2018-10-09 17:49:47 +00:00
from django . shortcuts import render
from django . views . generic import View
2018-10-14 17:21:17 +00:00
from django . contrib . auth import authenticate , login , logout
2018-10-09 17:49:47 +00:00
from django . contrib . auth . models import User
from django . http import HttpResponse , HttpResponseRedirect
2018-10-14 15:48:11 +00:00
from django . core . validators import validate_email , ValidationError
2018-10-09 17:49:47 +00:00
from django . urls import reverse_lazy
2018-10-14 15:48:11 +00:00
from django_nameko import get_pool
2018-10-15 15:52:15 +00:00
from django . contrib . auth . tokens import PasswordResetTokenGenerator
from base64 import b64encode , b64decode
from datetime import datetime
2018-10-09 17:49:47 +00:00
# Check to see if the username is already taken
# Helper function, not to be set up as a view
2018-10-14 15:48:11 +00:00
# Check the LDAP if the user exists
2018-10-09 17:49:47 +00:00
def check_user_exists ( username ) :
2018-10-14 15:48:11 +00:00
with get_pool ( ) . next ( ) as rpc :
return rpc . userlookup . lookup ( username )
2018-10-09 17:49:47 +00:00
# The index page
# If there's a session open, it will give the user the options he/she/it can do, if not,
# it will show a landing page explaining what this is and prompt them to login
class Index ( View ) :
# Basic binary choice, if it is an authenticated user, go straight to the options page,
# if not, then show the landing page
def get ( self , request ) :
2018-10-10 16:07:22 +00:00
if request . user . is_authenticated :
return render ( request , ' useroptions.html ' , { ' user ' : request . user } )
2018-10-09 17:49:47 +00:00
return render ( request , ' landing.html ' )
# Basically does the same as the GET request, just with trying to login the user beforehand
# Shows an errorpage if authentication fails, since just looping to the landing page
# would be frustrating
def post ( self , request ) :
username = request . POST . get ( ' username ' )
password = request . POST . get ( ' password ' )
2018-10-14 19:40:36 +00:00
pwd = r ' %s ' % password
user = authenticate ( request , username = username , password = pwd )
2018-10-09 17:49:47 +00:00
if user is not None :
login ( request , user )
2018-10-10 16:07:22 +00:00
return render ( request , ' useroptions.html ' , { ' user ' : user } )
2018-10-09 17:49:47 +00:00
return render ( request , ' loginfailed.html ' )
# Registering a user
class Register ( View ) :
# Someone wants to register, throw up the page for that
def get ( self , request ) :
return render ( request , ' registeruser.html ' )
# Someone filled out the register page, do some basic checks and throw it at nameko
def post ( self , request ) :
# message for the error template
2018-10-10 16:07:22 +00:00
service = ' register an user '
2018-10-09 17:49:47 +00:00
# urlname for 'go back' on the errorpage
urlname = ' register '
username = request . POST . get ( ' username ' )
2018-10-14 16:17:59 +00:00
if username == " " or not username :
return render ( request , ' error.html ' , { ' urlname ' : urlname , ' service ' : service , ' error ' : ' Please supply a username. ' } )
2018-10-09 17:49:47 +00:00
# Check to see if username is already taken
# isalnum() may be a bit harsh, but is the most logical choice to make sure it's a username we
# can use
2018-10-14 19:45:03 +00:00
if not username . isalnum ( ) :
2018-10-14 19:40:36 +00:00
return render ( request , ' error.html ' , { ' urlname ' : urlname , ' service ' : service , ' error ' : ' Username has to be alphanumeric. ' } )
2018-10-14 19:45:03 +00:00
elif check_user_exists ( username ) :
return render ( request , ' error.html ' , { ' urlname ' : urlname , ' service ' : service , ' error ' : ' User already exists. ' } )
2018-10-09 17:49:47 +00:00
password1 = request . POST . get ( ' password1 ' )
password2 = request . POST . get ( ' password2 ' )
# check if the supplied passwords match
if password1 != password2 :
2018-10-14 19:40:36 +00:00
return render ( request , ' error.html ' , { ' urlname ' : urlname , ' service ' : service ,
2018-10-14 15:48:11 +00:00
' error ' : ' Your passwords did not match. Please supply the same password twice. ' } )
2018-10-09 17:49:47 +00:00
email = request . POST . get ( ' email ' )
# Is the emailaddress valid?
2018-10-14 15:48:11 +00:00
try :
validate_email ( email )
except ValidationError :
2018-10-14 19:40:36 +00:00
return render ( request , ' error.html ' , { ' urlname ' : urlname , ' service ' : service , ' error ' : ' The supplied email address is invalid. ' } )
2018-10-14 15:48:11 +00:00
2018-10-09 17:49:47 +00:00
firstname = request . POST . get ( ' firstname ' )
lastname = request . POST . get ( ' lastname ' )
2018-10-14 15:48:11 +00:00
if firstname == " " or not firstname or lastname == " " or not lastname :
2018-10-14 19:40:36 +00:00
return render ( request , ' error.html ' , { ' urlname ' : urlname , ' service ' : service , ' error ' : ' Please enter your firstname and lastname. ' } )
2018-10-10 12:13:49 +00:00
# throw it to nameko to create the user
2018-10-14 15:48:11 +00:00
with get_pool ( ) . next ( ) as rpc :
2018-10-14 19:40:36 +00:00
# so nothing strange happens if there are escapable chars
pwd = r ' %s ' % password1
result = rpc . createuser . create_user ( username , pwd , firstname , lastname , email )
2018-10-14 15:48:11 +00:00
if result == True :
return render ( request , ' usercreated.html ' , { ' user ' : username } )
else :
return render ( request , ' error.html ' , { ' urlname ' : urlname , ' service ' : service , ' error ' : result } )
2018-10-09 17:49:47 +00:00
# Change user data for logged in users
class ChangeData ( View ) :
2018-10-14 15:48:11 +00:00
2018-10-09 17:49:47 +00:00
# provide the form for the change request
def get ( self , request ) :
2018-10-14 15:48:11 +00:00
urlname = ' change_data '
service = ' get default data for logged in user '
2018-10-09 17:49:47 +00:00
if not request . user . is_authenticated :
return render ( request , ' mustbeloggedin.html ' )
user = request . user
2018-10-10 16:07:22 +00:00
login ( request , user )
2018-10-10 12:13:49 +00:00
# get basic data (firstname, lastname, email)
2018-10-14 15:48:11 +00:00
with get_pool ( ) . next ( ) as rpc :
2018-10-14 17:21:17 +00:00
( state , firstname , lastname , email ) = rpc . getuserdata . get_data ( str ( request . user ) )
2018-10-14 15:48:11 +00:00
# If it throws an error, the errormessage gets put into firstname.. not great naming, but works best this way
if state == " error " :
return render ( request , ' error.html ' , { ' urlname ' : urlname , ' service ' : service , ' error ' : firstname } )
2018-10-09 17:49:47 +00:00
# The template puts the old data as standard in the fields
2018-10-14 15:48:11 +00:00
else :
2018-10-14 17:21:17 +00:00
return render ( request , ' changeuserdata.html ' , { ' user ' : str ( request . user ) , ' firstname ' : firstname , ' lastname ' : lastname , ' email ' : email } )
2018-10-09 17:49:47 +00:00
# get the change request
def post ( self , request ) :
# variables for the error page
2018-10-10 16:07:22 +00:00
service = ' change user data '
2018-10-09 17:49:47 +00:00
urlname = ' change_data '
if not request . user . is_authenticated :
return render ( request , ' mustbeloggedin.html ' )
2018-10-14 17:21:17 +00:00
user = str ( request . user )
2018-10-09 17:49:47 +00:00
firstname = request . POST . get ( ' firstname ' )
lastname = request . POST . get ( ' lastname ' )
email = request . POST . get ( ' email ' )
# Some sanity checks for the supplied data
if firstname == " " :
return render ( request , ' error.html ' , { ' urlname ' : urlname , ' service ' : service , ' error ' : ' Please enter a firstname. ' } )
elif lastname == " " :
return render ( request , ' error.html ' , { ' urlname ' : urlname , ' service ' : service , ' error ' : ' Please enter a lastname. ' } )
elif email == " " :
return render ( request , ' error.html ' , { ' urlname ' : urlname , ' service ' : service , ' error ' : ' Please enter an email. ' } )
2018-10-14 15:48:11 +00:00
try :
validate_email ( email )
except ValidationError :
2018-10-09 17:49:47 +00:00
return render ( request , ' error.html ' , { ' urlname ' : urlname , ' service ' : service , ' error ' : ' The supplied email address is invalid. ' } )
2018-10-10 12:13:49 +00:00
# Trying to change the data
2018-10-14 15:48:11 +00:00
with get_pool ( ) . next ( ) as rpc :
result = rpc . changeuserdata . change_data ( user , firstname , lastname , email )
# Data change worked
if result == True :
2018-10-09 17:49:47 +00:00
return render ( request , ' changeddata.html ' , { ' user ' : user , ' firstname ' : firstname , ' lastname ' : lastname , ' email ' : email } )
2018-10-14 15:48:11 +00:00
# Data change did not work, display error
else :
return render ( request , ' error.html ' , { ' urlname ' : urlname , ' service ' : service , ' error ' : result } )
2018-10-09 17:49:47 +00:00
# Resets the password for a user
# Will need to send a confirmation email to the user and we will need a backend
# to confirm the request came from someone who has access to the email
# Out of scope except for creating the workflow
class ResetPassword ( View ) :
# Presents the form with some information
def get ( self , request ) :
return render ( request , ' resetpassword.html ' )
# gets the data from confirming the reset request and checks if it was not a misclick
# (by having the user type in his username
def post ( self , request ) :
2018-10-10 16:07:22 +00:00
urlname = ' reset_password '
service = ' send a password reset request '
2018-10-09 17:49:47 +00:00
user = request . POST . get ( ' user ' )
2018-10-15 15:52:15 +00:00
# First, check if the user exists
if not check_user_exists ( user ) :
return render ( request , ' error.html ' , { ' urlname ' : urlname , ' service ' : service , ' error ' : ' The user does not exist. ' } )
# user exists, so try to get email
with get_pool ( ) . next ( ) as rpc :
( state , tmp1 , tmp2 , email ) = rpc . getuserdata . get_data ( user )
# Either error with the datalookup or no email provided
if state == " error " or email == ' No email given ' or not email :
return render ( request , ' error.html ' , { ' urlname ' : urlname , ' service ' : service , ' error ' : ' Unable to retrieve email address for user. ' } )
# Try to send the email out
emailsend = self . email ( user , email )
# Email got sent out
if emailsend == True :
return render ( request , ' send_resetrequest.html ' , { ' user ' : user } )
# Error while trying to send email
else :
return render ( request , ' error.html ' , { ' urlname ' : urlname , ' service ' : service , ' error ' : emailsend } )
def email ( self , user , email ) :
#TODO figure out how to send email
email_from = ' Userservice at ungleich <userservice@ungleich.ch> '
to = ' %s < %s > ' % ( user , email )
subject = ' Password reset request for %s ' % user
no - reply = True
link = self . build_reset_link ( user )
body = ' This is an automated email which was triggered by a reset request for the user %s . \n ' % user
body + = ' If you received this email in error, please disregard it. If you get multiple emails like this, please contact us to look into potential abuse. \n '
body + = ' To reset your password, please follow the link below: \n '
body + = ' %s \n \n ' % link
body + = ' The link will remain active for 24 hours. \n '
# For debug
return link
def build_reset_link ( self , user ) :
host = ' localhost:8000 '
x = PasswordResetTokenGenerator ( )
token = x . make_token ( user )
buser = bytes ( user , ' utf-8 ' )
userpart = b64encode ( buser )
d = datetime . now ( )
# TODO Make Model und put it into the database
link = ' https:// %s /reset/ %s / %s / ' % ( host , userpart . decode ( ' utf-8 ' ) , token )
return link
# Catch the resetrequest and check it
class ResetRequest ( View ) :
# Gets the URL with user in b64 and the token, and checks it
# Also cleans the database
def get ( self , request , user = None , token = None ) :
# Cleans up outdated tokens
self . clean_db ( )
if user == None or token == None :
return HttpResponse ( ' Invalid URL. ' , status = 404 )
# extract user from b64 format
tmp_user = bytes ( user , ' utf-8 ' )
user = b64decode ( tmp_user )
user_clean = user . decode ( ' utf-8 ' )
d = datetime . now ( )
#TODO write the model and check if token is still active and belongs to the user
# set checks_out = True if yes
if not checks_out :
return HttpResponse ( ' Invalid URL. ' , status = 404 )
else :
return render ( request , ' resetpasswordnew.html ' , { ' user ' : user_clean } )
# Gets the post form with the new password and sets it
def post ( self , request ) :
service = ' reset the password '
password1 = request . POST . get ( " password1 " )
password2 = request . POST . get ( " password2 " )
user = request . POST . get ( " user " )
if password1 == " " or not password1 or password2 == " " or not password2 :
return render ( request , ' error.html ' , { ' service ' : service , ' error ' : ' Please supply a password and confirm it. ' } )
if password1 != password2 :
return render ( request , ' error.html ' , { ' service ' : service , ' error ' : ' The supplied passwords do not match. ' } )
with get_pool ( ) . next ( ) as rpc :
pwd = r ' %s ' % password1
result = rpc . changepassword . change_password ( user , pwd )
if result == True :
return render ( request , ' changedpassword.html ' , { ' user ' : user } )
else :
return render ( request , ' error.html ' , { ' service ' : service , ' error ' : result } )
# Cleans up outdated tokens
def clean_db ( self ) :
# TODO write the model and use this to clean tokens > 24h old
2018-10-09 17:49:47 +00:00
# The logged in user can change the password here
class ChangePassword ( View ) :
# Presents the page for a logged in user
def get ( self , request ) :
if not request . user . is_authenticated :
return render ( request , ' mustbeloggedin.html ' )
return render ( request , ' changepassword.html ' , { ' user ' : request . user } )
# Does some checks on the supplied data and changes the password
def post ( self , request ) :
# Variables for the error page
urlname = ' change_password '
service = ' change the password '
if not request . user . is_authenticated :
return render ( request , ' mustbeloggedin.html ' )
2018-10-10 16:07:22 +00:00
login ( request , request . user )
2018-10-14 17:21:17 +00:00
user = str ( request . user )
2018-10-09 17:49:47 +00:00
oldpassword = request . POST . get ( ' oldpassword ' )
check = authenticate ( request , username = user , password = oldpassword )
# Is the right password for the user supplied?
if check is None :
return render ( request , ' error.html ' , { ' urlname ' : urlname , ' service ' : service , ' error ' : ' Wrong password for the user. ' } )
password1 = request . POST . get ( ' password1 ' )
password2 = request . POST . get ( ' password2 ' )
# Are both passwords from the form the same?
if password1 != password2 :
return render ( request , ' error.html ' , { ' urlname ' : urlname , ' service ' : service ,
' error ' : ' Please check if you typed the same password both times for the new password ' } )
2018-10-14 15:48:11 +00:00
with get_pool ( ) . next ( ) as rpc :
2018-10-14 19:40:36 +00:00
# Trying to change the password
pwd = r ' %s ' % password1
result = rpc . changepassword . change_password ( user , pwd )
2018-10-14 15:48:11 +00:00
# Password was changed
if result == True :
2018-10-09 17:49:47 +00:00
return render ( request , ' changedpassword.html ' , { ' user ' : user } )
2018-10-14 15:48:11 +00:00
# Password not changed, instead got some kind of error
2018-10-09 17:49:47 +00:00
else :
2018-10-14 15:48:11 +00:00
return render ( request , ' error.html ' , { ' urlname ' : urlname , ' service ' : service , ' error ' : result } )
2018-10-09 17:49:47 +00:00
2018-10-14 15:48:11 +00:00
# Deletes an account
2018-10-09 17:49:47 +00:00
class DeleteAccount ( View ) :
2018-10-10 12:13:49 +00:00
2018-10-14 15:48:11 +00:00
# Show the basic form for deleting an account
2018-10-09 17:49:47 +00:00
def get ( self , request ) :
2018-10-10 12:13:49 +00:00
return render ( request , ' deleteaccount.html ' )
2018-10-09 17:49:47 +00:00
2018-10-14 15:48:11 +00:00
# Reads the filled out form
2018-10-10 12:13:49 +00:00
def post ( self , request ) :
# Variables for error page
urlname = ' account_delete '
service = ' delete an account '
# Does the user exist?
2018-10-10 16:07:22 +00:00
username = request . POST . get ( ' username ' )
2018-10-10 12:13:49 +00:00
if not check_user_exists ( username ) :
return render ( request , ' error.html ' , { ' urlname ' : urlname , ' service ' : service , ' error ' : ' Unknown user. ' } )
# Do user and password match?
2018-10-10 16:07:22 +00:00
password = request . POST . get ( ' password ' )
2018-10-14 19:40:36 +00:00
pwd = r ' %s ' % password
check = authenticate ( request , username = username , password = pwd )
2018-10-10 12:13:49 +00:00
if check is None :
return render ( request , ' error.html ' , { ' urlname ' : urlname , ' service ' : service , ' error ' : ' Wrong password for user. ' } )
# Try to delete the user
2018-10-14 15:48:11 +00:00
with get_pool ( ) . next ( ) as rpc :
2018-10-14 17:21:17 +00:00
result = rpc . deleteuser . delete_user ( username )
2018-10-14 15:48:11 +00:00
# User deleted
if result == True :
2018-10-14 17:21:17 +00:00
logout ( request )
2018-10-10 12:13:49 +00:00
return render ( request , ' deleteduser.html ' , { ' user ' : username } )
2018-10-14 15:48:11 +00:00
# User not deleted, got some kind of error
else :
return render ( request , ' error.html ' , { ' urlname ' : urlname , ' service ' : service , ' error ' : result } )
2018-10-09 17:49:47 +00:00
2018-10-14 17:21:17 +00:00
class LogOut ( View ) :
def get ( self , request ) :
logout ( request )
return HttpResponse ( " You have been logged out. " , status = 200 )