2019-01-26 13:02:37 +00:00
# Imports from django
2018-10-09 17:49:47 +00:00
from django . shortcuts import render
from django . views . generic import View
2018-10-14 17:21:17 +00:00
from django . contrib . auth import authenticate , login , logout
2018-10-09 17:49:47 +00:00
from django . contrib . auth . models import User
from django . http import HttpResponse , HttpResponseRedirect
2018-10-14 15:48:11 +00:00
from django . core . validators import validate_email , ValidationError
2018-10-09 17:49:47 +00:00
from django . urls import reverse_lazy
2018-10-15 15:52:15 +00:00
from django . contrib . auth . tokens import PasswordResetTokenGenerator
2018-10-16 18:25:50 +00:00
from django . core . mail import EmailMessage
from . models import ResetToken
# Imports for the extra stuff not in django
2019-01-26 13:02:37 +00:00
2018-10-15 15:52:15 +00:00
from base64 import b64encode , b64decode
from datetime import datetime
2019-01-26 13:02:37 +00:00
2018-10-16 18:25:50 +00:00
from random import choice , randint
import string
2018-11-07 12:08:46 +00:00
2019-01-26 16:46:06 +00:00
import os
2019-01-26 14:19:58 +00:00
2019-01-26 16:46:06 +00:00
# Use ldap, like django_auth_backend
import ldap
2019-01-27 12:00:45 +00:00
import ldap . modlist as modlist
2018-10-09 17:49:47 +00:00
2019-01-26 16:46:06 +00:00
from django . conf import settings
2018-10-09 17:49:47 +00:00
2018-10-16 18:25:50 +00:00
2019-01-26 14:19:58 +00:00
class LDAP ( object ) :
def __init__ ( self ) :
2019-01-26 16:46:06 +00:00
self . uri = settings . AUTH_LDAP_SERVER_URI
2019-01-26 14:19:58 +00:00
self . user = settings . AUTH_LDAP_BIND_DN
self . password = settings . AUTH_LDAP_BIND_PASSWORD
2018-10-16 18:25:50 +00:00
2019-01-26 14:19:58 +00:00
# FIXME: take from settings
2019-01-26 16:46:06 +00:00
self . search_base = os . environ [ ' LDAPSEARCH ' ]
self . search_scope = ldap . SCOPE_SUBTREE
self . search_filter = " objectClass=inetOrgPerson "
2018-10-16 18:25:50 +00:00
2019-01-26 14:19:58 +00:00
# FIXME: hard coded
self . dn = " uid= {{ }}, {} " . format ( os . environ [ ' LDAPCREATE ' ] )
2019-01-26 16:46:06 +00:00
self . gid = " 10004 "
2018-10-16 18:25:50 +00:00
2019-01-26 16:46:06 +00:00
self . conn = ldap . initialize ( self . uri )
if settings . AUTH_LDAP_START_TLS :
self . conn . start_tls_s ( )
2019-01-26 14:19:58 +00:00
2019-01-26 16:46:06 +00:00
self . conn . bind_s ( self . user , self . password )
2019-01-26 14:19:58 +00:00
2019-01-26 16:46:06 +00:00
def check_user_exists ( self , username ) :
2019-01-27 12:00:45 +00:00
exists = False
2019-01-26 16:46:06 +00:00
result = self . conn . search_s ( self . search_base ,
self . search_scope ,
self . dn . format ( username ) )
2019-01-27 12:00:45 +00:00
if len ( result ) > 0 :
exists = True
return exists
2019-01-26 14:19:58 +00:00
2019-01-26 16:46:06 +00:00
def create_user ( self , user , password , firstname , lastname , email ) :
dn = self . dn . format ( user )
2019-01-27 12:00:45 +00:00
attr = {
" objectClass " : [ " inetOrgPerson " . encode ( " utf-8 " ) ,
" posixAccount " . encode ( " utf-8 " ) ,
" ldapPublickey " . encode ( " utf-8 " ) ] ,
" uid " : [ user . encode ( " utf-8 " ) ] ,
" sn " : [ lastname . encode ( " utf-8 " ) ] ,
" givenName " : [ firstname . encode ( " utf-8 " ) ] ,
" cn " : [ " {} {} " . format ( firstname , lastname ) . encode ( " utf-8 " ) ] ,
" displayName " : [ " {} {} " . format ( firstname , lastname ) . encode ( " utf-8 " ) ] ,
" uidNumber " : [ " {} " . format ( self . get_new_uid_number ( ) ) . encode ( " utf-8 " ) ] ,
" gidNumber " : [ self . gid . encode ( " utf-8 " ) ] ,
" loginShell " : [ " /bin/bash " . encode ( " utf-8 " ) ] ,
" homeDirectory " : [ " /home/ {} " . format ( user ) . encode ( " utf-8 " ) ] ,
" mail " : email . encode ( " utf-8 " ) ,
" userPassword " : password . encode ( " utf-8 " )
2019-01-26 16:46:06 +00:00
}
2019-01-27 12:00:45 +00:00
ldif = modlist . addModlist ( attr )
print ( " just before: {} {} " . format ( dn , ldif ) )
return self . conn . add_s ( dn , ldif )
2019-01-26 16:46:06 +00:00
def get_new_uid_number ( self ) :
uidlist = [ 0 ]
for result in self . conn . search_s ( self . search_base ,
self . search_scope ,
self . search_filter ) :
2019-01-27 12:00:45 +00:00
if ' uidNumber ' in result [ 1 ] :
uidlist . append ( int ( result [ 1 ] [ ' uidNumber ' ] [ 0 ] ) )
2019-01-26 16:46:06 +00:00
return sorted ( uidlist ) [ - 1 ] + 1
2019-01-26 14:19:58 +00:00
class Index ( View ) :
2018-10-09 17:49:47 +00:00
def get ( self , request ) :
2018-10-10 16:07:22 +00:00
if request . user . is_authenticated :
return render ( request , ' useroptions.html ' , { ' user ' : request . user } )
2018-10-09 17:49:47 +00:00
return render ( request , ' landing.html ' )
2019-01-26 13:02:37 +00:00
2018-10-09 17:49:47 +00:00
def post ( self , request ) :
username = request . POST . get ( ' username ' )
password = request . POST . get ( ' password ' )
2018-10-14 19:40:36 +00:00
pwd = r ' %s ' % password
user = authenticate ( request , username = username , password = pwd )
2018-10-09 17:49:47 +00:00
if user is not None :
login ( request , user )
2018-10-10 16:07:22 +00:00
return render ( request , ' useroptions.html ' , { ' user ' : user } )
2018-10-09 17:49:47 +00:00
return render ( request , ' loginfailed.html ' )
class Register ( View ) :
def get ( self , request ) :
return render ( request , ' registeruser.html ' )
# Someone filled out the register page, do some basic checks and throw it at nameko
def post ( self , request ) :
2019-01-26 16:46:06 +00:00
l = LDAP ( )
2018-10-10 16:07:22 +00:00
service = ' register an user '
2018-10-09 17:49:47 +00:00
urlname = ' register '
username = request . POST . get ( ' username ' )
2019-01-26 16:46:06 +00:00
2018-10-14 16:17:59 +00:00
if username == " " or not username :
return render ( request , ' error.html ' , { ' urlname ' : urlname , ' service ' : service , ' error ' : ' Please supply a username. ' } )
2019-01-26 14:19:58 +00:00
2019-01-26 16:46:06 +00:00
if l . check_user_exists ( username ) :
2018-10-14 19:45:03 +00:00
return render ( request , ' error.html ' , { ' urlname ' : urlname , ' service ' : service , ' error ' : ' User already exists. ' } )
2019-01-26 16:46:06 +00:00
2018-10-09 17:49:47 +00:00
password1 = request . POST . get ( ' password1 ' )
password2 = request . POST . get ( ' password2 ' )
if password1 != password2 :
2019-01-26 14:19:58 +00:00
return render ( request , ' error.html ' , { ' urlname ' : urlname ,
' service ' : service ,
2019-01-26 16:46:06 +00:00
' error ' : " Passwords don ' t match. " } )
2018-10-23 16:13:25 +00:00
2018-10-09 17:49:47 +00:00
email = request . POST . get ( ' email ' )
2018-10-14 15:48:11 +00:00
try :
validate_email ( email )
except ValidationError :
2019-01-26 16:46:06 +00:00
return render ( request , ' error.html ' , { ' urlname ' : urlname ,
' service ' : service ,
' error ' : ' The supplied email address is invalid. ' } )
2018-10-14 15:48:11 +00:00
2018-10-09 17:49:47 +00:00
firstname = request . POST . get ( ' firstname ' )
lastname = request . POST . get ( ' lastname ' )
2019-01-26 16:46:06 +00:00
if not firstname or not lastname :
return render ( request , ' error.html ' , { ' urlname ' : urlname ,
' service ' : service ,
' error ' : ' Please enter your firstname and lastname. ' } )
2018-10-09 17:49:47 +00:00
2019-01-26 14:19:58 +00:00
# so nothing strange happens if there are escapable chars
pwd = r ' %s ' % password1
2018-10-09 17:49:47 +00:00
2019-01-26 14:19:58 +00:00
try :
l . create_user ( username , pwd , firstname , lastname , email )
except Exception as e :
return render ( request , ' error.html ' , { ' urlname ' : urlname ,
' service ' : service ,
' error ' : e } )
2018-10-09 17:49:47 +00:00
2019-01-26 14:19:58 +00:00
return render ( request , ' usercreated.html ' , { ' user ' : username } )
2018-10-14 15:48:11 +00:00
2019-01-26 14:19:58 +00:00
class ChangeData ( View ) :
2018-10-09 17:49:47 +00:00
# provide the form for the change request
def get ( self , request ) :
2018-10-14 15:48:11 +00:00
urlname = ' change_data '
service = ' get default data for logged in user '
2018-10-09 17:49:47 +00:00
if not request . user . is_authenticated :
return render ( request , ' mustbeloggedin.html ' )
user = request . user
2018-10-10 16:07:22 +00:00
login ( request , user )
2018-10-10 12:13:49 +00:00
# get basic data (firstname, lastname, email)
2018-10-14 15:48:11 +00:00
with get_pool ( ) . next ( ) as rpc :
2018-10-14 17:21:17 +00:00
( state , firstname , lastname , email ) = rpc . getuserdata . get_data ( str ( request . user ) )
2018-10-14 15:48:11 +00:00
# If it throws an error, the errormessage gets put into firstname.. not great naming, but works best this way
if state == " error " :
return render ( request , ' error.html ' , { ' urlname ' : urlname , ' service ' : service , ' error ' : firstname } )
2018-10-09 17:49:47 +00:00
# The template puts the old data as standard in the fields
2018-10-14 15:48:11 +00:00
else :
2018-10-14 17:21:17 +00:00
return render ( request , ' changeuserdata.html ' , { ' user ' : str ( request . user ) , ' firstname ' : firstname , ' lastname ' : lastname , ' email ' : email } )
2018-10-09 17:49:47 +00:00
# get the change request
def post ( self , request ) :
# variables for the error page
2018-10-10 16:07:22 +00:00
service = ' change user data '
2018-10-09 17:49:47 +00:00
urlname = ' change_data '
2018-10-16 18:25:50 +00:00
# Only logged in users may change data
2018-10-09 17:49:47 +00:00
if not request . user . is_authenticated :
return render ( request , ' mustbeloggedin.html ' )
2019-01-26 13:02:37 +00:00
2018-10-14 17:21:17 +00:00
user = str ( request . user )
2018-10-09 17:49:47 +00:00
firstname = request . POST . get ( ' firstname ' )
lastname = request . POST . get ( ' lastname ' )
email = request . POST . get ( ' email ' )
2019-01-26 13:02:37 +00:00
2018-10-09 17:49:47 +00:00
# Some sanity checks for the supplied data
if firstname == " " :
return render ( request , ' error.html ' , { ' urlname ' : urlname , ' service ' : service , ' error ' : ' Please enter a firstname. ' } )
elif lastname == " " :
return render ( request , ' error.html ' , { ' urlname ' : urlname , ' service ' : service , ' error ' : ' Please enter a lastname. ' } )
elif email == " " :
return render ( request , ' error.html ' , { ' urlname ' : urlname , ' service ' : service , ' error ' : ' Please enter an email. ' } )
2018-10-14 15:48:11 +00:00
try :
validate_email ( email )
except ValidationError :
2018-10-09 17:49:47 +00:00
return render ( request , ' error.html ' , { ' urlname ' : urlname , ' service ' : service , ' error ' : ' The supplied email address is invalid. ' } )
2018-10-10 12:13:49 +00:00
# Trying to change the data
2018-10-14 15:48:11 +00:00
with get_pool ( ) . next ( ) as rpc :
result = rpc . changeuserdata . change_data ( user , firstname , lastname , email )
# Data change worked
if result == True :
2018-10-09 17:49:47 +00:00
return render ( request , ' changeddata.html ' , { ' user ' : user , ' firstname ' : firstname , ' lastname ' : lastname , ' email ' : email } )
2018-10-14 15:48:11 +00:00
# Data change did not work, display error
else :
return render ( request , ' error.html ' , { ' urlname ' : urlname , ' service ' : service , ' error ' : result } )
2018-10-09 17:49:47 +00:00
class ResetPassword ( View ) :
def get ( self , request ) :
return render ( request , ' resetpassword.html ' )
def post ( self , request ) :
2018-10-10 16:07:22 +00:00
urlname = ' reset_password '
service = ' send a password reset request '
2018-10-09 17:49:47 +00:00
user = request . POST . get ( ' user ' )
2018-10-15 15:52:15 +00:00
# First, check if the user exists
if not check_user_exists ( user ) :
return render ( request , ' error.html ' , { ' urlname ' : urlname , ' service ' : service , ' error ' : ' The user does not exist. ' } )
# user exists, so try to get email
with get_pool ( ) . next ( ) as rpc :
( state , tmp1 , tmp2 , email ) = rpc . getuserdata . get_data ( user )
# Either error with the datalookup or no email provided
if state == " error " or email == ' No email given ' or not email :
return render ( request , ' error.html ' , { ' urlname ' : urlname , ' service ' : service , ' error ' : ' Unable to retrieve email address for user. ' } )
# Try to send the email out
emailsend = self . email ( user , email )
# Email got sent out
if emailsend == True :
return render ( request , ' send_resetrequest.html ' , { ' user ' : user } )
# Error while trying to send email
else :
return render ( request , ' error.html ' , { ' urlname ' : urlname , ' service ' : service , ' error ' : emailsend } )
2018-10-15 19:24:53 +00:00
# Sends an email to the user with the 24h active link for a password reset
2018-10-15 15:52:15 +00:00
def email ( self , user , email ) :
2018-10-15 19:24:53 +00:00
# getting epoch for the time now in UTC to spare us headache with timezones
creationtime = int ( datetime . utcnow ( ) . timestamp ( ) )
2018-10-16 18:25:50 +00:00
# Construct the data for the email
2018-11-07 12:08:46 +00:00
email_from = ' Userservice at ungleich < %s > ' % config [ ' EMAIL ' ] [ ' EMAILFROM ' ]
2018-10-16 18:25:50 +00:00
to = [ ' %s < %s > ' % ( user , email ) ]
2018-10-15 15:52:15 +00:00
subject = ' Password reset request for %s ' % user
2018-10-15 19:24:53 +00:00
link = self . build_reset_link ( user , creationtime )
2018-10-16 18:25:50 +00:00
body = ' This is an automated email which was triggered by a reset request for the user %s . Please do not reply to this email. \n ' % user
2018-10-15 15:52:15 +00:00
body + = ' If you received this email in error, please disregard it. If you get multiple emails like this, please contact us to look into potential abuse. \n '
body + = ' To reset your password, please follow the link below: \n '
body + = ' %s \n \n ' % link
2018-10-15 19:24:53 +00:00
body + = ' The link will remain active for 24 hours. \n '
2018-10-16 18:25:50 +00:00
# Build the email
mail = EmailMessage (
subject = subject ,
body = body ,
from_email = email_from ,
to = to
)
try :
mail . send ( )
result = True
except :
result = " An error occurred while trying to send the mail. "
return result
2018-10-15 15:52:15 +00:00
2018-10-15 19:24:53 +00:00
# Builds the reset link for the email and puts the token into the database
def build_reset_link ( self , user , epochutc ) :
2019-01-26 13:02:37 +00:00
# set up the data
2018-11-07 12:08:46 +00:00
host = ' account-staging.ungleich.ch '
2018-10-15 19:24:53 +00:00
tokengen = PasswordResetTokenGenerator ( )
2018-10-16 18:25:50 +00:00
# create some noise for use in the tokengenerator
pseudouser = PseudoUser ( )
token = tokengen . make_token ( pseudouser )
2018-10-15 19:24:53 +00:00
buser = bytes ( user , ' utf-8 ' )
userpart = b64encode ( buser )
2019-01-26 13:02:37 +00:00
# create entry into the database
2018-10-15 19:24:53 +00:00
newdbentry = ResetToken ( user = user , token = token , creation = epochutc )
newdbentry . save ( )
# set up the link
2018-10-15 15:52:15 +00:00
link = ' https:// %s /reset/ %s / %s / ' % ( host , userpart . decode ( ' utf-8 ' ) , token )
return link
2018-10-15 19:24:53 +00:00
# Catch the resetrequest URL and check it
2018-10-15 15:52:15 +00:00
class ResetRequest ( View ) :
# Gets the URL with user in b64 and the token, and checks it
# Also cleans the database
def get ( self , request , user = None , token = None ) :
# Cleans up outdated tokens
2018-10-15 19:24:53 +00:00
# If we expect quite a bit of old tokens, maybe somewhere else is better,
# but for now we don't really expect many unused tokens
2018-10-15 15:52:15 +00:00
self . clean_db ( )
2018-10-15 19:24:53 +00:00
# If user and token are not supplied by django, it was called from somewhere else, so it's
# invalid
2018-10-15 15:52:15 +00:00
if user == None or token == None :
return HttpResponse ( ' Invalid URL. ' , status = 404 )
# extract user from b64 format
tmp_user = bytes ( user , ' utf-8 ' )
user = b64decode ( tmp_user )
user_clean = user . decode ( ' utf-8 ' )
2018-10-15 19:24:53 +00:00
# set checks_out = True if token is found in database
dbentries = ResetToken . objects . all ( ) . filter ( user = user_clean )
for entry in dbentries :
if entry . token == token :
# found the token, now delete it since it's used
checks_out = True
entry . delete ( )
# No token was found
2018-10-15 15:52:15 +00:00
if not checks_out :
return HttpResponse ( ' Invalid URL. ' , status = 404 )
2018-10-15 19:24:53 +00:00
# Token was found, supply the form
2018-10-15 15:52:15 +00:00
else :
return render ( request , ' resetpasswordnew.html ' , { ' user ' : user_clean } )
# Gets the post form with the new password and sets it
def post ( self , request ) :
service = ' reset the password '
2018-10-15 19:24:53 +00:00
# get the supplied passwords
2018-10-15 15:52:15 +00:00
password1 = request . POST . get ( " password1 " )
password2 = request . POST . get ( " password2 " )
2018-10-15 19:24:53 +00:00
# get the hidden value of user
2018-10-15 15:52:15 +00:00
user = request . POST . get ( " user " )
2018-10-15 19:24:53 +00:00
# some checks over the supplied data
if user == " " or not user :
return render ( request , ' error.html ' , { ' service ' : service , ' error ' : ' Something went wrong. Did you use the supplied form? ' } )
2018-10-15 15:52:15 +00:00
if password1 == " " or not password1 or password2 == " " or not password2 :
return render ( request , ' error.html ' , { ' service ' : service , ' error ' : ' Please supply a password and confirm it. ' } )
if password1 != password2 :
return render ( request , ' error.html ' , { ' service ' : service , ' error ' : ' The supplied passwords do not match. ' } )
2018-10-23 17:41:49 +00:00
if len ( password1 ) < 8 :
return render ( request , ' error.html ' , { ' service ' : service , ' error ' : ' The password is too short, please use a longer one. At least 8 characters. ' } )
2018-10-15 19:24:53 +00:00
# everything checks out, now change the password
2018-10-15 15:52:15 +00:00
with get_pool ( ) . next ( ) as rpc :
pwd = r ' %s ' % password1
result = rpc . changepassword . change_password ( user , pwd )
2018-10-15 19:24:53 +00:00
# password change successfull
2018-10-15 15:52:15 +00:00
if result == True :
return render ( request , ' changedpassword.html ' , { ' user ' : user } )
2018-10-15 19:24:53 +00:00
# Something went wrong while changing the password
2018-10-15 15:52:15 +00:00
else :
return render ( request , ' error.html ' , { ' service ' : service , ' error ' : result } )
# Cleans up outdated tokens
def clean_db ( self ) :
2018-10-15 19:24:53 +00:00
# cutoff time is set to 24h hours
# using utcnow() to have no headache with timezones
cutoff = int ( datetime . utcnow ( ) . timestamp ( ) ) - ( 24 * 60 * 60 )
# Get all tokens older than 24 hours
oldtokens = ResetToken . objects . all ( ) . filter ( creation__lt = cutoff )
for token in oldtokens :
# delete all tokens older than 24 hours
token . delete ( )
return True
2018-10-09 17:49:47 +00:00
# The logged in user can change the password here
class ChangePassword ( View ) :
# Presents the page for a logged in user
def get ( self , request ) :
if not request . user . is_authenticated :
return render ( request , ' mustbeloggedin.html ' )
return render ( request , ' changepassword.html ' , { ' user ' : request . user } )
2019-01-26 13:02:37 +00:00
2018-10-09 17:49:47 +00:00
# Does some checks on the supplied data and changes the password
def post ( self , request ) :
# Variables for the error page
urlname = ' change_password '
service = ' change the password '
if not request . user . is_authenticated :
return render ( request , ' mustbeloggedin.html ' )
2018-10-10 16:07:22 +00:00
login ( request , request . user )
2018-10-14 17:21:17 +00:00
user = str ( request . user )
2018-10-09 17:49:47 +00:00
oldpassword = request . POST . get ( ' oldpassword ' )
check = authenticate ( request , username = user , password = oldpassword )
# Is the right password for the user supplied?
if check is None :
return render ( request , ' error.html ' , { ' urlname ' : urlname , ' service ' : service , ' error ' : ' Wrong password for the user. ' } )
password1 = request . POST . get ( ' password1 ' )
password2 = request . POST . get ( ' password2 ' )
# Are both passwords from the form the same?
if password1 != password2 :
2019-01-26 13:02:37 +00:00
return render ( request , ' error.html ' , { ' urlname ' : urlname , ' service ' : service ,
2018-10-09 17:49:47 +00:00
' error ' : ' Please check if you typed the same password both times for the new password ' } )
2018-10-23 17:41:49 +00:00
# Check for password length
if len ( password1 ) < 8 :
return render ( request , ' error.html ' , { ' urlname ' : urlname , ' service ' : service ,
' error ' : ' The password is too short, please use a longer one. At least 8 characters. ' } )
2018-10-14 15:48:11 +00:00
with get_pool ( ) . next ( ) as rpc :
2018-10-14 19:40:36 +00:00
# Trying to change the password
pwd = r ' %s ' % password1
result = rpc . changepassword . change_password ( user , pwd )
2018-10-14 15:48:11 +00:00
# Password was changed
if result == True :
2018-10-09 17:49:47 +00:00
return render ( request , ' changedpassword.html ' , { ' user ' : user } )
2018-10-14 15:48:11 +00:00
# Password not changed, instead got some kind of error
2018-10-09 17:49:47 +00:00
else :
2018-10-14 15:48:11 +00:00
return render ( request , ' error.html ' , { ' urlname ' : urlname , ' service ' : service , ' error ' : result } )
2018-10-09 17:49:47 +00:00
2018-10-14 15:48:11 +00:00
# Deletes an account
2018-10-09 17:49:47 +00:00
class DeleteAccount ( View ) :
2018-10-14 15:48:11 +00:00
# Show the basic form for deleting an account
2018-10-09 17:49:47 +00:00
def get ( self , request ) :
2018-10-10 12:13:49 +00:00
return render ( request , ' deleteaccount.html ' )
2018-10-09 17:49:47 +00:00
2018-10-14 15:48:11 +00:00
# Reads the filled out form
2018-10-10 12:13:49 +00:00
def post ( self , request ) :
# Variables for error page
urlname = ' account_delete '
service = ' delete an account '
# Does the user exist?
2018-10-10 16:07:22 +00:00
username = request . POST . get ( ' username ' )
2018-10-10 12:13:49 +00:00
if not check_user_exists ( username ) :
return render ( request , ' error.html ' , { ' urlname ' : urlname , ' service ' : service , ' error ' : ' Unknown user. ' } )
# Do user and password match?
2018-10-10 16:07:22 +00:00
password = request . POST . get ( ' password ' )
2018-10-14 19:40:36 +00:00
pwd = r ' %s ' % password
check = authenticate ( request , username = username , password = pwd )
2018-10-10 12:13:49 +00:00
if check is None :
return render ( request , ' error.html ' , { ' urlname ' : urlname , ' service ' : service , ' error ' : ' Wrong password for user. ' } )
2019-01-26 13:02:37 +00:00
2018-10-10 12:13:49 +00:00
# Try to delete the user
2018-10-14 15:48:11 +00:00
with get_pool ( ) . next ( ) as rpc :
2018-10-14 17:21:17 +00:00
result = rpc . deleteuser . delete_user ( username )
2018-10-14 15:48:11 +00:00
# User deleted
if result == True :
2018-10-14 17:21:17 +00:00
logout ( request )
2018-10-10 12:13:49 +00:00
return render ( request , ' deleteduser.html ' , { ' user ' : username } )
2018-10-14 15:48:11 +00:00
# User not deleted, got some kind of error
else :
return render ( request , ' error.html ' , { ' urlname ' : urlname , ' service ' : service , ' error ' : result } )
2018-10-09 17:49:47 +00:00
2018-10-15 19:24:53 +00:00
# Log out the session
2018-10-14 17:21:17 +00:00
class LogOut ( View ) :
def get ( self , request ) :
logout ( request )
return HttpResponse ( " You have been logged out. " , status = 200 )
2019-01-26 14:19:58 +00:00
# TO be clarified
# To trick the tokengenerator to work with us, because we don't really
# have the expected user Class since we are reading the user from a form
# We store the tokens and don't have to use the check function,
# some one time data works fine.
class LastLogin ( ) :
def replace ( self , microsecond = 0 , tzinfo = None ) :
return randint ( 1 , 100000 )
class PseudoUser ( ) :
# easiest way to handle the check for lastlogin
last_login = LastLogin ( )
# random alphanumeric strings for primary key and password, just used for token generation
pk = ' ' . join ( choice ( string . ascii_letters + string . digits ) for _ in range ( 20 ) )
password = ' ' . join ( choice ( string . ascii_letters + string . digits ) for _ in range ( 30 ) )