Fixed typos and bugs, running okay on testenv

This commit is contained in:
downhill 2018-10-14 19:21:17 +02:00
parent 09f7d42de4
commit 789b6e4ecf
8 changed files with 56 additions and 21 deletions

View file

@ -96,10 +96,10 @@ MIDDLEWARE = [
# Backend for auth # Backend for auth
#AUTHENTICATION_BACKENDS = ( AUTHENTICATION_BACKENDS = (
# 'django_auth_ldap.backend.LDAPBackend', 'django_auth_ldap.backend.LDAPBackend',
# 'django.contrib.auth.backends.ModelBackend', # 'django.contrib.auth.backends.ModelBackend',
#) )
ROOT_URLCONF = 'dal.urls' ROOT_URLCONF = 'dal.urls'

View file

@ -0,0 +1,7 @@
<title> Password for {{user}} changed. </title>
<h2> The password for {{user}} has been changed. </h2>
<br><br>
<form action={% url 'index' %} method="get">
<input type="submit" value="Back to indexpage">
</form>

View file

@ -8,6 +8,7 @@
<br><br> <br><br>
To delete an account, please type the username and password below: To delete an account, please type the username and password below:
<form action={% url 'account_delete' %} method="post"> <form action={% url 'account_delete' %} method="post">
{% csrf_token %}
<br><br>Username:<br> <br><br>Username:<br>
<input type="text" name="username" id="username"> <input type="text" name="username" id="username">
<br><br>Password:<br> <br><br>Password:<br>

View file

@ -0,0 +1,7 @@
<title> User {{ user }} created. </title>
<h2> User {{ user }} was successfully created. </h2>
<br><br>
<form action={% url 'index' %} method="get">
<input type="submit" value="Back to Indexpage">
</form>

View file

@ -19,3 +19,6 @@ You have the following options:
<form action={% url 'account_delete' %} method="get"> <form action={% url 'account_delete' %} method="get">
<input type="submit" value="Delete your account"> <input type="submit" value="Delete your account">
</form> </form>
<form action={% url 'logout' %} method="get">
<input type="submit" value="Logout">
</form>

View file

@ -18,7 +18,7 @@ from django.urls import path
from django.conf.urls import url from django.conf.urls import url
from django.contrib import admin from django.contrib import admin
from .views import Register, ChangeData, ChangePassword, ResetPassword, DeleteAccount, Index from .views import Register, ChangeData, ChangePassword, ResetPassword, DeleteAccount, Index, LogOut
urlpatterns = [ urlpatterns = [
# path('admin/', admin.site.urls), # path('admin/', admin.site.urls),
@ -28,4 +28,5 @@ urlpatterns = [
path('changepassword/', ChangePassword.as_view(), name="change_password"), path('changepassword/', ChangePassword.as_view(), name="change_password"),
path('deleteaccount/', DeleteAccount.as_view(), name="account_delete"), path('deleteaccount/', DeleteAccount.as_view(), name="account_delete"),
path('index/', Index.as_view(), name="index"), path('index/', Index.as_view(), name="index"),
path('logout/', LogOut.as_view(), name="logout"),
] ]

View file

@ -1,6 +1,6 @@
from django.shortcuts import render from django.shortcuts import render
from django.views.generic import View from django.views.generic import View
from django.contrib.auth import authenticate, login from django.contrib.auth import authenticate, login, logout
from django.contrib.auth.models import User from django.contrib.auth.models import User
from django.http import HttpResponse, HttpResponseRedirect from django.http import HttpResponse, HttpResponseRedirect
from django.core.validators import validate_email, ValidationError from django.core.validators import validate_email, ValidationError
@ -106,13 +106,13 @@ class ChangeData(View):
login(request, user) login(request, user)
# get basic data (firstname, lastname, email) # get basic data (firstname, lastname, email)
with get_pool().next() as rpc: with get_pool().next() as rpc:
(state, firstname, lastname, email) = rpc.getuserdata.get_data(user) (state, firstname, lastname, email) = rpc.getuserdata.get_data(str(request.user))
# If it throws an error, the errormessage gets put into firstname.. not great naming, but works best this way # If it throws an error, the errormessage gets put into firstname.. not great naming, but works best this way
if state == "error": if state == "error":
return render(request, 'error.html', { 'urlname': urlname, 'service': service, 'error': firstname } ) return render(request, 'error.html', { 'urlname': urlname, 'service': service, 'error': firstname } )
# The template puts the old data as standard in the fields # The template puts the old data as standard in the fields
else: else:
return render(request, 'changeuserdata.html', { 'user': user, 'firstname': firstname, 'lastname': lastname, 'email': email } ) return render(request, 'changeuserdata.html', { 'user': str(request.user), 'firstname': firstname, 'lastname': lastname, 'email': email } )
# get the change request # get the change request
def post(self, request): def post(self, request):
@ -123,7 +123,7 @@ class ChangeData(View):
if not request.user.is_authenticated: if not request.user.is_authenticated:
return render(request, 'mustbeloggedin.html') return render(request, 'mustbeloggedin.html')
user = request.user user = str(request.user)
firstname = request.POST.get('firstname') firstname = request.POST.get('firstname')
lastname = request.POST.get('lastname') lastname = request.POST.get('lastname')
email = request.POST.get('email') email = request.POST.get('email')
@ -199,7 +199,7 @@ class ChangePassword(View):
return render(request, 'mustbeloggedin.html') return render(request, 'mustbeloggedin.html')
login(request, request.user) login(request, request.user)
user = request.user user = str(request.user)
oldpassword = request.POST.get('oldpassword') oldpassword = request.POST.get('oldpassword')
check = authenticate(request, username=user, password=oldpassword) check = authenticate(request, username=user, password=oldpassword)
# Is the right password for the user supplied? # Is the right password for the user supplied?
@ -249,12 +249,18 @@ class DeleteAccount(View):
# Try to delete the user # Try to delete the user
with get_pool().next() as rpc: with get_pool().next() as rpc:
result = rpc.deleteuser.delete_user(user) result = rpc.deleteuser.delete_user(username)
# User deleted # User deleted
if result == True: if result == True:
logout(request)
return render(request, 'deleteduser.html', { 'user': username } ) return render(request, 'deleteduser.html', { 'user': username } )
# User not deleted, got some kind of error # User not deleted, got some kind of error
else: else:
return render(request, 'error.html', { 'urlname': urlname, 'service': service, 'error': result } ) return render(request, 'error.html', { 'urlname': urlname, 'service': service, 'error': result } )
class LogOut(View):
def get(self, request):
logout(request)
return HttpResponse("You have been logged out.", status=200)

View file

@ -44,12 +44,19 @@ def ldapservers():
def user_or_customer(uid): def user_or_customer(uid):
server = ldapservers() server = ldapservers()
conn = Connection(server) conn = Connection(server)
if conn.search('ou=customers,dc=ungleich,dc=ch', '(%s)' % uid): conn.bind()
search_customers = conn.search('ou=customers,dc=ungleich,dc=ch', '(%s)' % uid)
# if conn.search('ou=customers,dc=ungleich,dc=ch', '(%s)' % uid):
if search_customers:
conn.unbind()
return '%s,ou=customers,dc=ungleich,dc=ch' % uid return '%s,ou=customers,dc=ungleich,dc=ch' % uid
elif conn.search('ou=customers,dc=ungleich,dc=ch', '(%s)' % uid): search_users = conn.search('ou=customers,dc=ungleich,dc=ch', '(%s)' % uid)
# elif conn.search('ou=customers,dc=ungleich,dc=ch', '(%s)' % uid):
if search_users:
conn.unbind()
return '%s,ou=customers,dc=ungleich,dc=ch' % uid return '%s,ou=customers,dc=ungleich,dc=ch' % uid
else: conn.unbind()
return False return False
# checks if a user already exists in the LDAP # checks if a user already exists in the LDAP
@ -72,7 +79,7 @@ class UserLookUp(object):
#if conn.search('ou=customers,dc=ungleich,dc=ch', '(%s)' % LDAP_UID) or conn.search('ou=users,dc=ungleich,dc=ch', '(%s)' % LPAD_UID): #if conn.search('ou=customers,dc=ungleich,dc=ch', '(%s)' % LDAP_UID) or conn.search('ou=users,dc=ungleich,dc=ch', '(%s)' % LPAD_UID):
if x or y: if x or y:
# return conn.entries[0] for first search result since we can assume uid is unique # return conn.entries[0] for first search result since we can assume uid is unique
self.dispatch('ldap', '%s [Info: UserLookUp] Searched for %s and found it: %s\n' % (datetime.now(), LDAP_UID, str(conn.entries[0])) ) self.dispatch('ldap', '%s [Info: UserLookUp] Searched for %s and found it\n' % (datetime.now(), LDAP_UID) )
conn.unbind() conn.unbind()
# return True since the user is already in LDAP # return True since the user is already in LDAP
return True return True
@ -132,7 +139,8 @@ class GetUserData(object):
LDAP_UID = 'uid=%s' % user LDAP_UID = 'uid=%s' % user
server = ldapservers() server = ldapservers()
conn = Connection(server) conn = Connection(server)
if not conn.bind(): conn.bind()
if not conn.bound:
self.dispatch('ldap', '%s [Error GetUserData] Could not connect to LDAP server.\n' % datetime.now() ) self.dispatch('ldap', '%s [Error GetUserData] Could not connect to LDAP server.\n' % datetime.now() )
return ("error", "Could not connect to LDAP server.", "", "") return ("error", "Could not connect to LDAP server.", "", "")
rdn = user_or_customer(LDAP_UID) rdn = user_or_customer(LDAP_UID)
@ -234,7 +242,7 @@ class ChangePassword(object):
@rpc @rpc
def change_password(self, user, newpassword): def change_password(self, user, newpassword):
LDAP_UID = 'uid=%s' LDAP_UID = 'uid=%s' % user
server = ldapservers() server = ldapservers()
conn = Connection(server, config['LDAP']['LDAPMANAGER'], config['LDAP']['LDAPMANAGERPASSWORD']) conn = Connection(server, config['LDAP']['LDAPMANAGER'], config['LDAP']['LDAPMANAGERPASSWORD'])
if not conn.bind(): if not conn.bind():
@ -277,10 +285,11 @@ class DeleteUser(object):
@rpc @rpc
def delete_user(self, user): def delete_user(self, user):
LDAP_UID = user LDAP_UID = 'uid=%s' % user
server = ldapservers() server = ldapservers()
conn = Connection(server, config['LDAP']['LDAPMANAGER'], config['LDAP']['LDAPMANAGERPASSWORD']) conn = Connection(server, config['LDAP']['LDAPMANAGER'], config['LDAP']['LDAPMANAGERPASSWORD'])
if not conn.bind(): conn.bind()
if not conn.bound:
self.dispatch('ldap', '%s [Error DeleteUser] Could not connect to LDAP server.\n' % datetime.now() ) self.dispatch('ldap', '%s [Error DeleteUser] Could not connect to LDAP server.\n' % datetime.now() )
return "Could not connect to LDAP server." return "Could not connect to LDAP server."
# again, check whether the uid= is in ou=users or ou=customers # again, check whether the uid= is in ou=users or ou=customers
@ -290,7 +299,8 @@ class DeleteUser(object):
self.dispatch('ldap', '%s [Error DeleteUser] Could not find the user %s\n' % (datetime.now(), LDAP_UID) ) self.dispatch('ldap', '%s [Error DeleteUser] Could not find the user %s\n' % (datetime.now(), LDAP_UID) )
return "Could not find the user." return "Could not find the user."
# Check if the delete was successfull # Check if the delete was successfull
if not conn.delete(dn): deleted = conn.delete(dn)
if not deleted:
conn.unbind() conn.unbind()
self.dispatch('ldap', '%s [Error DeleteUser] Could not delete %s\n' % (datetime.now(), dn) ) self.dispatch('ldap', '%s [Error DeleteUser] Could not delete %s\n' % (datetime.now(), dn) )
return "Could not delete the user." return "Could not delete the user."