|
|
|
|
@ -1,4 +1,4 @@
|
|
|
|
|
# Imports from django |
|
|
|
|
# Imports from django |
|
|
|
|
from django.shortcuts import render |
|
|
|
|
from django.views.generic import View |
|
|
|
|
from django.contrib.auth import authenticate, login, logout |
|
|
|
|
@ -11,10 +11,10 @@ from django.core.mail import EmailMessage
|
|
|
|
|
from .models import ResetToken |
|
|
|
|
|
|
|
|
|
# Imports for the extra stuff not in django |
|
|
|
|
# django_nameko is an extra module, so gets put in here |
|
|
|
|
|
|
|
|
|
from base64 import b64encode, b64decode |
|
|
|
|
from datetime import datetime |
|
|
|
|
from django_nameko import get_pool |
|
|
|
|
|
|
|
|
|
from random import choice, randint |
|
|
|
|
import string |
|
|
|
|
from configparser import ConfigParser |
|
|
|
|
@ -47,19 +47,19 @@ class PseudoUser():
|
|
|
|
|
password = ''.join(choice(string.ascii_letters + string.digits) for _ in range(30)) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# The index page |
|
|
|
|
# The index page |
|
|
|
|
# If there's a session open, it will give the user the options he/she/it can do, if not, |
|
|
|
|
# it will show a landing page explaining what this is and prompt them to login |
|
|
|
|
|
|
|
|
|
class Index(View): |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Basic binary choice, if it is an authenticated user, go straight to the options page, |
|
|
|
|
# if not, then show the landing page |
|
|
|
|
def get(self, request): |
|
|
|
|
if request.user.is_authenticated: |
|
|
|
|
return render(request, 'useroptions.html', { 'user': request.user } ) |
|
|
|
|
return render(request, 'landing.html') |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Basically does the same as the GET request, just with trying to login the user beforehand |
|
|
|
|
# Shows an errorpage if authentication fails, since just looping to the landing page |
|
|
|
|
# would be frustrating |
|
|
|
|
@ -74,7 +74,7 @@ class Index(View):
|
|
|
|
|
return render(request, 'loginfailed.html') |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Registering a user |
|
|
|
|
# Registering a user |
|
|
|
|
|
|
|
|
|
class Register(View): |
|
|
|
|
|
|
|
|
|
@ -102,11 +102,11 @@ class Register(View):
|
|
|
|
|
password2 = request.POST.get('password2') |
|
|
|
|
# check if the supplied passwords match |
|
|
|
|
if password1 != password2: |
|
|
|
|
return render(request, 'error.html', { 'urlname': urlname, 'service': service, |
|
|
|
|
return render(request, 'error.html', { 'urlname': urlname, 'service': service, |
|
|
|
|
'error': 'Your passwords did not match. Please supply the same password twice.' } ) |
|
|
|
|
# check for at least a bit of length on the password |
|
|
|
|
if len(password1) < 8: |
|
|
|
|
return render(request, 'error.html', { 'urlname': urlname, 'service': service, |
|
|
|
|
return render(request, 'error.html', { 'urlname': urlname, 'service': service, |
|
|
|
|
'error': 'Your password is too short, please use a longer one. At least 8 characters.' } ) |
|
|
|
|
|
|
|
|
|
email = request.POST.get('email') |
|
|
|
|
@ -164,12 +164,12 @@ class ChangeData(View):
|
|
|
|
|
# Only logged in users may change data |
|
|
|
|
if not request.user.is_authenticated: |
|
|
|
|
return render(request, 'mustbeloggedin.html') |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
user = str(request.user) |
|
|
|
|
firstname = request.POST.get('firstname') |
|
|
|
|
lastname = request.POST.get('lastname') |
|
|
|
|
email = request.POST.get('email') |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Some sanity checks for the supplied data |
|
|
|
|
if firstname == "": |
|
|
|
|
return render(request, 'error.html', { 'urlname': urlname, 'service': service, 'error': 'Please enter a firstname.' } ) |
|
|
|
|
@ -255,7 +255,7 @@ class ResetPassword(View):
|
|
|
|
|
|
|
|
|
|
# Builds the reset link for the email and puts the token into the database |
|
|
|
|
def build_reset_link(self, user, epochutc): |
|
|
|
|
# set up the data |
|
|
|
|
# set up the data |
|
|
|
|
host = 'account-staging.ungleich.ch' |
|
|
|
|
tokengen = PasswordResetTokenGenerator() |
|
|
|
|
# create some noise for use in the tokengenerator |
|
|
|
|
@ -263,7 +263,7 @@ class ResetPassword(View):
|
|
|
|
|
token = tokengen.make_token(pseudouser) |
|
|
|
|
buser = bytes(user, 'utf-8') |
|
|
|
|
userpart = b64encode(buser) |
|
|
|
|
# create entry into the database |
|
|
|
|
# create entry into the database |
|
|
|
|
newdbentry = ResetToken(user=user, token=token, creation=epochutc) |
|
|
|
|
newdbentry.save() |
|
|
|
|
# set up the link |
|
|
|
|
@ -353,7 +353,7 @@ class ChangePassword(View):
|
|
|
|
|
if not request.user.is_authenticated: |
|
|
|
|
return render(request, 'mustbeloggedin.html') |
|
|
|
|
return render(request, 'changepassword.html', { 'user': request.user } ) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Does some checks on the supplied data and changes the password |
|
|
|
|
def post(self, request): |
|
|
|
|
# Variables for the error page |
|
|
|
|
@ -375,7 +375,7 @@ class ChangePassword(View):
|
|
|
|
|
password2 = request.POST.get('password2') |
|
|
|
|
# Are both passwords from the form the same? |
|
|
|
|
if password1 != password2: |
|
|
|
|
return render(request, 'error.html', { 'urlname': urlname, 'service': service, |
|
|
|
|
return render(request, 'error.html', { 'urlname': urlname, 'service': service, |
|
|
|
|
'error': 'Please check if you typed the same password both times for the new password' } ) |
|
|
|
|
# Check for password length |
|
|
|
|
if len(password1) < 8: |
|
|
|
|
@ -417,7 +417,7 @@ class DeleteAccount(View):
|
|
|
|
|
check = authenticate(request, username=username, password=pwd) |
|
|
|
|
if check is None: |
|
|
|
|
return render(request, 'error.html', { 'urlname': urlname, 'service': service, 'error': 'Wrong password for user.' } ) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Try to delete the user |
|
|
|
|
with get_pool().next() as rpc: |
|
|
|
|
result = rpc.deleteuser.delete_user(username) |
|
|
|
|
|
Nico Schottelius
3 years ago