cbmi/account/views.py

#!/usr/bin/env python
# -*- coding: utf-8 -*-

import os
import base64
import hashlib


from django.conf import settings
from django.http import HttpResponseRedirect
from django.shortcuts import render_to_response
from django.template.context import RequestContext
from django.contrib.auth import login, logout, authenticate
from django.contrib.auth.models import User
from django.shortcuts import get_object_or_404
from django.contrib.auth.decorators import login_required
from django.contrib.auth.models import Group
from django.shortcuts import render
from django.utils.translation import ugettext as _

from forms import GastroPinForm, WlanPresenceForm, LoginForm, PasswordForm, \
    RFIDForm, NRF24Form, SIPPinForm, CLabPinForm, AdminForm
from cbase_members import retrieve_member
from password_encryption import *

def landingpage(request):
    if request.user.is_authenticated():
        return HttpResponseRedirect('/account')
    form = LoginForm()
    is_ceymaster = is_admin = False
    if 'ceymaster' in [g.name for g in request.user.groups.all()]:
        is_ceymaster = True
    if 'ldap_admins' in [g.name for g in request.user.groups.all()]:
        is_admin = True
    groups = Group.objects.all()
    try:
        admins = Group.objects.get(name="ldap_admins").user_set.all()
    except:
        admins = []

    return render(request, 'base.html', {'form': form, 'admins': admins})

def auth_login(request):
    redirect_to = request.GET.get('next', '') or '/'
    if request.method == 'POST':
        form = LoginForm(request.POST)
        if form.is_valid():
            username = form.cleaned_data['username']
            password = form.cleaned_data['password']
            user = form.login(request)
            if user is not None:
                if user.is_active:
                    login(request, user)
                    member, created = \
                        User.objects.get_or_create(username=username)
                    if created:
                        member.save()

                    # save password in the session for later use with LDAP
                    key = store_ldap_password(request, password)
                    response = HttpResponseRedirect(redirect_to)
                    response.set_cookie('sessionkey', key)
                    return response
            else:
                return render(request, 'login.html', {'form': form})
    else:
        form = LoginForm()

    return render_to_response('login.html',
            RequestContext(request, locals()))

@login_required
def home(request):
    member = retrieve_member(request)
    context = {'member': member.to_dict(), 'groups': request.user.groups.all()}
    return render(request, 'home.html', context)

@login_required
def auth_logout(request):
    request.session.pop(ENCRYPTED_LDAP_PASSWORD)
    redirect_to = request.GET.get('next', '') or '/'
    logout(request)
    response = HttpResponseRedirect(redirect_to)
    response.delete_cookie('sessionkey')
    return response

@login_required(redirect_field_name="/" ,login_url="/account/login/")
def groups_list(request, group_name):
    group = get_object_or_404(Group, name=group_name)
    groups = Group.objects.all()
    if 'ceymaster' in [g.name for g in request.user.groups.all()]:
        is_ceymaster = True
    if 'ldap_admins' in [g.name for g in request.user.groups.all()]:
        is_admin = True
    return render_to_response("group_list.html", locals())

@login_required
def sippin(request):
    return set_ldap_field(request, SIPPinForm, [('sippin', 'sippin')],
        'sippin.html')

def set_hash_field(request, form_type, in_field, out_field, hash_func,
        template_name):
    """
    Abstract view for changing LDAP attributes that need to be hashed.
    Takes a function that converts the value into the hashed_value.
    """
    member = retrieve_member(request)
    initial = {}

    if request.method == 'POST':
        form = form_type(request.POST)
        if form.is_valid():
            hashed_value = hash_func(form.cleaned_data[in_field])
            print 'hashed value: ', hashed_value
            member.set(out_field, hashed_value)
            member.save()
            new_form = form_type(initial=initial)
            return render(request, template_name,
                    {'message': _('Your changes have been saved. Thank you!'),
                     'form': new_form, 'member': member.to_dict()})
        else:
            return render(request, template_name,
                    {'form': form, 'member': member.to_dict()})
    else:
        form = form_type(initial=initial)
        return render(request, template_name,
                {'form': form, 'member': member.to_dict()})

@login_required
def gastropin(request):
    def calculate_gastro_hash(pin):
        key = settings.CBASE_GASTRO_KEY
        bla = '%s%s' % (key, pin)
        return hashlib.sha256(bla).hexdigest()

    return set_hash_field(request, GastroPinForm,
        'gastropin1', 'gastroPIN', calculate_gastro_hash, 'gastropin.html')

@login_required
def clabpin(request):
    if request.user.groups.filter(name='cey-c-lab').count() == 0:
        return render(request, 'access_denied.html')

    def calculate_clab_hash(pin):
        salt = os.urandom(12)
        digest = hashlib.sha1(bytearray(pin, 'UTF-8')+salt).digest()
        return '{SSHA}' + base64.b64encode(digest + salt)

    return set_hash_field(request, CLabPinForm, 'c_lab_pin1', 'c-labPIN',
            calculate_clab_hash, 'clabpin.html')

@login_required
def password(request):
    """
    View that changes the password on the LDAP server.
    """
    member = retrieve_member(request)

    if request.method == 'POST':
        form = PasswordForm(request.POST, request=request)

        if form.is_valid():
            new_password = form.cleaned_data['password1']
            member.change_password(new_password)
            key = store_ldap_password(request, new_password)
            request.session.save()
            new_form = PasswordForm()
            response = render(request, 'password.html',
                {'message': _('Your password was changed. Thank you!'),
                 'form': new_form, 'member': member.to_dict()})
            response.set_cookie('sessionkey', key)
        else:
            return render(request, 'password.html',
                {'form': form, 'member': member.to_dict()})
    else:
        form = PasswordForm()
        return render(request, 'password.html',
            {'form': form, 'member': member.to_dict()})

def set_ldap_field(request, form_type, field_names, template_name):
    """
    Abstract view for each of the different forms.

    field_names contains the mapping of the field name in the form to
    """
    member = retrieve_member(request)
    initial = {}

    if request.method == 'POST':
        form = form_type(request.POST)
        if form.is_valid():

            for form_field, ldap_field in field_names:
                member.set(ldap_field, form.cleaned_data[form_field])
                initial[form_field] = member.get(ldap_field)
            member.save()
            new_form = form_type(initial=initial)
            return render(request, template_name,
                    {'message': _('Your changes have been saved. Thank you!'),
                     'form': new_form, 'member': member.to_dict()})
        else:
            return render(request, template_name,
                    {'form': form, 'member': member.to_dict()})
    else:
        for form_field, ldap_field in field_names:
            initial[form_field] = member.get(ldap_field)
        form = form_type(initial=initial)
        return render(request, template_name,
                {'form': form, 'member': member.to_dict()})

@login_required
def wlan_presence(request):
    return set_ldap_field(request, WlanPresenceForm,
            [('presence', 'wlanPresence')], 'wlan_presence.html')

@login_required
def rfid(request):
    return set_ldap_field(request, RFIDForm, [('rfid', 'rfid')], 'rfid.html')

@login_required
def nrf24(request):
    return set_ldap_field(request, NRF24Form, [('nrf24', 'nrf24')], 'nrf24.html')

@login_required
def admin(request):
    member = retrieve_member(request)
    if request.user.groups.filter(name='ldap_admins').count() == 0:
        return render(request, 'access_denied.html')
    users = member.list_users()
    if request.method == 'POST':
        form = AdminForm(request.POST, request=request, users=users)

        if form.is_valid():
            new_password = form.cleaned_data['password1']
            member.admin_change_password(form.cleaned_data['username'], new_password)
            new_form = AdminForm(request=request, users=users)
            return render(request, 'admin.html',
                {'message': _('The password for %s was changed. Thank you!' % form.cleaned_data['username']),
                 'form': new_form})
        else:
            return render(request, 'admin.html',
                {'form': form})
    else:
        form = AdminForm(request=request, users=users)
        return render(request, 'admin.html',
            {'form': form})

    #username = cleaned_data.get('username')
    #admin_username = self._request.user.username
    #admin_password = self._request.session['ldap_password']
setting wifi presence 2013-10-24 01:49:46 +02:00			`#!/usr/bin/env python`
			`# -- coding: utf-8 --`
everything except admin works 2013-10-26 20:06:42 +02:00
			`import os`
			`import base64`
gastropin works 2013-10-25 23:15:30 +02:00			`import hashlib`
setting wifi presence 2013-10-24 01:49:46 +02:00
#11 passwords are now stored with aes-128 encryption 2013-10-27 21:13:41 +01:00
everything except admin works 2013-10-26 20:06:42 +02:00			`from django.conf import settings`
Init 2013-10-19 00:47:24 +02:00			`from django.http import HttpResponseRedirect`
			`from django.shortcuts import render_to_response`
			`from django.template.context import RequestContext`
			`from django.contrib.auth import login, logout, authenticate`
			`from django.contrib.auth.models import User`
forms work and are saved to ldap correctly, added RFID form 2013-10-24 21:27:15 +02:00			`from django.shortcuts import get_object_or_404`
			`from django.contrib.auth.decorators import login_required`
			`from django.contrib.auth.models import Group`
			`from django.shortcuts import render`
			`from django.utils.translation import ugettext as _`
Init 2013-10-19 00:47:24 +02:00
clean templates, add userdetail and proper landing page 2013-10-25 01:03:16 +02:00			`from forms import GastroPinForm, WlanPresenceForm, LoginForm, PasswordForm, \`
added admin password setting function 2013-10-26 22:40:47 +02:00			`RFIDForm, NRF24Form, SIPPinForm, CLabPinForm, AdminForm`
everything except admin works 2013-10-26 20:06:42 +02:00			`from cbase_members import retrieve_member`
#11 passwords are now stored with aes-128 encryption 2013-10-27 21:13:41 +01:00			`from password_encryption import *`
clean templates, add userdetail and proper landing page 2013-10-25 01:03:16 +02:00
			`def landingpage(request):`
			`if request.user.is_authenticated():`
			`return HttpResponseRedirect('/account')`
			`form = LoginForm()`
			`is_ceymaster = is_admin = False`
			`if 'ceymaster' in [g.name for g in request.user.groups.all()]:`
			`is_ceymaster = True`
			`if 'ldap_admins' in [g.name for g in request.user.groups.all()]:`
			`is_admin = True`
			`groups = Group.objects.all()`
show landingpage even if there are no groups, yet 2013-10-26 21:35:25 +02:00			`try:`
			`admins = Group.objects.get(name="ldap_admins").user_set.all()`
			`except:`
			`admins = []`
clean templates, add userdetail and proper landing page 2013-10-25 01:03:16 +02:00
			`return render(request, 'base.html', {'form': form, 'admins': admins})`

Init 2013-10-19 00:47:24 +02:00			`def auth_login(request):`
setting wifi presence 2013-10-24 01:49:46 +02:00			`redirect_to = request.GET.get('next', '') or '/'`
Init 2013-10-19 00:47:24 +02:00			`if request.method == 'POST':`
			`form = LoginForm(request.POST)`
			`if form.is_valid():`
			`username = form.cleaned_data['username']`
			`password = form.cleaned_data['password']`
small error corrections in the templates and forms 2013-10-25 19:35:32 +02:00			`user = form.login(request)`
Init 2013-10-19 00:47:24 +02:00			`if user is not None:`
			`if user.is_active:`
			`login(request, user)`
setting wifi presence 2013-10-24 01:49:46 +02:00			`member, created = \`
			`User.objects.get_or_create(username=username)`
Init 2013-10-19 00:47:24 +02:00			`if created:`
			`member.save()`
small error corrections in the templates and forms 2013-10-25 19:35:32 +02:00
setting wifi presence 2013-10-24 01:49:46 +02:00			`# save password in the session for later use with LDAP`
#11 passwords are now stored with aes-128 encryption 2013-10-27 21:13:41 +01:00			`key = store_ldap_password(request, password)`
setting wifi presence 2013-10-24 01:49:46 +02:00			`response = HttpResponseRedirect(redirect_to)`
#11 passwords are now stored with aes-128 encryption 2013-10-27 21:13:41 +01:00			`response.set_cookie('sessionkey', key)`
setting wifi presence 2013-10-24 01:49:46 +02:00			`return response`
Init 2013-10-19 00:47:24 +02:00			`else:`
small error corrections in the templates and forms 2013-10-25 19:35:32 +02:00			`return render(request, 'login.html', {'form': form})`
Init 2013-10-19 00:47:24 +02:00			`else:`
			`form = LoginForm()`

setting wifi presence 2013-10-24 01:49:46 +02:00			`return render_to_response('login.html',`
			`RequestContext(request, locals()))`
Init 2013-10-19 00:47:24 +02:00
small error corrections in the templates and forms 2013-10-25 19:35:32 +02:00			`@login_required`
			`def home(request):`
			`member = retrieve_member(request)`
everything except admin works 2013-10-26 20:06:42 +02:00			`context = {'member': member.to_dict(), 'groups': request.user.groups.all()}`
			`return render(request, 'home.html', context)`
small error corrections in the templates and forms 2013-10-25 19:35:32 +02:00
clean templates, add userdetail and proper landing page 2013-10-25 01:03:16 +02:00			`@login_required`
Init 2013-10-19 00:47:24 +02:00			`def auth_logout(request):`
#11 passwords are now stored with aes-128 encryption 2013-10-27 21:13:41 +01:00			`request.session.pop(ENCRYPTED_LDAP_PASSWORD)`
setting wifi presence 2013-10-24 01:49:46 +02:00			`redirect_to = request.GET.get('next', '') or '/'`
Init 2013-10-19 00:47:24 +02:00			`logout(request)`
setting wifi presence 2013-10-24 01:49:46 +02:00			`response = HttpResponseRedirect(redirect_to)`
			`response.delete_cookie('sessionkey')`
			`return response`
forms work and are saved to ldap correctly, added RFID form 2013-10-24 21:27:15 +02:00
			`@login_required(redirect_field_name="/" ,login_url="/account/login/")`
			`def groups_list(request, group_name):`
			`group = get_object_or_404(Group, name=group_name)`
			`groups = Group.objects.all()`
			`if 'ceymaster' in [g.name for g in request.user.groups.all()]:`
			`is_ceymaster = True`
			`if 'ldap_admins' in [g.name for g in request.user.groups.all()]:`
			`is_admin = True`
			`return render_to_response("group_list.html", locals())`

clean templates, add userdetail and proper landing page 2013-10-25 01:03:16 +02:00			`@login_required`
			`def sippin(request):`
			`return set_ldap_field(request, SIPPinForm, [('sippin', 'sippin')],`
			`'sippin.html')`
forms work and are saved to ldap correctly, added RFID form 2013-10-24 21:27:15 +02:00
gastropin works 2013-10-25 23:15:30 +02:00			`def set_hash_field(request, form_type, in_field, out_field, hash_func,`
			`template_name):`
			`"""`
everything except admin works 2013-10-26 20:06:42 +02:00			`Abstract view for changing LDAP attributes that need to be hashed.`
			`Takes a function that converts the value into the hashed_value.`
gastropin works 2013-10-25 23:15:30 +02:00			`"""`
			`member = retrieve_member(request)`
			`initial = {}`

			`if request.method == 'POST':`
			`form = form_type(request.POST)`
			`if form.is_valid():`
			`hashed_value = hash_func(form.cleaned_data[in_field])`
everything except admin works 2013-10-26 20:06:42 +02:00			`print 'hashed value: ', hashed_value`
gastropin works 2013-10-25 23:15:30 +02:00			`member.set(out_field, hashed_value)`
			`member.save()`
			`new_form = form_type(initial=initial)`
			`return render(request, template_name,`
			`{'message': _('Your changes have been saved. Thank you!'),`
			`'form': new_form, 'member': member.to_dict()})`
			`else:`
			`return render(request, template_name,`
			`{'form': form, 'member': member.to_dict()})`
			`else:`
			`form = form_type(initial=initial)`
			`return render(request, template_name,`
			`{'form': form, 'member': member.to_dict()})`

			`@login_required`
			`def gastropin(request):`
everything except admin works 2013-10-26 20:06:42 +02:00			`def calculate_gastro_hash(pin):`
			`key = settings.CBASE_GASTRO_KEY`
			`bla = '%s%s' % (key, pin)`
			`return hashlib.sha256(bla).hexdigest()`

gastropin works 2013-10-25 23:15:30 +02:00			`return set_hash_field(request, GastroPinForm,`
			`'gastropin1', 'gastroPIN', calculate_gastro_hash, 'gastropin.html')`

everything except admin works 2013-10-26 20:06:42 +02:00			`@login_required`
			`def clabpin(request):`
c-lab view now requires c-lab-cey group 2013-10-26 22:45:02 +02:00			`if request.user.groups.filter(name='cey-c-lab').count() == 0:`
added admin password setting function 2013-10-26 22:40:47 +02:00			`return render(request, 'access_denied.html')`

everything except admin works 2013-10-26 20:06:42 +02:00			`def calculate_clab_hash(pin):`
			`salt = os.urandom(12)`
			`digest = hashlib.sha1(bytearray(pin, 'UTF-8')+salt).digest()`
			`return '{SSHA}' + base64.b64encode(digest + salt)`

			`return set_hash_field(request, CLabPinForm, 'c_lab_pin1', 'c-labPIN',`
			`calculate_clab_hash, 'clabpin.html')`

gastropin works 2013-10-25 23:15:30 +02:00			`@login_required`
			`def password(request):`
everything except admin works 2013-10-26 20:06:42 +02:00			`"""`
#11 passwords are now stored with aes-128 encryption 2013-10-27 21:13:41 +01:00			`View that changes the password on the LDAP server.`
everything except admin works 2013-10-26 20:06:42 +02:00			`"""`
			`member = retrieve_member(request)`
gastropin works 2013-10-25 23:15:30 +02:00
everything except admin works 2013-10-26 20:06:42 +02:00			`if request.method == 'POST':`
			`form = PasswordForm(request.POST, request=request)`

			`if form.is_valid():`
			`new_password = form.cleaned_data['password1']`
			`member.change_password(new_password)`
#11 passwords are now stored with aes-128 encryption 2013-10-27 21:13:41 +01:00			`key = store_ldap_password(request, new_password)`
everything except admin works 2013-10-26 20:06:42 +02:00			`request.session.save()`
			`new_form = PasswordForm()`
#11 passwords are now stored with aes-128 encryption 2013-10-27 21:13:41 +01:00			`response = render(request, 'password.html',`
everything except admin works 2013-10-26 20:06:42 +02:00			`{'message': _('Your password was changed. Thank you!'),`
			`'form': new_form, 'member': member.to_dict()})`
#11 passwords are now stored with aes-128 encryption 2013-10-27 21:13:41 +01:00			`response.set_cookie('sessionkey', key)`
everything except admin works 2013-10-26 20:06:42 +02:00			`else:`
			`return render(request, 'password.html',`
			`{'form': form, 'member': member.to_dict()})`
			`else:`
			`form = PasswordForm()`
			`return render(request, 'password.html',`
			`{'form': form, 'member': member.to_dict()})`
gastropin works 2013-10-25 23:15:30 +02:00
forms work and are saved to ldap correctly, added RFID form 2013-10-24 21:27:15 +02:00			`def set_ldap_field(request, form_type, field_names, template_name):`
added nrf24 form and changed message color to blue 2013-10-24 21:44:53 +02:00			`"""`
			`Abstract view for each of the different forms.`
everything except admin works 2013-10-26 20:06:42 +02:00
			`field_names contains the mapping of the field name in the form to`
added nrf24 form and changed message color to blue 2013-10-24 21:44:53 +02:00			`"""`
forms work and are saved to ldap correctly, added RFID form 2013-10-24 21:27:15 +02:00			`member = retrieve_member(request)`
			`initial = {}`

			`if request.method == 'POST':`
			`form = form_type(request.POST)`
			`if form.is_valid():`

			`for form_field, ldap_field in field_names:`
			`member.set(ldap_field, form.cleaned_data[form_field])`
			`initial[form_field] = member.get(ldap_field)`
			`member.save()`
			`new_form = form_type(initial=initial)`
			`return render(request, template_name,`
make it pretty 2013-10-25 04:24:26 +02:00			`{'message': _('Your changes have been saved. Thank you!'),`
			`'form': new_form, 'member': member.to_dict()})`
forms work and are saved to ldap correctly, added RFID form 2013-10-24 21:27:15 +02:00			`else:`
make it pretty 2013-10-25 04:24:26 +02:00			`return render(request, template_name,`
small error corrections in the templates and forms 2013-10-25 19:35:32 +02:00			`{'form': form, 'member': member.to_dict()})`
forms work and are saved to ldap correctly, added RFID form 2013-10-24 21:27:15 +02:00			`else:`
			`for form_field, ldap_field in field_names:`
			`initial[form_field] = member.get(ldap_field)`
			`form = form_type(initial=initial)`
make it pretty 2013-10-25 04:24:26 +02:00			`return render(request, template_name,`
			`{'form': form, 'member': member.to_dict()})`
forms work and are saved to ldap correctly, added RFID form 2013-10-24 21:27:15 +02:00
			`@login_required`
			`def wlan_presence(request):`
			`return set_ldap_field(request, WlanPresenceForm,`
			`[('presence', 'wlanPresence')], 'wlan_presence.html')`

			`@login_required`
			`def rfid(request):`
			`return set_ldap_field(request, RFIDForm, [('rfid', 'rfid')], 'rfid.html')`

added nrf24 form and changed message color to blue 2013-10-24 21:44:53 +02:00			`@login_required`
			`def nrf24(request):`
			`return set_ldap_field(request, NRF24Form, [('nrf24', 'nrf24')], 'nrf24.html')`

added admin password setting function 2013-10-26 22:40:47 +02:00			`@login_required`
			`def admin(request):`
			`member = retrieve_member(request)`
			`if request.user.groups.filter(name='ldap_admins').count() == 0:`
			`return render(request, 'access_denied.html')`
			`users = member.list_users()`
			`if request.method == 'POST':`
			`form = AdminForm(request.POST, request=request, users=users)`
gastropin works 2013-10-25 23:15:30 +02:00
added admin password setting function 2013-10-26 22:40:47 +02:00			`if form.is_valid():`
			`new_password = form.cleaned_data['password1']`
			`member.admin_change_password(form.cleaned_data['username'], new_password)`
			`new_form = AdminForm(request=request, users=users)`
			`return render(request, 'admin.html',`
			`{'message': _('The password for %s was changed. Thank you!' % form.cleaned_data['username']),`
			`'form': new_form})`
			`else:`
			`return render(request, 'admin.html',`
			`{'form': form})`
			`else:`
			`form = AdminForm(request=request, users=users)`
			`return render(request, 'admin.html',`
			`{'form': form})`
make it pretty 2013-10-25 04:24:26 +02:00
added admin password setting function 2013-10-26 22:40:47 +02:00			`#username = cleaned_data.get('username')`
			`#admin_username = self._request.user.username`
			`#admin_password = self._request.session['ldap_password']`