5), "Failed to move mesh to new device group"
@@ -278,7 +313,7 @@ async def test_mesh_device(env):
 
             assert await admin_session.move_to_device_group([agent.nodeid], mesh.name, isname=True, timeout=5), "Failed to move mesh to new device group by name"
 
-            # For now, this expe namects no response. If we ever figure out why the server isn't sending console information te us when it should, fix this.
+            # For now, this expects no response. If we ever figure out why the server isn't sending console information te us when it should, fix this.
             # assert "meshagent" in (await unprivileged_session.run_command(agent.nodeid, "ls", timeout=10))[agent.nodeid]["result"], "ls gave incorrect data"
             try:
                 await unprivileged_session.run_command(agent.nodeid, "ls", timeout=10)