From a92054bc0ab5448f8482f969c9c691a957a145bf Mon Sep 17 00:00:00 2001 From: downhill Date: Wed, 10 Oct 2018 14:13:49 +0200 Subject: [PATCH] finished up the views --- dal/dal/templates/deleteaccount.html | 0 dal/dal/templates/deleteduser.html | 0 dal/dal/views.py | 49 ++++++++++++++++++++-------- 3 files changed, 35 insertions(+), 14 deletions(-) create mode 100644 dal/dal/templates/deleteaccount.html create mode 100644 dal/dal/templates/deleteduser.html diff --git a/dal/dal/templates/deleteaccount.html b/dal/dal/templates/deleteaccount.html new file mode 100644 index 0000000..e69de29 diff --git a/dal/dal/templates/deleteduser.html b/dal/dal/templates/deleteduser.html new file mode 100644 index 0000000..e69de29 diff --git a/dal/dal/views.py b/dal/dal/views.py index 9facc1c..99f1fce 100644 --- a/dal/dal/views.py +++ b/dal/dal/views.py @@ -56,13 +56,6 @@ class Register(View): service = 'Registering an user' # urlname for 'go back' on the errorpage urlname = 'register' - # some basic check against DoS, since a hidden reference=ungleich will be given on the registeruser page - # real defense against DoS will not be on django, but this protects a bit against filling up our ldap with a - # basic curl script - # TODO: Think about some better protection - reference = request.POST.get('reference') - if reference != 'ungleich': - return HttpResponseRedirect(reverse_lazy('index')) username = request.POST.get('username') # Check to see if username is already taken if self.check_user_exists(username): @@ -85,8 +78,10 @@ class Register(View): lastname = request.POST.get('lastname') if firstname == "" or not firstname or lastname == "" or not lastname return render(request, 'registererror.html', { 'urlname': urlname, 'service': service, 'error': 'Please enter your firstname and lastname.' } ) - # TODO: throw it to nameko to create the user - return render(request, 'usercreated.html', { 'user': username } ) + # throw it to nameko to create the user + if self.create_user(username, password1, firstname, lastname, email): + return render(request, 'usercreated.html', { 'user': username } ) + return render(request, 'error.html', { 'urlname': urlname, 'service': service, 'error': 'Unknown error while creating the user.' } ) @@ -100,7 +95,7 @@ class ChangeData(View): if not request.user.is_authenticated: return render(request, 'mustbeloggedin.html') user = request.user - #TODO: nameko get basic data (firstname, lastname, email) + # get basic data (firstname, lastname, email) (firstname, lastname, email) = self.get_data(user) # The template puts the old data as standard in the fields return render(request, 'changeuserdata.html', { 'user': user, 'firstname': firstname, 'lastname': lastname, 'email': email } ) @@ -128,7 +123,7 @@ class ChangeData(View): return render(request, 'error.html', { 'urlname': urlname, 'service': service, 'error': 'Please enter an email.' } ) elif not email_re.match(email): return render(request, 'error.html', { 'urlname': urlname, 'service': service, 'error': 'The supplied email address is invalid.' } ) - #TODO: nameko change data (firstname, lastname, email) + # Trying to change the data if self.change_data(firstname, lastname, email): return render(request, 'changeddata.html', { 'user': user, 'firstname': firstname, 'lastname': lastname, 'email': email } ) return render(request, 'error.html', { 'urlname': urlname, 'service': service, 'error': 'An unknown error occurred.' } ) @@ -157,7 +152,8 @@ class ResetPassword(View): def post(self, request): user = request.POST.get('user') if check_user_exists(user): - #TODO: call nameko for sending a reset request + # TODO: Get a good backend for reset requests + # Sending the reset request self.send_resetrequest(user) return render(request, 'send_resetrequest.html', { 'user': user } ) return render(request, 'must_confirm_reset.html') @@ -200,7 +196,7 @@ class ChangePassword(View): return render(request, 'error.html', { 'urlname': urlname, 'service': service, 'error': 'Please check if you typed the same password both times for the new password' } ) - # TODO: nameko change password + # Trying to change the password if self.change_password(user, oldpassword, password1): return render(request, 'changedpassword.html', { 'user': user } ) else: @@ -215,7 +211,32 @@ class ChangePassword(View): class DeleteAccount(View): + def get(self, request): - return HttpResponse("Work in progress") + return render(request, 'deleteaccount.html') + def post(self, request): + # Variables for error page + urlname = 'account_delete' + service = 'delete an account' + # Does the user exist? + username = request.POST.username + if not check_user_exists(username): + return render(request, 'error.html', { 'urlname': urlname, 'service': service, 'error': 'Unknown user.' } ) + + # Do user and password match? + password = request.POST.username + check = authenticate(request, username=username, password=password) + if check is None: + return render(request, 'error.html', { 'urlname': urlname, 'service': service, 'error': 'Wrong password for user.' } ) + + # Try to delete the user + if self.delete_user(username): + return render(request, 'deleteduser.html', { 'user': username } ) + return render(request, 'error.html', { 'urlname': urlname, 'service': service, 'error': 'Unknown error while trying to delete the user.' } ) + + + def delete_user(self, username): + #TODO: nameko call to delete the user + return True