ungleich-user/dal/dal/views.py

261 lines
12 KiB
Python
Raw Normal View History

2018-10-09 17:49:47 +00:00
from django.shortcuts import render
from django.views.generic import View
from django.contrib.auth import authenticate, login
from django.contrib.auth.models import User
from django.http import HttpResponse, HttpResponseRedirect
from django.core.validators import validate_email, ValidationError
2018-10-09 17:49:47 +00:00
from django.urls import reverse_lazy
from django_nameko import get_pool
2018-10-09 17:49:47 +00:00
# Check to see if the username is already taken
# Helper function, not to be set up as a view
# Check the LDAP if the user exists
2018-10-09 17:49:47 +00:00
def check_user_exists(username):
with get_pool().next() as rpc:
return rpc.userlookup.lookup(username)
2018-10-09 17:49:47 +00:00
# The index page
# If there's a session open, it will give the user the options he/she/it can do, if not,
# it will show a landing page explaining what this is and prompt them to login
class Index(View):
# Basic binary choice, if it is an authenticated user, go straight to the options page,
# if not, then show the landing page
def get(self, request):
if request.user.is_authenticated:
return render(request, 'useroptions.html', { 'user': request.user } )
2018-10-09 17:49:47 +00:00
return render(request, 'landing.html')
# Basically does the same as the GET request, just with trying to login the user beforehand
# Shows an errorpage if authentication fails, since just looping to the landing page
# would be frustrating
def post(self, request):
username = request.POST.get('username')
password = request.POST.get('password')
user = authenticate(request, username=username, password=password)
if user is not None:
login(request, user)
return render(request, 'useroptions.html', { 'user': user } )
2018-10-09 17:49:47 +00:00
return render(request, 'loginfailed.html')
# Registering a user
class Register(View):
# Someone wants to register, throw up the page for that
def get(self, request):
return render(request, 'registeruser.html')
# Someone filled out the register page, do some basic checks and throw it at nameko
def post(self, request):
# message for the error template
service = 'register an user'
2018-10-09 17:49:47 +00:00
# urlname for 'go back' on the errorpage
urlname = 'register'
username = request.POST.get('username')
2018-10-14 16:17:59 +00:00
if username == "" or not username:
return render(request, 'error.html', { 'urlname': urlname, 'service': service, 'error': 'Please supply a username.' } )
2018-10-09 17:49:47 +00:00
# Check to see if username is already taken
if check_user_exists(username):
2018-10-09 17:49:47 +00:00
return render(request, 'registererror.html', { 'urlname': urlname, 'service': service, 'error': 'User already exists.' } )
# isalnum() may be a bit harsh, but is the most logical choice to make sure it's a username we
# can use
elif not username.isalnum():
return render(request, 'registererror.html', { 'urlname': urlname, 'service': service, 'error': 'Username has to be alphanumeric.' } )
password1 = request.POST.get('password1')
password2 = request.POST.get('password2')
# check if the supplied passwords match
if password1 != password2:
return render(request, 'registererror.html', { 'urlname': urlname, 'service': service,
'error': 'Your passwords did not match. Please supply the same password twice.' } )
2018-10-09 17:49:47 +00:00
email = request.POST.get('email')
# Is the emailaddress valid?
try:
validate_email(email)
except ValidationError:
2018-10-09 17:49:47 +00:00
return render(request, 'registererror.html', { 'urlname': urlname, 'service': service, 'error': 'The supplied email address is invalid.' } )
2018-10-09 17:49:47 +00:00
firstname = request.POST.get('firstname')
lastname = request.POST.get('lastname')
if firstname == "" or not firstname or lastname == "" or not lastname:
2018-10-09 17:49:47 +00:00
return render(request, 'registererror.html', { 'urlname': urlname, 'service': service, 'error': 'Please enter your firstname and lastname.' } )
2018-10-10 12:13:49 +00:00
# throw it to nameko to create the user
with get_pool().next() as rpc:
result = rpc.createuser.create_user(username, password1, firstname, lastname, email)
if result == True:
return render(request, 'usercreated.html', { 'user': username } )
else:
return render(request, 'error.html', { 'urlname': urlname, 'service': service, 'error': result } )
2018-10-09 17:49:47 +00:00
# Change user data for logged in users
class ChangeData(View):
2018-10-09 17:49:47 +00:00
# provide the form for the change request
def get(self, request):
urlname = 'change_data'
service = 'get default data for logged in user'
2018-10-09 17:49:47 +00:00
if not request.user.is_authenticated:
return render(request, 'mustbeloggedin.html')
user = request.user
login(request, user)
2018-10-10 12:13:49 +00:00
# get basic data (firstname, lastname, email)
with get_pool().next() as rpc:
(state, firstname, lastname, email) = rpc.getuserdata.get_data(user)
# If it throws an error, the errormessage gets put into firstname.. not great naming, but works best this way
if state == "error":
return render(request, 'error.html', { 'urlname': urlname, 'service': service, 'error': firstname } )
2018-10-09 17:49:47 +00:00
# The template puts the old data as standard in the fields
else:
return render(request, 'changeuserdata.html', { 'user': user, 'firstname': firstname, 'lastname': lastname, 'email': email } )
2018-10-09 17:49:47 +00:00
# get the change request
def post(self, request):
# variables for the error page
service = 'change user data'
2018-10-09 17:49:47 +00:00
urlname = 'change_data'
if not request.user.is_authenticated:
return render(request, 'mustbeloggedin.html')
user = request.user
firstname = request.POST.get('firstname')
lastname = request.POST.get('lastname')
email = request.POST.get('email')
# Some sanity checks for the supplied data
if firstname == "":
return render(request, 'error.html', { 'urlname': urlname, 'service': service, 'error': 'Please enter a firstname.' } )
elif lastname == "":
return render(request, 'error.html', { 'urlname': urlname, 'service': service, 'error': 'Please enter a lastname.' } )
elif email == "":
return render(request, 'error.html', { 'urlname': urlname, 'service': service, 'error': 'Please enter an email.' } )
try:
validate_email(email)
except ValidationError:
2018-10-09 17:49:47 +00:00
return render(request, 'error.html', { 'urlname': urlname, 'service': service, 'error': 'The supplied email address is invalid.' } )
2018-10-10 12:13:49 +00:00
# Trying to change the data
with get_pool().next() as rpc:
result = rpc.changeuserdata.change_data(user, firstname, lastname, email)
# Data change worked
if result == True:
2018-10-09 17:49:47 +00:00
return render(request, 'changeddata.html', { 'user': user, 'firstname': firstname, 'lastname': lastname, 'email': email } )
# Data change did not work, display error
else:
return render(request, 'error.html', { 'urlname': urlname, 'service': service, 'error': result } )
2018-10-09 17:49:47 +00:00
# Resets the password for a user
# Will need to send a confirmation email to the user and we will need a backend
# to confirm the request came from someone who has access to the email
# Out of scope except for creating the workflow
class ResetPassword(View):
# Presents the form with some information
def get(self, request):
return render(request, 'resetpassword.html')
# gets the data from confirming the reset request and checks if it was not a misclick
# (by having the user type in his username
def post(self, request):
urlname = 'reset_password'
service = 'send a password reset request'
2018-10-09 17:49:47 +00:00
user = request.POST.get('user')
if check_user_exists(user):
2018-10-10 12:13:49 +00:00
# TODO: Get a good backend for reset requests
# Sending the reset request
email = self.send_resetrequest(user)
return render(request, 'send_resetrequest.html', { 'user': user, 'email': email } )
return render(request, 'error.html', { 'urlname': urlname, 'service': service, 'error': 'The user does not exist.' } )
2018-10-09 17:49:47 +00:00
def send_resetrequest(self, user):
#TODO: call nameko to get the associated email and send a confirmation mail
return "test@example.com"
2018-10-09 17:49:47 +00:00
# The logged in user can change the password here
class ChangePassword(View):
# Presents the page for a logged in user
def get(self, request):
if not request.user.is_authenticated:
return render(request, 'mustbeloggedin.html')
return render(request, 'changepassword.html', { 'user': request.user } )
# Does some checks on the supplied data and changes the password
def post(self, request):
# Variables for the error page
urlname = 'change_password'
service = 'change the password'
if not request.user.is_authenticated:
return render(request, 'mustbeloggedin.html')
login(request, request.user)
2018-10-09 17:49:47 +00:00
user = request.user
oldpassword = request.POST.get('oldpassword')
check = authenticate(request, username=user, password=oldpassword)
# Is the right password for the user supplied?
if check is None:
return render(request, 'error.html', { 'urlname': urlname, 'service': service, 'error': 'Wrong password for the user.' } )
password1 = request.POST.get('password1')
password2 = request.POST.get('password2')
# Are both passwords from the form the same?
if password1 != password2:
return render(request, 'error.html', { 'urlname': urlname, 'service': service,
'error': 'Please check if you typed the same password both times for the new password' } )
with get_pool().next() as rpc:
2018-10-10 12:13:49 +00:00
# Trying to change the password
result = rpc.changepassword.change_password(user, password1)
# Password was changed
if result == True:
2018-10-09 17:49:47 +00:00
return render(request, 'changedpassword.html', { 'user': user } )
# Password not changed, instead got some kind of error
2018-10-09 17:49:47 +00:00
else:
return render(request, 'error.html', { 'urlname': urlname, 'service': service, 'error': result } )
2018-10-09 17:49:47 +00:00
# Deletes an account
2018-10-09 17:49:47 +00:00
class DeleteAccount(View):
2018-10-10 12:13:49 +00:00
# Show the basic form for deleting an account
2018-10-09 17:49:47 +00:00
def get(self, request):
2018-10-10 12:13:49 +00:00
return render(request, 'deleteaccount.html')
2018-10-09 17:49:47 +00:00
# Reads the filled out form
2018-10-10 12:13:49 +00:00
def post(self, request):
# Variables for error page
urlname = 'account_delete'
service = 'delete an account'
# Does the user exist?
username = request.POST.get('username')
2018-10-10 12:13:49 +00:00
if not check_user_exists(username):
return render(request, 'error.html', { 'urlname': urlname, 'service': service, 'error': 'Unknown user.' } )
# Do user and password match?
password = request.POST.get('password')
2018-10-10 12:13:49 +00:00
check = authenticate(request, username=username, password=password)
if check is None:
return render(request, 'error.html', { 'urlname': urlname, 'service': service, 'error': 'Wrong password for user.' } )
# Try to delete the user
with get_pool().next() as rpc:
result = rpc.deleteuser.delete_user(user)
# User deleted
if result == True:
2018-10-10 12:13:49 +00:00
return render(request, 'deleteduser.html', { 'user': username } )
# User not deleted, got some kind of error
else:
return render(request, 'error.html', { 'urlname': urlname, 'service': service, 'error': result } )
2018-10-09 17:49:47 +00:00
2018-10-10 12:13:49 +00:00