2013-10-24 01:49:46 +02:00
|
|
|
#!/usr/bin/env python
|
|
|
|
|
# -*- coding: utf-8 -*-
|
2013-10-26 20:06:42 +02:00
|
|
|
|
|
|
|
|
import os
|
2013-10-25 23:15:30 +02:00
|
|
|
import hashlib
|
2013-10-31 00:28:34 +01:00
|
|
|
import smbpasswd
|
2015-09-24 21:40:54 +02:00
|
|
|
import requests
|
|
|
|
|
import collections
|
2013-10-24 01:49:46 +02:00
|
|
|
|
2013-10-26 20:06:42 +02:00
|
|
|
from django.conf import settings
|
2013-11-24 23:49:12 +01:00
|
|
|
from django.http import HttpResponse, HttpResponseRedirect
|
2013-10-19 00:47:24 +02:00
|
|
|
from django.shortcuts import render_to_response
|
|
|
|
|
from django.template.context import RequestContext
|
|
|
|
|
from django.contrib.auth import login, logout, authenticate
|
|
|
|
|
from django.contrib.auth.models import User
|
2013-10-24 21:27:15 +02:00
|
|
|
from django.shortcuts import get_object_or_404
|
|
|
|
|
from django.contrib.auth.decorators import login_required
|
|
|
|
|
from django.contrib.auth.models import Group
|
|
|
|
|
from django.shortcuts import render
|
|
|
|
|
from django.utils.translation import ugettext as _
|
2013-10-19 00:47:24 +02:00
|
|
|
|
2013-10-25 01:03:16 +02:00
|
|
|
from forms import GastroPinForm, WlanPresenceForm, LoginForm, PasswordForm, \
|
2013-10-26 22:40:47 +02:00
|
|
|
RFIDForm, NRF24Form, SIPPinForm, CLabPinForm, AdminForm
|
2013-11-01 19:34:24 +01:00
|
|
|
from cbase_members import retrieve_member, MemberValues
|
2013-10-27 21:13:41 +01:00
|
|
|
from password_encryption import *
|
2013-10-25 01:03:16 +02:00
|
|
|
|
|
|
|
|
def landingpage(request):
|
|
|
|
|
if request.user.is_authenticated():
|
|
|
|
|
return HttpResponseRedirect('/account')
|
2013-11-24 23:49:12 +01:00
|
|
|
login_form = LoginForm()
|
2013-10-26 21:35:25 +02:00
|
|
|
try:
|
2013-11-24 23:49:12 +01:00
|
|
|
# just in case the group hasn't yet been synced
|
2013-10-26 21:35:25 +02:00
|
|
|
admins = Group.objects.get(name="ldap_admins").user_set.all()
|
|
|
|
|
except:
|
2013-11-24 23:49:12 +01:00
|
|
|
# else provide an emtpy list
|
2013-10-26 21:35:25 +02:00
|
|
|
admins = []
|
2013-10-25 01:03:16 +02:00
|
|
|
|
2013-11-24 23:49:12 +01:00
|
|
|
# https://github.com/c-base/cbmi/issues/20
|
|
|
|
|
# check if nick is still available feature
|
|
|
|
|
check_nickname = request.GET.get('check_nickname', '')
|
|
|
|
|
if check_nickname:
|
|
|
|
|
try:
|
|
|
|
|
user = User.objects.get(username=check_nickname)
|
|
|
|
|
check_nickname = True
|
|
|
|
|
except:
|
|
|
|
|
check_nickname = False
|
|
|
|
|
|
2013-11-25 00:15:13 +01:00
|
|
|
# output as text if requested
|
|
|
|
|
if request.GET.get('raw', ''):
|
|
|
|
|
return HttpResponse(check_nickname)
|
|
|
|
|
|
2013-11-24 23:49:12 +01:00
|
|
|
return render(request, 'base.html', locals())
|
2013-10-25 01:03:16 +02:00
|
|
|
|
2013-10-19 00:47:24 +02:00
|
|
|
def auth_login(request):
|
2013-10-24 01:49:46 +02:00
|
|
|
redirect_to = request.GET.get('next', '') or '/'
|
2013-10-19 00:47:24 +02:00
|
|
|
if request.method == 'POST':
|
|
|
|
|
form = LoginForm(request.POST)
|
|
|
|
|
if form.is_valid():
|
|
|
|
|
username = form.cleaned_data['username']
|
|
|
|
|
password = form.cleaned_data['password']
|
2013-10-25 19:35:32 +02:00
|
|
|
user = form.login(request)
|
2013-10-19 00:47:24 +02:00
|
|
|
if user is not None:
|
|
|
|
|
if user.is_active:
|
|
|
|
|
login(request, user)
|
2013-10-24 01:49:46 +02:00
|
|
|
member, created = \
|
|
|
|
|
User.objects.get_or_create(username=username)
|
2013-10-19 00:47:24 +02:00
|
|
|
if created:
|
|
|
|
|
member.save()
|
2013-10-25 19:35:32 +02:00
|
|
|
|
2013-10-24 01:49:46 +02:00
|
|
|
# save password in the session for later use with LDAP
|
2013-10-27 21:13:41 +01:00
|
|
|
key = store_ldap_password(request, password)
|
2013-10-24 01:49:46 +02:00
|
|
|
response = HttpResponseRedirect(redirect_to)
|
2013-10-27 21:13:41 +01:00
|
|
|
response.set_cookie('sessionkey', key)
|
2013-10-24 01:49:46 +02:00
|
|
|
return response
|
2013-10-19 00:47:24 +02:00
|
|
|
else:
|
2013-10-25 19:35:32 +02:00
|
|
|
return render(request, 'login.html', {'form': form})
|
2013-10-19 00:47:24 +02:00
|
|
|
else:
|
|
|
|
|
form = LoginForm()
|
|
|
|
|
|
2013-10-24 01:49:46 +02:00
|
|
|
return render_to_response('login.html',
|
|
|
|
|
RequestContext(request, locals()))
|
2013-10-19 00:47:24 +02:00
|
|
|
|
2013-10-25 19:35:32 +02:00
|
|
|
@login_required
|
|
|
|
|
def home(request):
|
|
|
|
|
member = retrieve_member(request)
|
2013-10-29 04:20:52 +01:00
|
|
|
number_of_members = member.get_number_of_members()
|
2015-09-24 21:40:54 +02:00
|
|
|
password = get_ldap_password(request)
|
|
|
|
|
username = request.user.username
|
|
|
|
|
url = "https://vorstand.c-base.org/cteward-api/legacy/member/%s" % username
|
|
|
|
|
r = requests.get(url, verify=False, auth=(username, password))
|
|
|
|
|
cteward = r.json()
|
2013-10-29 18:51:04 +01:00
|
|
|
context = {'member': member.to_dict(),
|
|
|
|
|
'groups': sorted(list(request.user.groups.all())),
|
2015-09-24 21:40:54 +02:00
|
|
|
'number_of_members': number_of_members,
|
|
|
|
|
'cteward': cteward,
|
|
|
|
|
}
|
2013-10-26 20:06:42 +02:00
|
|
|
return render(request, 'home.html', context)
|
2013-10-25 19:35:32 +02:00
|
|
|
|
2013-10-25 01:03:16 +02:00
|
|
|
@login_required
|
2013-10-19 00:47:24 +02:00
|
|
|
def auth_logout(request):
|
2013-10-27 21:13:41 +01:00
|
|
|
request.session.pop(ENCRYPTED_LDAP_PASSWORD)
|
2013-10-24 01:49:46 +02:00
|
|
|
redirect_to = request.GET.get('next', '') or '/'
|
2013-10-19 00:47:24 +02:00
|
|
|
logout(request)
|
2013-10-24 01:49:46 +02:00
|
|
|
response = HttpResponseRedirect(redirect_to)
|
|
|
|
|
response.delete_cookie('sessionkey')
|
|
|
|
|
return response
|
2013-10-24 21:27:15 +02:00
|
|
|
|
|
|
|
|
@login_required(redirect_field_name="/" ,login_url="/account/login/")
|
|
|
|
|
def groups_list(request, group_name):
|
|
|
|
|
group = get_object_or_404(Group, name=group_name)
|
|
|
|
|
groups = Group.objects.all()
|
|
|
|
|
if 'ceymaster' in [g.name for g in request.user.groups.all()]:
|
|
|
|
|
is_ceymaster = True
|
|
|
|
|
if 'ldap_admins' in [g.name for g in request.user.groups.all()]:
|
|
|
|
|
is_admin = True
|
|
|
|
|
return render_to_response("group_list.html", locals())
|
|
|
|
|
|
2013-10-25 01:03:16 +02:00
|
|
|
@login_required
|
|
|
|
|
def sippin(request):
|
|
|
|
|
return set_ldap_field(request, SIPPinForm, [('sippin', 'sippin')],
|
|
|
|
|
'sippin.html')
|
2013-10-24 21:27:15 +02:00
|
|
|
|
2013-10-25 23:15:30 +02:00
|
|
|
def set_hash_field(request, form_type, in_field, out_field, hash_func,
|
|
|
|
|
template_name):
|
|
|
|
|
"""
|
2013-10-26 20:06:42 +02:00
|
|
|
Abstract view for changing LDAP attributes that need to be hashed.
|
|
|
|
|
Takes a function that converts the value into the hashed_value.
|
2013-10-25 23:15:30 +02:00
|
|
|
"""
|
|
|
|
|
member = retrieve_member(request)
|
|
|
|
|
initial = {}
|
|
|
|
|
|
|
|
|
|
if request.method == 'POST':
|
|
|
|
|
form = form_type(request.POST)
|
|
|
|
|
if form.is_valid():
|
|
|
|
|
hashed_value = hash_func(form.cleaned_data[in_field])
|
2013-10-26 20:06:42 +02:00
|
|
|
print 'hashed value: ', hashed_value
|
2013-10-25 23:15:30 +02:00
|
|
|
member.set(out_field, hashed_value)
|
|
|
|
|
member.save()
|
|
|
|
|
new_form = form_type(initial=initial)
|
|
|
|
|
return render(request, template_name,
|
|
|
|
|
{'message': _('Your changes have been saved. Thank you!'),
|
|
|
|
|
'form': new_form, 'member': member.to_dict()})
|
|
|
|
|
else:
|
|
|
|
|
return render(request, template_name,
|
|
|
|
|
{'form': form, 'member': member.to_dict()})
|
|
|
|
|
else:
|
|
|
|
|
form = form_type(initial=initial)
|
|
|
|
|
return render(request, template_name,
|
|
|
|
|
{'form': form, 'member': member.to_dict()})
|
|
|
|
|
|
|
|
|
|
@login_required
|
|
|
|
|
def gastropin(request):
|
2013-10-26 20:06:42 +02:00
|
|
|
def calculate_gastro_hash(pin):
|
|
|
|
|
key = settings.CBASE_GASTRO_KEY
|
|
|
|
|
bla = '%s%s' % (key, pin)
|
|
|
|
|
return hashlib.sha256(bla).hexdigest()
|
|
|
|
|
|
2013-10-25 23:15:30 +02:00
|
|
|
return set_hash_field(request, GastroPinForm,
|
|
|
|
|
'gastropin1', 'gastroPIN', calculate_gastro_hash, 'gastropin.html')
|
|
|
|
|
|
2013-10-26 20:06:42 +02:00
|
|
|
@login_required
|
|
|
|
|
def clabpin(request):
|
2015-09-24 21:40:54 +02:00
|
|
|
if not (
|
|
|
|
|
request.user.profile.is_clab_member or
|
|
|
|
|
request.user.profile.is_cey_member or
|
|
|
|
|
request.user.profile.is_soundlab_member
|
|
|
|
|
):
|
2013-10-26 22:40:47 +02:00
|
|
|
return render(request, 'access_denied.html')
|
|
|
|
|
|
2013-10-26 20:06:42 +02:00
|
|
|
def calculate_clab_hash(pin):
|
|
|
|
|
salt = os.urandom(12)
|
|
|
|
|
digest = hashlib.sha1(bytearray(pin, 'UTF-8')+salt).digest()
|
|
|
|
|
return '{SSHA}' + base64.b64encode(digest + salt)
|
|
|
|
|
|
|
|
|
|
return set_hash_field(request, CLabPinForm, 'c_lab_pin1', 'c-labPIN',
|
|
|
|
|
calculate_clab_hash, 'clabpin.html')
|
|
|
|
|
|
2013-10-25 23:15:30 +02:00
|
|
|
@login_required
|
|
|
|
|
def password(request):
|
2013-10-26 20:06:42 +02:00
|
|
|
"""
|
2013-10-27 21:13:41 +01:00
|
|
|
View that changes the password on the LDAP server.
|
2013-10-26 20:06:42 +02:00
|
|
|
"""
|
|
|
|
|
member = retrieve_member(request)
|
2013-10-25 23:15:30 +02:00
|
|
|
|
2013-10-26 20:06:42 +02:00
|
|
|
if request.method == 'POST':
|
|
|
|
|
form = PasswordForm(request.POST, request=request)
|
|
|
|
|
|
|
|
|
|
if form.is_valid():
|
|
|
|
|
new_password = form.cleaned_data['password1']
|
2013-10-31 00:28:34 +01:00
|
|
|
|
|
|
|
|
# change the password for the Wifi
|
|
|
|
|
member.set('sambaLMPassword', smbpasswd.lmhash(new_password))
|
|
|
|
|
member.set('sambaNTPassword', smbpasswd.nthash(new_password))
|
|
|
|
|
member.save()
|
|
|
|
|
|
|
|
|
|
# change the LDAP password
|
2013-10-26 20:06:42 +02:00
|
|
|
member.change_password(new_password)
|
2013-10-31 00:28:34 +01:00
|
|
|
|
2013-10-27 21:13:41 +01:00
|
|
|
key = store_ldap_password(request, new_password)
|
2013-10-26 20:06:42 +02:00
|
|
|
request.session.save()
|
|
|
|
|
new_form = PasswordForm()
|
2013-10-27 21:13:41 +01:00
|
|
|
response = render(request, 'password.html',
|
2013-10-26 20:06:42 +02:00
|
|
|
{'message': _('Your password was changed. Thank you!'),
|
|
|
|
|
'form': new_form, 'member': member.to_dict()})
|
2013-10-27 21:13:41 +01:00
|
|
|
response.set_cookie('sessionkey', key)
|
2013-10-31 00:28:34 +01:00
|
|
|
return response
|
2013-10-26 20:06:42 +02:00
|
|
|
else:
|
|
|
|
|
return render(request, 'password.html',
|
|
|
|
|
{'form': form, 'member': member.to_dict()})
|
|
|
|
|
else:
|
|
|
|
|
form = PasswordForm()
|
|
|
|
|
return render(request, 'password.html',
|
|
|
|
|
{'form': form, 'member': member.to_dict()})
|
2013-10-25 23:15:30 +02:00
|
|
|
|
2013-10-24 21:27:15 +02:00
|
|
|
def set_ldap_field(request, form_type, field_names, template_name):
|
2013-10-24 21:44:53 +02:00
|
|
|
"""
|
|
|
|
|
Abstract view for each of the different forms.
|
2013-10-26 20:06:42 +02:00
|
|
|
|
|
|
|
|
field_names contains the mapping of the field name in the form to
|
2013-10-24 21:44:53 +02:00
|
|
|
"""
|
2013-10-24 21:27:15 +02:00
|
|
|
member = retrieve_member(request)
|
|
|
|
|
initial = {}
|
|
|
|
|
|
|
|
|
|
if request.method == 'POST':
|
|
|
|
|
form = form_type(request.POST)
|
|
|
|
|
if form.is_valid():
|
|
|
|
|
|
|
|
|
|
for form_field, ldap_field in field_names:
|
|
|
|
|
member.set(ldap_field, form.cleaned_data[form_field])
|
|
|
|
|
initial[form_field] = member.get(ldap_field)
|
|
|
|
|
member.save()
|
|
|
|
|
new_form = form_type(initial=initial)
|
|
|
|
|
return render(request, template_name,
|
2013-10-25 04:24:26 +02:00
|
|
|
{'message': _('Your changes have been saved. Thank you!'),
|
|
|
|
|
'form': new_form, 'member': member.to_dict()})
|
2013-10-24 21:27:15 +02:00
|
|
|
else:
|
2013-10-25 04:24:26 +02:00
|
|
|
return render(request, template_name,
|
2013-10-25 19:35:32 +02:00
|
|
|
{'form': form, 'member': member.to_dict()})
|
2013-10-24 21:27:15 +02:00
|
|
|
else:
|
|
|
|
|
for form_field, ldap_field in field_names:
|
|
|
|
|
initial[form_field] = member.get(ldap_field)
|
|
|
|
|
form = form_type(initial=initial)
|
2013-10-25 04:24:26 +02:00
|
|
|
return render(request, template_name,
|
|
|
|
|
{'form': form, 'member': member.to_dict()})
|
2013-10-24 21:27:15 +02:00
|
|
|
|
|
|
|
|
@login_required
|
|
|
|
|
def wlan_presence(request):
|
|
|
|
|
return set_ldap_field(request, WlanPresenceForm,
|
|
|
|
|
[('presence', 'wlanPresence')], 'wlan_presence.html')
|
|
|
|
|
|
|
|
|
|
@login_required
|
|
|
|
|
def rfid(request):
|
|
|
|
|
return set_ldap_field(request, RFIDForm, [('rfid', 'rfid')], 'rfid.html')
|
|
|
|
|
|
2013-10-24 21:44:53 +02:00
|
|
|
@login_required
|
|
|
|
|
def nrf24(request):
|
|
|
|
|
return set_ldap_field(request, NRF24Form, [('nrf24', 'nrf24')], 'nrf24.html')
|
|
|
|
|
|
2013-10-26 22:40:47 +02:00
|
|
|
@login_required
|
|
|
|
|
def admin(request):
|
2013-11-01 19:34:24 +01:00
|
|
|
admin_member = retrieve_member(request)
|
2013-11-24 21:41:30 +01:00
|
|
|
if not request.user.profile.is_ldap_admin:
|
2013-10-26 22:40:47 +02:00
|
|
|
return render(request, 'access_denied.html')
|
2013-11-01 19:34:24 +01:00
|
|
|
users = admin_member.list_users()
|
2013-10-26 22:40:47 +02:00
|
|
|
if request.method == 'POST':
|
|
|
|
|
form = AdminForm(request.POST, request=request, users=users)
|
2013-10-25 23:15:30 +02:00
|
|
|
|
2013-10-26 22:40:47 +02:00
|
|
|
if form.is_valid():
|
|
|
|
|
new_password = form.cleaned_data['password1']
|
2013-11-01 19:34:24 +01:00
|
|
|
admin_member.admin_change_password(form.cleaned_data['username'], new_password)
|
|
|
|
|
|
|
|
|
|
member = MemberValues(form.cleaned_data['username'], new_password)
|
|
|
|
|
member.set('sambaLMPassword', smbpasswd.lmhash(new_password))
|
|
|
|
|
member.set('sambaNTPassword', smbpasswd.nthash(new_password))
|
|
|
|
|
member.save()
|
|
|
|
|
|
2013-10-26 22:40:47 +02:00
|
|
|
new_form = AdminForm(request=request, users=users)
|
|
|
|
|
return render(request, 'admin.html',
|
|
|
|
|
{'message': _('The password for %s was changed. Thank you!' % form.cleaned_data['username']),
|
|
|
|
|
'form': new_form})
|
|
|
|
|
else:
|
|
|
|
|
return render(request, 'admin.html',
|
|
|
|
|
{'form': form})
|
|
|
|
|
else:
|
|
|
|
|
form = AdminForm(request=request, users=users)
|
|
|
|
|
return render(request, 'admin.html',
|
|
|
|
|
{'form': form})
|
2013-10-25 04:24:26 +02:00
|
|
|
|
2013-10-26 22:40:47 +02:00
|
|
|
#username = cleaned_data.get('username')
|
|
|
|
|
#admin_username = self._request.user.username
|
|
|
|
|
#admin_password = self._request.session['ldap_password']
|
2013-11-04 00:15:26 +01:00
|
|
|
|
|
|
|
|
def hammertime(request):
|
2013-11-04 00:15:47 +01:00
|
|
|
return render(request, 'hammertime.html', {})
|
2015-09-24 21:40:54 +02:00
|
|
|
|
|
|
|
|
@login_required
|
|
|
|
|
def memberstatus(request):
|
|
|
|
|
#url = baseurl + route_operation_mapping['SessionCreate']['Route']
|
|
|
|
|
#data = json.dumps({'UserLogin': username, 'Password': password})
|
|
|
|
|
password = get_ldap_password(request)
|
|
|
|
|
username = request.user.username
|
|
|
|
|
|
|
|
|
|
url = "https://vorstand.c-base.org/cteward-api/legacy/member/%s/contributions" % username
|
|
|
|
|
r = requests.get(url, verify=False, auth=(username, password))
|
|
|
|
|
contributions = r.json()
|
|
|
|
|
years = collections.OrderedDict(sorted(contributions['years'].items(), reverse=True))
|
|
|
|
|
contributions['years'] = years.items()
|
|
|
|
|
|
|
|
|
|
url = "https://vorstand.c-base.org/cteward-api/legacy/member/%s" % username
|
|
|
|
|
r = requests.get(url, verify=False, auth=(username, password))
|
|
|
|
|
cteward = r.json()
|
|
|
|
|
|
|
|
|
|
return render(request, 'memberstatus.html', {'contributions': contributions, 'cteward': cteward})
|
|
|
|
|
|
|
|
|
|
|
