From 06249d530d032a2d29fe9dfc7deac7060fedb00c Mon Sep 17 00:00:00 2001 From: downhill Date: Wed, 10 Oct 2018 18:07:22 +0200 Subject: [PATCH] wrote templates, started nameko, cleaned up a bit --- dal/dal/templates/changedataerror.html | 0 dal/dal/templates/changeddata.html | 14 ++++ dal/dal/templates/changepassword.html | 20 +++++ dal/dal/templates/changeuserdata.html | 19 +++++ dal/dal/templates/deleteaccount.html | 17 +++++ dal/dal/templates/deleteduser.html | 7 ++ dal/dal/templates/error.html | 15 ++++ dal/dal/templates/landing.html | 21 ++++++ dal/dal/templates/loginfailed.html | 11 +++ dal/dal/templates/mustbeloggedin.html | 7 ++ dal/dal/templates/registererror.html | 0 dal/dal/templates/registeruser.html | 27 +++++++ dal/dal/templates/resetpassword.html | 14 ++++ dal/dal/templates/send_resetrequest.html | 9 +++ dal/dal/templates/useroptions.html | 21 ++++++ dal/dal/views.py | 36 +++++---- nameko-func.py | 96 ++++++++++++++++++++++++ nameko.conf | 13 ++++ requirements.txt | 4 + 19 files changed, 338 insertions(+), 13 deletions(-) delete mode 100644 dal/dal/templates/changedataerror.html delete mode 100644 dal/dal/templates/registererror.html create mode 100644 dal/dal/templates/send_resetrequest.html create mode 100644 nameko-func.py create mode 100644 nameko.conf create mode 100644 requirements.txt diff --git a/dal/dal/templates/changedataerror.html b/dal/dal/templates/changedataerror.html deleted file mode 100644 index e69de29..0000000 diff --git a/dal/dal/templates/changeddata.html b/dal/dal/templates/changeddata.html index e69de29..864b1b1 100644 --- a/dal/dal/templates/changeddata.html +++ b/dal/dal/templates/changeddata.html @@ -0,0 +1,14 @@ + Userdata changed. + +

The data for {{user}} has been changed.

+

+ +

+
+ +
diff --git a/dal/dal/templates/changepassword.html b/dal/dal/templates/changepassword.html index e69de29..b8afd14 100644 --- a/dal/dal/templates/changepassword.html +++ b/dal/dal/templates/changepassword.html @@ -0,0 +1,20 @@ + Changing the password for {{user}} + +

Changing the password for {{user}}

+

+
+ +
+

+To change the password for {{user}}, please supply +
+ {% csrf_token %} +
The old password:
+ +

The new password:
+ +
Please repeat the new Password:
+ +

+ +
diff --git a/dal/dal/templates/changeuserdata.html b/dal/dal/templates/changeuserdata.html index e69de29..9293b66 100644 --- a/dal/dal/templates/changeuserdata.html +++ b/dal/dal/templates/changeuserdata.html @@ -0,0 +1,19 @@ + Changing user data for {{user}} + +

Changing user data for {{user}}

+

+
+ +
+

+
+ {% csrf_token %} +
Firstname:
+ +

Lastname:
+ +

Email:
+ +

+ +
diff --git a/dal/dal/templates/deleteaccount.html b/dal/dal/templates/deleteaccount.html index e69de29..d7bec78 100644 --- a/dal/dal/templates/deleteaccount.html +++ b/dal/dal/templates/deleteaccount.html @@ -0,0 +1,17 @@ + Deleting an Account + +

Deleting an Account

+

+
+ +
+

+To delete an account, please type the username and password below: +
+

Username:
+ +

Password:
+ +

+ +
diff --git a/dal/dal/templates/deleteduser.html b/dal/dal/templates/deleteduser.html index e69de29..4e3751d 100644 --- a/dal/dal/templates/deleteduser.html +++ b/dal/dal/templates/deleteduser.html @@ -0,0 +1,7 @@ + Deleted user {{user}} + +

The user {{user}} was deleted from our system.

+
+
+ +
diff --git a/dal/dal/templates/error.html b/dal/dal/templates/error.html index e69de29..b13c1c8 100644 --- a/dal/dal/templates/error.html +++ b/dal/dal/templates/error.html @@ -0,0 +1,15 @@ + An error has occurred! + +

We are sorry, an error has occured while handling your request.

+ +While trying to {{service}}, an error was encountered: {{error}} +

+You can try to: +
+
+ +
+
or
+
+ +
diff --git a/dal/dal/templates/landing.html b/dal/dal/templates/landing.html index e69de29..f6dfb0d 100644 --- a/dal/dal/templates/landing.html +++ b/dal/dal/templates/landing.html @@ -0,0 +1,21 @@ + Welcome to the ungleich user service + +

Welcome to the ungleich user service

+

+If you want to use the user service, you will need an account on our system. If you already have one, please login below: +
+

Username:
+ +

Password:
+ +
+ +
+

If you have an account, but forgot your password, please visit our password reset page: +
+ +
+

If you don't have an account, please register yourself with us: +
+ +
diff --git a/dal/dal/templates/loginfailed.html b/dal/dal/templates/loginfailed.html index e69de29..5bd0e4a 100644 --- a/dal/dal/templates/loginfailed.html +++ b/dal/dal/templates/loginfailed.html @@ -0,0 +1,11 @@ + Login failed! + +

Sorry, but your login has failed

+

This service runs for our LDAP users, so maybe you don't already have an LDAP account with us? If so, please register one. +
+ +
+

+
+ +
diff --git a/dal/dal/templates/mustbeloggedin.html b/dal/dal/templates/mustbeloggedin.html index e69de29..031fbf3 100644 --- a/dal/dal/templates/mustbeloggedin.html +++ b/dal/dal/templates/mustbeloggedin.html @@ -0,0 +1,7 @@ + You must be logged in to access this page + +

You must be logged in to access this page

+

+
+ +
diff --git a/dal/dal/templates/registererror.html b/dal/dal/templates/registererror.html deleted file mode 100644 index e69de29..0000000 diff --git a/dal/dal/templates/registeruser.html b/dal/dal/templates/registeruser.html index e69de29..6412db1 100644 --- a/dal/dal/templates/registeruser.html +++ b/dal/dal/templates/registeruser.html @@ -0,0 +1,27 @@ + Register an user at ungleich + +

Register an user at ungleich

+

+
+ +
+

+To register yourself an user, please fill out the fields below: +
+
+ {% csrf_token %} +
Username (alphanumeric):
+ +
Password:
+ +
Please confirm your Password:
+ +
Firstname:
+ +
Lastname:
+ +
Emailaddress:
+ +
+ +
diff --git a/dal/dal/templates/resetpassword.html b/dal/dal/templates/resetpassword.html index e69de29..4d4c080 100644 --- a/dal/dal/templates/resetpassword.html +++ b/dal/dal/templates/resetpassword.html @@ -0,0 +1,14 @@ + Password reset + +

Password reset

+

+To reset your password, please enter your username below. You will get an email asking you to confirm this and after confirmation an email with your +temporary password. Please remember to change it immediately after logging in. +
+
+ {% csrf_token %} + Username:
+ +
+ +
diff --git a/dal/dal/templates/send_resetrequest.html b/dal/dal/templates/send_resetrequest.html new file mode 100644 index 0000000..7da946d --- /dev/null +++ b/dal/dal/templates/send_resetrequest.html @@ -0,0 +1,9 @@ + Reset request processed and confirmation email sent + +

Reset request processed and confirmation email sent

+

+You will shortly get the confirmation email at {{email}} to confirm that you wish to reset the password for {{user}}. +

+
+ +
diff --git a/dal/dal/templates/useroptions.html b/dal/dal/templates/useroptions.html index e69de29..4ce5597 100644 --- a/dal/dal/templates/useroptions.html +++ b/dal/dal/templates/useroptions.html @@ -0,0 +1,21 @@ + Options for {{user}} + +

Welcome, {{user}}

+

+You have the following options: +
+
+ +
+
+
+ +
+
+
+ +
+
+
+ +
diff --git a/dal/dal/views.py b/dal/dal/views.py index 99f1fce..45e74e4 100644 --- a/dal/dal/views.py +++ b/dal/dal/views.py @@ -9,6 +9,9 @@ from django.urls import reverse_lazy # Check to see if the username is already taken # Helper function, not to be set up as a view +# First checks the DB, since ldap parks users there +# After that, check LDAP directly if the user just never +# logged in def check_user_exists(username): if User.objects.filter(username=username).exists(): return True @@ -25,8 +28,8 @@ class Index(View): # Basic binary choice, if it is an authenticated user, go straight to the options page, # if not, then show the landing page def get(self, request): - if request.user: - return render(request, 'useroptions.html') + if request.user.is_authenticated: + return render(request, 'useroptions.html', { 'user': request.user } ) return render(request, 'landing.html') # Basically does the same as the GET request, just with trying to login the user beforehand @@ -38,7 +41,7 @@ class Index(View): user = authenticate(request, username=username, password=password) if user is not None: login(request, user) - return render(request, 'useroptions.html') + return render(request, 'useroptions.html', { 'user': user } ) return render(request, 'loginfailed.html') @@ -53,12 +56,12 @@ class Register(View): # Someone filled out the register page, do some basic checks and throw it at nameko def post(self, request): # message for the error template - service = 'Registering an user' + service = 'register an user' # urlname for 'go back' on the errorpage urlname = 'register' username = request.POST.get('username') # Check to see if username is already taken - if self.check_user_exists(username): + if check_user_exists(username): return render(request, 'registererror.html', { 'urlname': urlname, 'service': service, 'error': 'User already exists.' } ) # isalnum() may be a bit harsh, but is the most logical choice to make sure it's a username we # can use @@ -83,6 +86,9 @@ class Register(View): return render(request, 'usercreated.html', { 'user': username } ) return render(request, 'error.html', { 'urlname': urlname, 'service': service, 'error': 'Unknown error while creating the user.' } ) + def create_user(self, username, password, firstname, lastname, email): + #TODO: write nameko function to create a user + return True @@ -95,6 +101,7 @@ class ChangeData(View): if not request.user.is_authenticated: return render(request, 'mustbeloggedin.html') user = request.user + login(request, user) # get basic data (firstname, lastname, email) (firstname, lastname, email) = self.get_data(user) # The template puts the old data as standard in the fields @@ -103,7 +110,7 @@ class ChangeData(View): # get the change request def post(self, request): # variables for the error page - service = 'changing user data' + service = 'change user data' urlname = 'change_data' if not request.user.is_authenticated: @@ -150,17 +157,19 @@ class ResetPassword(View): # gets the data from confirming the reset request and checks if it was not a misclick # (by having the user type in his username def post(self, request): + urlname = 'reset_password' + service = 'send a password reset request' user = request.POST.get('user') if check_user_exists(user): # TODO: Get a good backend for reset requests # Sending the reset request - self.send_resetrequest(user) - return render(request, 'send_resetrequest.html', { 'user': user } ) - return render(request, 'must_confirm_reset.html') + email = self.send_resetrequest(user) + return render(request, 'send_resetrequest.html', { 'user': user, 'email': email } ) + return render(request, 'error.html', { 'urlname': urlname, 'service': service, 'error': 'The user does not exist.' } ) def send_resetrequest(self, user): #TODO: call nameko to get the associated email and send a confirmation mail - return True + return "test@example.com" # The logged in user can change the password here @@ -181,7 +190,8 @@ class ChangePassword(View): if not request.user.is_authenticated: return render(request, 'mustbeloggedin.html') - + login(request, request.user) + user = request.user oldpassword = request.POST.get('oldpassword') check = authenticate(request, username=user, password=oldpassword) @@ -221,12 +231,12 @@ class DeleteAccount(View): service = 'delete an account' # Does the user exist? - username = request.POST.username + username = request.POST.get('username') if not check_user_exists(username): return render(request, 'error.html', { 'urlname': urlname, 'service': service, 'error': 'Unknown user.' } ) # Do user and password match? - password = request.POST.username + password = request.POST.get('password') check = authenticate(request, username=username, password=password) if check is None: return render(request, 'error.html', { 'urlname': urlname, 'service': service, 'error': 'Wrong password for user.' } ) diff --git a/nameko-func.py b/nameko-func.py new file mode 100644 index 0000000..6a4925b --- /dev/null +++ b/nameko-func.py @@ -0,0 +1,96 @@ +from nameko.events import EventDispatcher, event_handler +from nameko.rpc import rpc +from configparser import ConfigParser +import ldap3 + +config = ConfigParser() +config.read('nameko.conf') + +try: + mult_server = int(config['LDAP']['SERVERMULTIPLE']) +except: + exit("[LDAP] SERVERMULTIPLE has to be an integer >= 1") +if mult_server < 1: + exit("[LDAP] SERVERMULTIPLE has to be an integer >= 1") + +class UserLookUp(object): + name = "userlookup" + dispatch = EventDispatcher() + + @rpc + def lookup(self, user): + LDAP_UID = 'uid=%s' % user + LDAP_USER_SEARCH = LDAP_UID + config['LDAP']['LDAPDATA'] + + +class CreateUser(object): + name = "createuser" + dispatch = EventDispatcher() + + @rpc + def create_user(self, user, password, firstname, lastname, email): + return "To be done" + + +class GetUserData(object): + name = "getuserdata" + dispatch = EventDispatcher() + + @rpc + def get_data(self, user): + return "To be done" + +class ChangeUserData(object): + name = "changeuserdata" + dispatch = EventDispatcher() + + @rpc + def change_data(self, user, firstname, lastname, email): + return "To be done" + + +class PasswordResetRequest(object): + name = "passwordresetrequest" + dispatch = EventDispatcher() + + @rpc + def send_request(self, user): + return "To be done" + + +class ChangePassword(object): + name = "changepassword" + dispatch = EventDispatcher() + + @rpc + def change_password(self, user, oldpassword, newpassword): + return "To be done" + + +class DeleteUser(object): + name = "deleteuser" + dispatch = EventDispatcher() + + @rpc + def delete_user(self, user): + return "To be done" + + +class Log(object): + name = "log" + ldaplog = config['System']['LOGDIR'] + '/ldap.log' + + + # Gets all the dispatches with 'ldap' and writes them into the ldap.log + @event_handler('userlookup', 'ldap') + @event_handler('createuser', 'ldap') + @event_handler('getuserdata', 'ldap') + @event_handler('changeuserdata', 'ldap') + @event_handler('passwordresetrequest', 'ldap') + @event_handler('changepassword', 'ldap') + @event_handler('deleteuser', 'ldap') + def event_handler_ldap(self, payload): + f = open(self.ldaplog, mode='a', encoding='utf-8') + f.write(payload) + f.close + diff --git a/nameko.conf b/nameko.conf new file mode 100644 index 0000000..f35b263 --- /dev/null +++ b/nameko.conf @@ -0,0 +1,13 @@ +[System] + +RABBITMQ = guest:guest@localhost + +LOGDIR = /home/downhill/ungleich/dal/ + +[LDAP] + +SERVERMULTIPLE = 1 + +LDAPSERVER1 = localhost + +LDAPDATA = ,ou=customers,dc=foo,dc=bar diff --git a/requirements.txt b/requirements.txt new file mode 100644 index 0000000..be5535b --- /dev/null +++ b/requirements.txt @@ -0,0 +1,4 @@ +django>=2.1.2 +django-auth-ldap>=1.7.0 +nameko>=2.11.0 +ldap3>=2.5.1