Fixed typos and bugs, running okay on testenv

4 years ago · 789b6e4ecf
8 changed files with 56 additions and 21 deletions
--- a/dal/dal/settings.py
+++ b/dal/dal/settings.py
@ -96,10 +96,10 @@ MIDDLEWARE = [

 # Backend for auth

-#AUTHENTICATION_BACKENDS = (
-#    'django_auth_ldap.backend.LDAPBackend',
+AUTHENTICATION_BACKENDS = (
+    'django_auth_ldap.backend.LDAPBackend',
 #    'django.contrib.auth.backends.ModelBackend',
-#)
+)


 ROOT_URLCONF = 'dal.urls'
--- a/dal/dal/templates/changedpassword.html
+++ b/dal/dal/templates/changedpassword.html
@ -0,0 +1,7 @@
+<title> Password for {{user}}  changed. </title>
+
+<h2> The password for {{user}} has been changed. </h2>
+<br><br>
+<form action={% url 'index' %} method="get">
+	<input type="submit" value="Back to indexpage">
+</form>
--- a/dal/dal/templates/deleteaccount.html
+++ b/dal/dal/templates/deleteaccount.html
@ -8,6 +8,7 @@
 <br><br>
 To delete an account, please type the username and password below:
 <form action={% url 'account_delete' %} method="post">
+	{% csrf_token %} 
 	<br><br>Username:<br>
 	<input type="text" name="username" id="username">
 	<br><br>Password:<br>
--- a/dal/dal/templates/usercreated.html
+++ b/dal/dal/templates/usercreated.html
@ -0,0 +1,7 @@
+<title> User {{ user }} created. </title>
+
+<h2> User {{ user }} was successfully created. </h2>
+<br><br>
+<form action={% url 'index' %} method="get">
+	<input type="submit" value="Back to Indexpage">
+</form>
--- a/dal/dal/templates/useroptions.html
+++ b/dal/dal/templates/useroptions.html
@ -19,3 +19,6 @@ You have the following options:
 <form action={% url 'account_delete' %} method="get">
 	<input type="submit" value="Delete your account">
 </form>
+<form action={% url 'logout' %} method="get">
+	<input type="submit" value="Logout">
+</form>
--- a/dal/dal/urls.py
+++ b/dal/dal/urls.py
@ -18,7 +18,7 @@ from django.urls import path
 from django.conf.urls import url
 from django.contrib import admin

-from .views import Register, ChangeData, ChangePassword, ResetPassword, DeleteAccount, Index
+from .views import Register, ChangeData, ChangePassword, ResetPassword, DeleteAccount, Index, LogOut

 urlpatterns = [
 #    path('admin/', admin.site.urls),
@ -28,4 +28,5 @@ urlpatterns = [
    path('changepassword/', ChangePassword.as_view(), name="change_password"),
    path('deleteaccount/', DeleteAccount.as_view(), name="account_delete"),
    path('index/', Index.as_view(), name="index"),
+    path('logout/', LogOut.as_view(), name="logout"),
 ]
--- a/dal/dal/views.py
+++ b/dal/dal/views.py
@ -1,6 +1,6 @@
 from django.shortcuts import render
 from django.views.generic import View
-from django.contrib.auth import authenticate, login
+from django.contrib.auth import authenticate, login, logout
 from django.contrib.auth.models import User
 from django.http import HttpResponse, HttpResponseRedirect
 from django.core.validators import validate_email, ValidationError
@ -106,13 +106,13 @@ class ChangeData(View):
        login(request, user)
        # get basic data (firstname, lastname, email)
        with get_pool().next() as rpc:
-            (state, firstname, lastname, email) = rpc.getuserdata.get_data(user)
+            (state, firstname, lastname, email) = rpc.getuserdata.get_data(str(request.user))
        # If it throws an error, the errormessage gets put into firstname.. not great naming, but works best this way
        if state == "error":
            return render(request, 'error.html', { 'urlname': urlname, 'service': service, 'error': firstname } )
        # The template puts the old data as standard in the fields
        else:
-            return render(request, 'changeuserdata.html', { 'user': user, 'firstname': firstname, 'lastname': lastname, 'email': email } )
+            return render(request, 'changeuserdata.html', { 'user': str(request.user), 'firstname': firstname, 'lastname': lastname, 'email': email } )

    # get the change request
    def post(self, request):
@ -123,7 +123,7 @@ class ChangeData(View):
        if not request.user.is_authenticated:
            return render(request, 'mustbeloggedin.html')
        
-        user = request.user
+        user = str(request.user)
        firstname = request.POST.get('firstname')
        lastname = request.POST.get('lastname')
        email = request.POST.get('email')
@ -199,7 +199,7 @@ class ChangePassword(View):
            return render(request, 'mustbeloggedin.html')
        login(request, request.user)

-        user = request.user
+        user = str(request.user)
        oldpassword = request.POST.get('oldpassword')
        check = authenticate(request, username=user, password=oldpassword)
        # Is the right password for the user supplied?
@ -249,12 +249,18 @@ class DeleteAccount(View):
    
        # Try to delete the user
        with get_pool().next() as rpc:
-            result = rpc.deleteuser.delete_user(user)
+            result = rpc.deleteuser.delete_user(username)
        # User deleted
        if result == True:
+            logout(request)
            return render(request, 'deleteduser.html', { 'user': username } )
        # User not deleted, got some kind of error
        else:
            return render(request, 'error.html', { 'urlname': urlname, 'service': service, 'error': result } )

-    
+
+class LogOut(View):
+
+    def get(self, request):
+        logout(request)
+        return HttpResponse("You have been logged out.", status=200)
--- a/nameko-func.py
+++ b/nameko-func.py
@ -44,12 +44,19 @@ def ldapservers():
 def user_or_customer(uid):
    server = ldapservers()
    conn = Connection(server)
-    if conn.search('ou=customers,dc=ungleich,dc=ch', '(%s)' % uid):
+    conn.bind()
+    search_customers = conn.search('ou=customers,dc=ungleich,dc=ch', '(%s)' % uid)
+#    if conn.search('ou=customers,dc=ungleich,dc=ch', '(%s)' % uid):
+    if search_customers:
+        conn.unbind()
        return '%s,ou=customers,dc=ungleich,dc=ch' % uid
-    elif conn.search('ou=customers,dc=ungleich,dc=ch', '(%s)' % uid):
+    search_users = conn.search('ou=customers,dc=ungleich,dc=ch', '(%s)' % uid)
+#    elif conn.search('ou=customers,dc=ungleich,dc=ch', '(%s)' % uid):
+    if search_users:
+        conn.unbind()
        return '%s,ou=customers,dc=ungleich,dc=ch' % uid
-    else:
-        return False
+    conn.unbind()
+    return False


 # checks if a user already exists in the LDAP
@ -72,7 +79,7 @@ class UserLookUp(object):
        #if conn.search('ou=customers,dc=ungleich,dc=ch', '(%s)' % LDAP_UID) or conn.search('ou=users,dc=ungleich,dc=ch', '(%s)' % LPAD_UID):
        if x or y:
            # return conn.entries[0] for first search result since we can assume uid is unique
-            self.dispatch('ldap', '%s [Info: UserLookUp] Searched for %s and found it: %s\n' % (datetime.now(), LDAP_UID, str(conn.entries[0])) )
+            self.dispatch('ldap', '%s [Info: UserLookUp] Searched for %s and found it\n' % (datetime.now(), LDAP_UID) )
            conn.unbind()
            # return True since the user is already in LDAP
            return True
@ -132,7 +139,8 @@ class GetUserData(object):
        LDAP_UID = 'uid=%s' % user
        server = ldapservers()
        conn = Connection(server)
-        if not conn.bind():
+        conn.bind()
+        if not conn.bound:
            self.dispatch('ldap', '%s [Error GetUserData] Could not connect to LDAP server.\n' % datetime.now() )
            return ("error", "Could not connect to LDAP server.", "", "")
        rdn = user_or_customer(LDAP_UID)
@ -234,7 +242,7 @@ class ChangePassword(object):

    @rpc
    def change_password(self, user, newpassword):
-        LDAP_UID = 'uid=%s'
+        LDAP_UID = 'uid=%s' % user
        server = ldapservers()
        conn = Connection(server, config['LDAP']['LDAPMANAGER'], config['LDAP']['LDAPMANAGERPASSWORD'])
        if not conn.bind():
@ -277,10 +285,11 @@ class DeleteUser(object):

    @rpc
    def delete_user(self, user):
-        LDAP_UID = user
+        LDAP_UID = 'uid=%s' % user
        server = ldapservers()
        conn = Connection(server, config['LDAP']['LDAPMANAGER'], config['LDAP']['LDAPMANAGERPASSWORD'])
-        if not conn.bind():
+        conn.bind()
+        if not conn.bound:
            self.dispatch('ldap', '%s [Error DeleteUser] Could not connect to LDAP server.\n' % datetime.now() )
            return "Could not connect to LDAP server."
        # again, check whether the uid= is in ou=users or ou=customers
@ -290,7 +299,8 @@ class DeleteUser(object):
            self.dispatch('ldap', '%s [Error DeleteUser] Could not find the user %s\n' % (datetime.now(), LDAP_UID) )
            return "Could not find the user."
        # Check if the delete was successfull
-        if not conn.delete(dn):
+        deleted = conn.delete(dn)
+        if not deleted:
            conn.unbind()
            self.dispatch('ldap', '%s [Error DeleteUser] Could not delete %s\n' % (datetime.now(), dn) )
            return "Could not delete the user."