From 789b6e4ecf01616452c82e52f425fce2d9d1da4d Mon Sep 17 00:00:00 2001 From: downhill Date: Sun, 14 Oct 2018 19:21:17 +0200 Subject: [PATCH] Fixed typos and bugs, running okay on testenv --- dal/dal/settings.py | 6 +++--- dal/dal/templates/changedpassword.html | 7 ++++++ dal/dal/templates/deleteaccount.html | 1 + dal/dal/templates/usercreated.html | 7 ++++++ dal/dal/templates/useroptions.html | 3 +++ dal/dal/urls.py | 3 ++- dal/dal/views.py | 20 +++++++++++------ nameko-func.py | 30 +++++++++++++++++--------- 8 files changed, 56 insertions(+), 21 deletions(-) create mode 100644 dal/dal/templates/changedpassword.html create mode 100644 dal/dal/templates/usercreated.html diff --git a/dal/dal/settings.py b/dal/dal/settings.py index 0dfd7c7..2ce1abe 100644 --- a/dal/dal/settings.py +++ b/dal/dal/settings.py @@ -96,10 +96,10 @@ MIDDLEWARE = [ # Backend for auth -#AUTHENTICATION_BACKENDS = ( -# 'django_auth_ldap.backend.LDAPBackend', +AUTHENTICATION_BACKENDS = ( + 'django_auth_ldap.backend.LDAPBackend', # 'django.contrib.auth.backends.ModelBackend', -#) +) ROOT_URLCONF = 'dal.urls' diff --git a/dal/dal/templates/changedpassword.html b/dal/dal/templates/changedpassword.html new file mode 100644 index 0000000..8ae9707 --- /dev/null +++ b/dal/dal/templates/changedpassword.html @@ -0,0 +1,7 @@ + Password for {{user}} changed. + +

The password for {{user}} has been changed.

+

+
+ +
diff --git a/dal/dal/templates/deleteaccount.html b/dal/dal/templates/deleteaccount.html index bcc340b..b960f38 100644 --- a/dal/dal/templates/deleteaccount.html +++ b/dal/dal/templates/deleteaccount.html @@ -8,6 +8,7 @@

To delete an account, please type the username and password below:
+ {% csrf_token %}

Username:


Password:
diff --git a/dal/dal/templates/usercreated.html b/dal/dal/templates/usercreated.html new file mode 100644 index 0000000..a428109 --- /dev/null +++ b/dal/dal/templates/usercreated.html @@ -0,0 +1,7 @@ + User {{ user }} created. + +

User {{ user }} was successfully created.

+

+ + +
diff --git a/dal/dal/templates/useroptions.html b/dal/dal/templates/useroptions.html index ec60fc6..085fbe3 100644 --- a/dal/dal/templates/useroptions.html +++ b/dal/dal/templates/useroptions.html @@ -19,3 +19,6 @@ You have the following options:
+
+ +
diff --git a/dal/dal/urls.py b/dal/dal/urls.py index efdb67c..0bf7d78 100644 --- a/dal/dal/urls.py +++ b/dal/dal/urls.py @@ -18,7 +18,7 @@ from django.urls import path from django.conf.urls import url from django.contrib import admin -from .views import Register, ChangeData, ChangePassword, ResetPassword, DeleteAccount, Index +from .views import Register, ChangeData, ChangePassword, ResetPassword, DeleteAccount, Index, LogOut urlpatterns = [ # path('admin/', admin.site.urls), @@ -28,4 +28,5 @@ urlpatterns = [ path('changepassword/', ChangePassword.as_view(), name="change_password"), path('deleteaccount/', DeleteAccount.as_view(), name="account_delete"), path('index/', Index.as_view(), name="index"), + path('logout/', LogOut.as_view(), name="logout"), ] diff --git a/dal/dal/views.py b/dal/dal/views.py index 3ac0ce5..514df85 100644 --- a/dal/dal/views.py +++ b/dal/dal/views.py @@ -1,6 +1,6 @@ from django.shortcuts import render from django.views.generic import View -from django.contrib.auth import authenticate, login +from django.contrib.auth import authenticate, login, logout from django.contrib.auth.models import User from django.http import HttpResponse, HttpResponseRedirect from django.core.validators import validate_email, ValidationError @@ -106,13 +106,13 @@ class ChangeData(View): login(request, user) # get basic data (firstname, lastname, email) with get_pool().next() as rpc: - (state, firstname, lastname, email) = rpc.getuserdata.get_data(user) + (state, firstname, lastname, email) = rpc.getuserdata.get_data(str(request.user)) # If it throws an error, the errormessage gets put into firstname.. not great naming, but works best this way if state == "error": return render(request, 'error.html', { 'urlname': urlname, 'service': service, 'error': firstname } ) # The template puts the old data as standard in the fields else: - return render(request, 'changeuserdata.html', { 'user': user, 'firstname': firstname, 'lastname': lastname, 'email': email } ) + return render(request, 'changeuserdata.html', { 'user': str(request.user), 'firstname': firstname, 'lastname': lastname, 'email': email } ) # get the change request def post(self, request): @@ -123,7 +123,7 @@ class ChangeData(View): if not request.user.is_authenticated: return render(request, 'mustbeloggedin.html') - user = request.user + user = str(request.user) firstname = request.POST.get('firstname') lastname = request.POST.get('lastname') email = request.POST.get('email') @@ -199,7 +199,7 @@ class ChangePassword(View): return render(request, 'mustbeloggedin.html') login(request, request.user) - user = request.user + user = str(request.user) oldpassword = request.POST.get('oldpassword') check = authenticate(request, username=user, password=oldpassword) # Is the right password for the user supplied? @@ -249,12 +249,18 @@ class DeleteAccount(View): # Try to delete the user with get_pool().next() as rpc: - result = rpc.deleteuser.delete_user(user) + result = rpc.deleteuser.delete_user(username) # User deleted if result == True: + logout(request) return render(request, 'deleteduser.html', { 'user': username } ) # User not deleted, got some kind of error else: return render(request, 'error.html', { 'urlname': urlname, 'service': service, 'error': result } ) - + +class LogOut(View): + + def get(self, request): + logout(request) + return HttpResponse("You have been logged out.", status=200) diff --git a/nameko-func.py b/nameko-func.py index 8eaee64..7b95046 100644 --- a/nameko-func.py +++ b/nameko-func.py @@ -44,12 +44,19 @@ def ldapservers(): def user_or_customer(uid): server = ldapservers() conn = Connection(server) - if conn.search('ou=customers,dc=ungleich,dc=ch', '(%s)' % uid): + conn.bind() + search_customers = conn.search('ou=customers,dc=ungleich,dc=ch', '(%s)' % uid) +# if conn.search('ou=customers,dc=ungleich,dc=ch', '(%s)' % uid): + if search_customers: + conn.unbind() return '%s,ou=customers,dc=ungleich,dc=ch' % uid - elif conn.search('ou=customers,dc=ungleich,dc=ch', '(%s)' % uid): + search_users = conn.search('ou=customers,dc=ungleich,dc=ch', '(%s)' % uid) +# elif conn.search('ou=customers,dc=ungleich,dc=ch', '(%s)' % uid): + if search_users: + conn.unbind() return '%s,ou=customers,dc=ungleich,dc=ch' % uid - else: - return False + conn.unbind() + return False # checks if a user already exists in the LDAP @@ -72,7 +79,7 @@ class UserLookUp(object): #if conn.search('ou=customers,dc=ungleich,dc=ch', '(%s)' % LDAP_UID) or conn.search('ou=users,dc=ungleich,dc=ch', '(%s)' % LPAD_UID): if x or y: # return conn.entries[0] for first search result since we can assume uid is unique - self.dispatch('ldap', '%s [Info: UserLookUp] Searched for %s and found it: %s\n' % (datetime.now(), LDAP_UID, str(conn.entries[0])) ) + self.dispatch('ldap', '%s [Info: UserLookUp] Searched for %s and found it\n' % (datetime.now(), LDAP_UID) ) conn.unbind() # return True since the user is already in LDAP return True @@ -132,7 +139,8 @@ class GetUserData(object): LDAP_UID = 'uid=%s' % user server = ldapservers() conn = Connection(server) - if not conn.bind(): + conn.bind() + if not conn.bound: self.dispatch('ldap', '%s [Error GetUserData] Could not connect to LDAP server.\n' % datetime.now() ) return ("error", "Could not connect to LDAP server.", "", "") rdn = user_or_customer(LDAP_UID) @@ -234,7 +242,7 @@ class ChangePassword(object): @rpc def change_password(self, user, newpassword): - LDAP_UID = 'uid=%s' + LDAP_UID = 'uid=%s' % user server = ldapservers() conn = Connection(server, config['LDAP']['LDAPMANAGER'], config['LDAP']['LDAPMANAGERPASSWORD']) if not conn.bind(): @@ -277,10 +285,11 @@ class DeleteUser(object): @rpc def delete_user(self, user): - LDAP_UID = user + LDAP_UID = 'uid=%s' % user server = ldapservers() conn = Connection(server, config['LDAP']['LDAPMANAGER'], config['LDAP']['LDAPMANAGERPASSWORD']) - if not conn.bind(): + conn.bind() + if not conn.bound: self.dispatch('ldap', '%s [Error DeleteUser] Could not connect to LDAP server.\n' % datetime.now() ) return "Could not connect to LDAP server." # again, check whether the uid= is in ou=users or ou=customers @@ -290,7 +299,8 @@ class DeleteUser(object): self.dispatch('ldap', '%s [Error DeleteUser] Could not find the user %s\n' % (datetime.now(), LDAP_UID) ) return "Could not find the user." # Check if the delete was successfull - if not conn.delete(dn): + deleted = conn.delete(dn) + if not deleted: conn.unbind() self.dispatch('ldap', '%s [Error DeleteUser] Could not delete %s\n' % (datetime.now(), dn) ) return "Could not delete the user."