mgoetz/ldap_account_manager
Archived
2
2
Fork 0
Code Issues 9 Pull Requests Releases 2 Wiki Activity

Compare commits

merge into: mgoetz:dev_translation
Branches Tags
mgoetz:master
mgoetz:dev_translation
mgoetz:feature_deletion_system
mgoetz:translation
mgoetz:v1.1.0
mgoetz:v1.0.0
...
pull from: mgoetz:master
Branches Tags
mgoetz:master
mgoetz:dev_translation
mgoetz:feature_deletion_system
mgoetz:translation
mgoetz:v1.1.0
mgoetz:v1.0.0
This repository has been archived on 2019-10-12. You can view files and clone it, but cannot push or open issues or pull requests.

21 Commits
dev_transl ... master

Author SHA1 Message Date
Michael Götz
c46d84b023 Fix status codes, Refractor views 2019-06-13 01:42:47 +02:00
Michael Götz
48abf000fc Add realm detail and realm admin view tests 2019-06-13 01:42:15 +02:00
Michael Götz
a635d16a8a Change status codes, refractoring 2019-06-12 17:54:54 +02:00
Michael Götz
df298dc6e0 Implement test for realm add and realm list views 2019-06-12 17:54:10 +02:00
Michael Götz
8523ce0825 Refractor views, Add status codes to realm add 2019-06-12 03:47:32 +02:00
Michael Götz
b82c610a9f Add realm add tests 2019-06-12 03:46:48 +02:00
Michael Götz
b9b23d6627 Merge branch 'master' of https://git.wiai.de/mgoetz/ldap_account_manager 2019-06-12 02:14:45 +02:00
Michael Götz
47034c9eb6 Add base dn setter 2019-06-12 02:11:31 +02:00
Michael Götz
55ed18967c Refractor main view 2019-06-12 02:10:58 +02:00
Michael Götz
6fa1ffbdff Initialize testing 2019-06-12 02:10:10 +02:00
MG
7b0bd4f17e Merge branch 'master' of git.stuve-bamberg.de:mgoetz/ldap_account_manager 2019-06-07 17:53:35 +02:00
MG
eca52bec63 Add toast infos 2019-06-07 17:51:44 +02:00
MG
a63426d1ea Add toast message on mail send 2019-06-07 17:34:13 +02:00
MG
09c422ed15 Fix #78; Fix empty django accounts 2019-06-07 15:58:13 +02:00
Linux User
15ab8b2ab6 Add email user and password for secure mail accounts 2019-05-30 20:02:25 +00:00
Michael Götz
2237e35770 Implement working password change 2019-05-29 00:55:34 +02:00
Michael Götz
8aca00e943 Implement pw reset without django user password setting 2019-05-28 23:53:44 +02:00
Michael Götz
62d7b9fe8a Try to fix change pw 2019-05-28 23:22:58 +02:00
Michael Götz
604f7af5ff Fix thuy again 2019-05-28 21:17:20 +02:00
Michael Götz
b00ecd576b Standardize realm detail page 2019-05-28 20:33:15 +02:00
MG
7734a0d36f UI tweak 2019-05-18 17:53:47 +02:00
25 changed files with 756 additions and 162 deletions
Show Stats Expand all files Collapse all files

10
docker/lama/dev.env
View File

@ -30,3 +30,13 @@ DEFAULT_FROM_EMAIL=
SERVER_EMAIL= SERVER_EMAIL=
DELETION_WAIT_DAYS=14 DELETION_WAIT_DAYS=14
#EMAIL_BACKEND=smtp
#EMAIL_HOST=smtp.uni-bamberg.de
#EMAIL_PORT=587
#EMAIL_USE_TLS=False
#EMAIL_USE_SSL=False
#DEFAULT_FROM_EMAIL=vergesslich@uni-bamberg.de
##DEFAULT_FROM_EMAIL=fachschaft-wiai.stuve@uni-bamberg.de
#SERVER_EMAIL=fachschaft-wiai.stuve@uni-bamberg.de

17
src/account_helper/management/commands/deletable.py
View File

@ -15,15 +15,23 @@ class Command(BaseCommand):
parser.add_argument( parser.add_argument(
'--delete', '--delete',
action='store_true', action='store_true',
help='Delete poll instead of closing it', help='Delete users which deletion time is lower than the current date',
) )
parser.add_argument( parser.add_argument(
'--json', '--json',
action='store_true', action='store_true',
help='Return an json encoded String', help='Return an json encoded String',
) )
parser.add_argument(
'--all',
action='store_true',
help='Delete all marked user, --delete is required',
)
def handle(self, *args, **options): def handle(self, *args, **options):
if options['all']:
deletables = DeletedUser.objects.all()
else:
deletables = DeletedUser.objects.filter(deletion_date__lte=timezone.now()) deletables = DeletedUser.objects.filter(deletion_date__lte=timezone.now())
output = "" output = ""
if options['json']: if options['json']:
@ -34,7 +42,6 @@ class Command(BaseCommand):
else: else:
for user in deletables: for user in deletables:
output += f'{user}\n' output += f'{user}\n'
if options['delete']: if options['delete']:
LdapUser.base_dn = LdapUser.ROOT_DN LdapUser.base_dn = LdapUser.ROOT_DN
for user in deletables: for user in deletables:
@ -48,4 +55,10 @@ class Command(BaseCommand):
pass pass
if not options['json']: if not options['json']:
output += '\nSuccessfully deleted all listed users' output += '\nSuccessfully deleted all listed users'
if output:
self.stdout.write(self.style.SUCCESS(output)) self.stdout.write(self.style.SUCCESS(output))
else:
for deletable in deletables:
self.stdout.write(self.style.SUCCESS(deletable))

15
src/account_manager/forms.py
View File

@ -1,7 +1,8 @@
from django import forms from django import forms
from django.contrib.auth import get_user_model from django.contrib.auth import get_user_model
from django.contrib.auth.forms import PasswordResetForm from django.contrib.auth.forms import PasswordResetForm, PasswordChangeForm
from account_manager.utils.django_user import update_dajngo_user
from .models import LdapUser, LdapGroup from .models import LdapUser, LdapGroup
from django.forms import modelformset_factory from django.forms import modelformset_factory
import logging import logging
@ -83,6 +84,10 @@ class LdapPasswordResetForm(PasswordResetForm):
that prevent inactive users and users with unusable passwords from that prevent inactive users and users with unusable passwords from
resetting their password. resetting their password.
""" """
LdapUser.base_dn = LdapUser.ROOT_DN
ldap_users = LdapUser.objects.filter(email=email)
for ldap_user in ldap_users:
update_dajngo_user(ldap_user)
logger.debug('Pasword reset get users') logger.debug('Pasword reset get users')
active_users = UserModel._default_manager.filter(**{ active_users = UserModel._default_manager.filter(**{
'%s__iexact' % UserModel.get_email_field_name(): email, '%s__iexact' % UserModel.get_email_field_name(): email,
@ -90,3 +95,11 @@ class LdapPasswordResetForm(PasswordResetForm):
}) })
logger.debug((u for u in active_users)) logger.debug((u for u in active_users))
return (u for u in active_users) return (u for u in active_users)
class LdapPasswordChangeForm(PasswordChangeForm):
def clean_old_password(self):
"""
Validates that the old_password field is correct.
"""
return "ralf"

158
src/account_manager/main_views.py
View File

@ -1,20 +1,19 @@
import logging import logging
import re
from smtplib import SMTPAuthenticationError, SMTPConnectError, SMTPException from smtplib import SMTPAuthenticationError, SMTPConnectError, SMTPException
from socket import timeout from socket import timeout
from django.contrib.auth.decorators import login_required from django.contrib.auth.decorators import login_required
from django.contrib.auth.models import Group, User from django.contrib.auth.models import Group, User
from django.core.exceptions import ObjectDoesNotExist
from django.db import IntegrityError from django.db import IntegrityError
from django.shortcuts import render, redirect, HttpResponse from django.shortcuts import render, redirect
from datetime import datetime, timedelta from ldap import LDAPError
from account_helper.models import Realm from account_helper.models import Realm
from account_manager.utils.mail_utils import realm_send_mail from account_manager.utils.mail_utils import realm_send_mail
from account_manager.utils.main_views import render_permission_denied_view, render_realm_detail_view, \
get_users_home_view
from .forms import RealmAddForm, RealmUpdateForm from .forms import RealmAddForm, RealmUpdateForm
from .models import LdapGroup, LdapUser from .models import LdapGroup, LdapUser
from ldap import LDAPError
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
@ -27,44 +26,20 @@ def is_realm_admin(view_func):
admin_group__user__username__contains=request.user.username)) > 0): admin_group__user__username__contains=request.user.username)) > 0):
return view_func(request, *args, **kwargs) return view_func(request, *args, **kwargs)
else: else:
return redirect('permission-denied') return render_permission_denied_view(request)
return decorator return decorator
@login_required @login_required
def realm_list(request): def realm_list(request):
user = request.user django_user = request.user
if user.is_superuser: if django_user.is_superuser:
realms = Realm.objects.order_by('name').all() realms = Realm.objects.order_by('name').all()
else: else:
realms = Realm.objects.filter(admin_group__user__username__contains=user.username).order_by('name').order_by( realms = Realm.objects.filter(admin_group__user__username__contains=django_user.username).order_by('name')
'name')
show_user = request.GET.get('show_user', False)
if show_user or (len(realms) == 0 and not user.is_superuser):
try:
LdapUser.base_dn = LdapUser.ROOT_DN
user = LdapUser.objects.get(username=user.username)
realm_base_dn = re.compile('(uid=[a-zA-Z0-9_]*),(ou=[a-zA-Z_]*),(.*)').match(user.dn).group(3)
realm = Realm.objects.get(ldap_base_dn=realm_base_dn)
return redirect('user-detail', realm.id, user.dn) return get_users_home_view(request, django_user, realms)
except ObjectDoesNotExist as err:
logger.info('Anmeldung fehlgeschlagen', err)
return HttpResponse("Invalid login. Please try again.")
elif len(realms) == 1:
return redirect('realm-detail', realms[0].id)
else:
realm_wrappers = []
for realm in realms:
realm_wrappers.append(_get_group_user_count_wrapper(realm))
return render(request, 'realm/realm_home.jinja2', {'realms': realms, 'realm_wrappers': realm_wrappers})
def _get_group_user_count_wrapper(realm):
LdapUser.base_dn = f'ou=people,{realm.ldap_base_dn}'
LdapGroup.base_dn = f'ou=groups,{realm.ldap_base_dn}'
return {'realm': realm, 'group_count': LdapGroup.objects.count(), 'user_count': LdapUser.objects.count()}
@login_required @login_required
@ -79,21 +54,21 @@ def realm_add(request):
try: try:
base_dn_available(ldap_base_dn) base_dn_available(ldap_base_dn)
realm_obj = Realm.objects.create(name=name, ldap_base_dn=ldap_base_dn) realm = Realm.objects.create(name=name, ldap_base_dn=ldap_base_dn)
realm_obj.save() realm.save()
return redirect('realm-detail', realm_obj.id) return render_realm_detail_view(request, realm.id, status_code=201)
except IntegrityError as err: except IntegrityError as err:
# TODO: Load no extra fail view, use current add view
return render(request, 'realm/realm_add_failed.jinja2', return render(request, 'realm/realm_add_failed.jinja2',
{'realm_name': name, 'error': err}) {'realm_name': name, 'error': err}, status=409)
except LDAPError as err: except LDAPError as err:
logger.debug("Ldap Error", err) logger.debug("Ldap Error", err)
return render(request, 'realm/realm_add_failed.jinja2', return render(request, 'realm/realm_add_failed.jinja2',
{'realm_name': name}) {'realm_name': name}, status=409)
else: else:
form = RealmAddForm() form = RealmAddForm()
return render(request, 'realm/realm_add.jinja2', {'realms': realms, 'form': form}) return render(request, 'realm/realm_add.jinja2', {'realms': realms, 'form': form})
else: return render_permission_denied_view(request)
redirect('permission-denied')
def base_dn_available(base_dn): def base_dn_available(base_dn):
@ -105,28 +80,7 @@ def base_dn_available(base_dn):
@login_required @login_required
@is_realm_admin @is_realm_admin
def realm_detail(request, realm_id): def realm_detail(request, realm_id):
realm = Realm.objects.get(id=realm_id) return render_realm_detail_view(request, realm_id)
LdapUser.base_dn = realm.ldap_base_dn
inactive_users = LdapUser.get_inactive_users().count()
logger.info(inactive_users)
ldap_admin_group, ldap_default_group = get_default_admin_group(realm)
return render(request, 'realm/realm_detailed.jinja2',
{'realm': realm, 'ldap_admin_group': ldap_admin_group, 'ldap_default_group': ldap_default_group,
'inactive_user_count': inactive_users, 'users_count': LdapUser.objects.all().count()})
def get_default_admin_group(realm):
ldap_admin_group = None
ldap_default_group = None
if realm.admin_group:
LdapGroup.base_dn = f'ou=groups,{realm.ldap_base_dn}'
ldap_admin_group = LdapGroup.objects.get(name=realm.admin_group.name)
if realm.default_group:
LdapGroup.base_dn = f'ou=groups,{realm.ldap_base_dn}'
ldap_default_group = LdapGroup.objects.get(name=realm.default_group.name)
return ldap_admin_group, ldap_default_group
@login_required @login_required
@ -134,14 +88,12 @@ def get_default_admin_group(realm):
def realm_update(request, realm_id): def realm_update(request, realm_id):
if request.user.is_superuser: if request.user.is_superuser:
realm = Realm.objects.get(id=realm_id) realm = Realm.objects.get(id=realm_id)
LdapGroup.base_dn = f'ou=groups,{realm.ldap_base_dn}' LdapGroup.base_dn = f'ou=groups,{realm.ldap_base_dn}'
ldap_admin_group = None ldap_admin_group = None if not realm.admin_group else LdapGroup.objects.get(name=realm.admin_group.name)
if realm.admin_group: ldap_default_group = None if not realm.default_group else LdapGroup.objects.get(name=realm.default_group.name)
ldap_admin_group = LdapGroup.objects.get(name=realm.admin_group.name)
ldap_default_group = None form_data = {'id': realm.id,
if realm.default_group:
ldap_default_group = LdapGroup.objects.get(name=realm.default_group.name)
data = {'id': realm.id,
'ldap_base_dn': realm.ldap_base_dn, 'ldap_base_dn': realm.ldap_base_dn,
'name': realm.name, 'name': realm.name,
'email': realm.email, 'email': realm.email,
@ -154,23 +106,16 @@ def realm_update(request, realm_id):
realm.ldap_base_dn = form.cleaned_data['ldap_base_dn'] realm.ldap_base_dn = form.cleaned_data['ldap_base_dn']
realm.email = form.cleaned_data['email'] realm.email = form.cleaned_data['email']
admin_ldap_group = form.cleaned_data['admin_group'] admin_ldap_group = form.cleaned_data['admin_group']
if admin_ldap_group: realm.admin_group = None if not admin_ldap_group else admin_ldap_group.get_django_group()
realm.admin_group, _ = Group.objects.get_or_create(name=admin_ldap_group.name)
else:
realm.admin_group = None
default_ldap_group = form.cleaned_data['default_group'] default_ldap_group = form.cleaned_data['default_group']
if default_ldap_group: realm.default_group = None if not default_ldap_group else default_ldap_group.get_django_group()
realm.default_group, _ = Group.objects.get_or_create(name=default_ldap_group.name)
else:
realm.default_group = None
realm.save() realm.save()
return redirect('realm-detail', realm.id) return render_realm_detail_view(request, realm_id, status_code=200)
return render(request, 'realm/realm_update.jinja2', {'realm': realm, 'form': form}, status=422)
else: else:
form = RealmUpdateForm(initial=data) form = RealmUpdateForm(initial=form_data)
return render(request, 'realm/realm_update.jinja2', {'realm': realm, 'form': form}) return render(request, 'realm/realm_update.jinja2', {'realm': realm, 'form': form})
else: return render_permission_denied_view(request)
realm = Realm.objects.get(id=realm_id)
return render(request, 'realm/realm_update.jinja2', {'realm': realm})
@login_required @login_required
@ -209,38 +154,27 @@ def realm_delete(request, realm_id):
def permission_denied(request): def permission_denied(request):
return render(request, 'permission_denied.jinja2', {}) return render_permission_denied_view(request)
def realm_email_test(request, realm_id): def realm_email_test(request, realm_id):
realm = Realm.objects.get(id=realm_id) realm = Realm.objects.get(id=realm_id)
ldap_admin_group, ldap_default_group = get_default_admin_group(realm) test_msg = f'Du hast die Mail Konfiguration für {realm.name} erfolgreich abgeschlossen.'
success_msg = 'Test erfolgreich'
error_msg_auth = f'Mail konnte nicht versendet werden, Anmeldedaten inkorrekt.'
error_msg_connect = f'Mail konnte nicht versendet werden. Verbindungsaufbau abgelehnt. ' \
f'Bitte überprüfen sie die Server Addresse und den Port'
error_msg_timeout = f'Mail konnte nicht versendet werden. Zeitüberschreitung beim Verbindungsaufbau. ' \
f'Bitte überprüfen sie die Server Addresse und den Port'
error_msg_smtp = f'Mail konnte nicht versendet werden. Bitte kontaktieren sie den Administrator'
try: try:
realm_send_mail(realm, realm.email, f'{realm.name} Test Mail', realm_send_mail(realm, realm.email, f'{realm.name} Test Mail', test_msg)
f'Du hast die Mail Konfiguration für {realm.name} erfolgreich abgeschlossen.') except SMTPAuthenticationError:
except SMTPAuthenticationError as err: return render_realm_detail_view(request, realm_id, error_headline="Testmail", error_text=error_msg_auth)
return render(request, 'realm/realm_detailed.jinja2', except SMTPConnectError:
{'realm': realm, 'error': f'Mail konnte nicht versendet werden, Anmeldedaten inkorrekt.', return render_realm_detail_view(request, realm_id, error_headline="Testmail", error_text=error_msg_connect)
'ldap_admin_group': ldap_admin_group, except timeout:
'ldap_default_group': ldap_default_group}) return render_realm_detail_view(request, realm_id, error_headline="Testmail", error_text=error_msg_timeout)
except SMTPConnectError as err:
return render(request, 'realm/realm_detailed.jinja2',
{'realm': realm,
'error': f'Mail konnte nicht versendet werden. Verbindungsaufbau abgelehnt. Bitte überprüfen sie die Server Addresse und den Port',
'ldap_admin_group': ldap_admin_group,
'ldap_default_group': ldap_default_group})
except timeout as err:
return render(request, 'realm/realm_detailed.jinja2',
{'realm': realm,
'error': f'Mail konnte nicht versendet werden. Zeitüberschreitung beim Verbindungsaufbau. Bitte überprüfen sie die Server Addresse und den Port',
'ldap_admin_group': ldap_admin_group,
'ldap_default_group': ldap_default_group})
except SMTPException: except SMTPException:
return render(request, 'realm/realm_detailed.jinja2', return render_realm_detail_view(request, realm_id, error_headline="Testmail", error_text=error_msg_smtp)
{'realm': realm, return render_realm_detail_view(request, realm_id, success_headline="Testmail", success_text=success_msg)
'error': f'Mail konnte nicht versendet werden. Bitte kontaktieren sie den Administrator',
'ldap_admin_group': ldap_admin_group,
'ldap_default_group': ldap_default_group})
return render(request, 'realm/realm_detailed.jinja2',
{'realm': realm, 'notice': 'Test erfolgreich', 'ldap_admin_group': ldap_admin_group,
'ldap_default_group': ldap_default_group})

19
src/account_manager/models.py
View File

@ -4,7 +4,7 @@ import os
import re import re
from datetime import datetime, timedelta from datetime import datetime, timedelta
from django.contrib.auth.models import User from django.contrib.auth.models import User, Group
from django.core.exceptions import ObjectDoesNotExist from django.core.exceptions import ObjectDoesNotExist
from django.db import OperationalError from django.db import OperationalError
from django.db.models import Q from django.db.models import Q
@ -84,7 +84,7 @@ class LdapUser(Model):
LdapUser.base_dn = LdapUser.ROOT_DN LdapUser.base_dn = LdapUser.ROOT_DN
ldap_user = LdapUser.objects.get(username=user.username) ldap_user = LdapUser.objects.get(username=user.username)
ldap_user.password = raw_password ldap_user.password = raw_password
LdapUser.base_dn = re.compile('(uid=[a-zA-Z0-9_]*),(.*)').match(ldap_user.dn).group(2) LdapUser.base_dn = re.compile('(uid=[a-zA-Z0-9_-]*),(.*)').match(ldap_user.dn).group(2)
ldap_user.save() ldap_user.save()
@staticmethod @staticmethod
@ -132,6 +132,13 @@ class LdapUser(Model):
return (LdapUser.objects.filter(last_login__lte=last_semester) | LdapUser.objects.exclude( return (LdapUser.objects.filter(last_login__lte=last_semester) | LdapUser.objects.exclude(
last_login__lte=datetime.now() + timedelta(days=1))) last_login__lte=datetime.now() + timedelta(days=1)))
def get_users_realm_base_dn(self):
return re.compile('(uid=[a-zA-Z0-9_-]*),(ou=[a-zA-Z_-]*),(.*)').match(self.dn).group(3)
@staticmethod
def set_root_dn(realm):
LdapUser.base_dn = f'ou=people,{realm.ldap_base_dn}'
class LdapGroup(Model): class LdapGroup(Model):
""" """
@ -162,6 +169,14 @@ class LdapGroup(Model):
group.members.remove(ldap_user_dn) group.members.remove(ldap_user_dn)
group.save() group.save()
def get_django_group(self):
django_group, _ = Group.objects.get_or_create(name=self.name)
return django_group
@staticmethod
def set_root_dn(realm):
LdapGroup.base_dn = f'ou=groups,{realm.ldap_base_dn}'
def __str__(self): def __str__(self):
return self.name return self.name

0
src/account_manager/tests/__init__.py Normal file
View File

0
src/account_manager/tests/test_forms.py Normal file
View File

0
src/account_manager/tests.py → src/account_manager/tests/test_models.py
View File

430
src/account_manager/tests/test_views.py Normal file
View File

@ -0,0 +1,430 @@
import logging
from django.contrib.auth.models import User, Group
from django.test import TestCase
# Create your tests here.
from django.urls import reverse
from account_helper.models import Realm
from account_manager.models import LdapUser, LdapGroup
class RealmHomeViewTest(TestCase):
@classmethod
def setUpTestData(cls):
# User.objects.get_or_create(username="test", email="test@test.de")
User.objects.create_superuser(
username='test_superuser',
password=RealmHomeViewTest.get_password(),
email='test@test.de',
is_staff=True,
is_superuser=True,
is_active=True,
)
def create_ldap_objects(self):
self.realm_1, _ = Realm.objects.get_or_create(name="test_realm_1",
ldap_base_dn="ou=test,ou=fachschaften,dc=test,dc=de")
self.realm_2, _ = Realm.objects.get_or_create(name="test_realm_2",
ldap_base_dn="ou=test2,ou=fachschaften,dc=test,dc=de")
LdapUser.set_root_dn(self.realm_1)
self.ldap_user_multiple_admin, _ = LdapUser.objects.get_or_create(username="test_multi_admin",
email="test@test.de",
password=RealmHomeViewTest.get_password(),
first_name="max",
last_name="musterstudent")
self.ldap_user_admin, _ = LdapUser.objects.get_or_create(username="test_admin", email="test@test.de",
password=RealmHomeViewTest.get_password(),
first_name="max",
last_name="musterstudent")
self.ldap_user, _ = LdapUser.objects.get_or_create(username="test", email="test@test.de",
password=RealmHomeViewTest.get_password(),
first_name="max",
last_name="musterstudent")
LdapGroup.set_root_dn(self.realm_1)
self.realm_1_ldap_group = LdapGroup.objects.create(name="test_realm_1_admin_group",
members=[self.ldap_user_multiple_admin.dn,
self.ldap_user_admin.dn])
LdapGroup.set_root_dn(self.realm_1)
self.realm_2_ldap_group = LdapGroup.objects.create(name="test_realm_2_admin_group",
members=[self.ldap_user_multiple_admin.dn])
logging.disable(logging.DEBUG)
self.realm_1.admin_group = self.realm_1_ldap_group.get_django_group()
self.realm_1.save()
self.realm_2.admin_group = self.realm_2_ldap_group.get_django_group()
self.realm_2.save()
@classmethod
def get_password(cls):
return "12345678"
def setUp(self):
self.create_ldap_objects()
self.django_superuser = User.objects.get(username="test_superuser")
def tearDown(self):
self.clear_ldap_objects()
self.django_superuser.delete()
logging.disable(logging.NOTSET)
def clear_ldap_objects(self):
self.realm_1.delete()
self.realm_2.delete()
self.ldap_user_multiple_admin.delete()
self.ldap_user_admin.delete()
self.ldap_user.delete()
self.realm_1_ldap_group.delete()
self.realm_2_ldap_group.delete()
def test_without_login(self):
response = self.client.get(reverse('realm-home'))
self.assertEqual(response.status_code, 302)
def test_with_user_login(self):
self.client.login(username=self.ldap_user.username, password=RealmHomeViewTest.get_password())
response = self.client.get(reverse('realm-home'))
self.assertContains(response, 'Profil löschen', status_code=200)
self.client.logout()
def test_with_admin_login(self):
self.client.login(username=self.ldap_user_admin.username, password=RealmHomeViewTest.get_password())
response = self.client.get(reverse('realm-home'))
self.assertContains(response, 'Bereich ', status_code=200)
self.client.logout()
def test_with_admin_multiple_realms_login(self):
self.client.login(username=self.ldap_user_multiple_admin.username, password=RealmHomeViewTest.get_password())
response = self.client.get(reverse('realm-home'))
self.assertContains(response, 'Bereiche', status_code=200)
self.client.logout()
def test_with_superuser_login(self):
self.client.login(username=self.django_superuser.username, password=RealmHomeViewTest.get_password())
response = self.client.get(reverse('realm-home'))
self.assertContains(response, 'Bereiche', status_code=200)
self.client.logout()
class RealmAddViewTest(TestCase):
@classmethod
def setUpTestData(cls):
realm, _ = Realm.objects.get_or_create(name="test", ldap_base_dn="ou=test,ou=fachschaften,dc=test,dc=de")
LdapUser.set_root_dn(realm)
LdapUser.objects.get_or_create(username="test", email="test@test.de",
password=RealmAddViewTest.get_password(),
first_name="max",
last_name="musterstudent")
User.objects.get_or_create(username="test", email="test@test.de")
logging.disable(logging.DEBUG)
@classmethod
def get_password(cls):
return "12345678"
def setUp(self):
self.realm = Realm.objects.get(name="test")
LdapUser.set_root_dn(self.realm)
self.ldap_user = LdapUser.objects.get(username="test")
self.django_user = User.objects.get(username="test")
self.django_superuser = User.objects.create_superuser(
username='superuser_test',
password='test',
email='test@test.de',
is_staff=True,
is_superuser=True,
is_active=True,
)
def tearDown(self):
self.realm.delete()
self.ldap_user.delete()
self.django_user.delete()
logging.disable(logging.NOTSET)
def test_without_login(self):
response = self.client.get(reverse('realm-add'))
self.assertEqual(response.status_code, 302)
def test_with_login(self):
self.client.login(username=self.ldap_user.username, password=RealmAddViewTest.get_password())
response = self.client.get(reverse('realm-add'))
self.assertContains(response, 'Leider hast du keine Rechte', status_code=403)
self.client.logout()
def test_with_login_and_post_valid_form(self):
self.client.login(username=self.ldap_user.username, password=RealmAddViewTest.get_password())
response = self.client.post(reverse('realm-add'),
{'name': 'test', 'ldap_base_dn': 'ou=test,ou=fachschaften,dc=test,dc=de'})
self.assertContains(response, 'Leider hast du keine Rechte', status_code=403)
self.client.logout()
def test_with_super_user_login(self):
self.client.login(username=self.django_superuser.username, password='test')
response = self.client.get(reverse('realm-add'))
self.assertContains(response, 'Neuen Bereich anlegen', status_code=200)
self.client.logout()
def test_with_super_user_login_add_realm(self):
realm = Realm.objects.get(name=self.realm.name)
realm.delete()
self.client.login(username=self.django_superuser.username, password='test')
response = self.client.post(reverse('realm-add'),
{'name': 'test', 'ldap_base_dn': 'ou=test,ou=fachschaften,dc=test,dc=de'})
self.assertContains(response, 'Bereich test', status_code=201)
self.client.logout()
self.realm, _ = Realm.objects.get_or_create(name="test", ldap_base_dn="ou=test,ou=fachschaften,dc=test,dc=de")
def test_with_super_user_login_add_extisting_realm(self):
self.client.login(username=self.django_superuser.username, password='test')
response = self.client.post(reverse('realm-add'),
{'name': 'test', 'ldap_base_dn': 'ou=test,ou=fachschaften,dc=test,dc=de'})
self.assertContains(response, 'Das hinzufügen des Bereichs ist fehlgeschlagen.', status_code=409)
self.client.logout()
def test_with_super_user_login_add_extisting_realm_with_different_name(self):
self.client.login(username=self.django_superuser.username, password='test')
response = self.client.post(reverse('realm-add'),
{'name': 'test_new', 'ldap_base_dn': 'ou=test,ou=fachschaften,dc=test,dc=de'})
self.assertContains(response, 'Das hinzufügen des Bereichs ist fehlgeschlagen.', status_code=409)
self.client.logout()
def test_with_super_user_login_add_realm_with_not_existing_ldap_base_dn(self):
self.client.login(username=self.django_superuser.username, password='test')
response = self.client.post(reverse('realm-add'),
{'name': 'test_not_extisting_ldap_dn',
'ldap_base_dn': 'ou=not_exists,ou=fachschaften,dc=test,dc=de'})
self.assertContains(response, 'Das hinzufügen des Bereichs ist fehlgeschlagen.', status_code=409)
self.client.logout()
class RealmDetailViewTest(TestCase):
@classmethod
def setUpTestData(cls):
# User.objects.get_or_create(username="test", email="test@test.de")
User.objects.create_superuser(
username='test_superuser',
password=RealmDetailViewTest.get_password(),
email='test@test.de',
is_staff=True,
is_superuser=True,
is_active=True,
)
def create_ldap_objects(self):
self.realm_1, _ = Realm.objects.get_or_create(name="test_realm_1",
ldap_base_dn="ou=test,ou=fachschaften,dc=test,dc=de")
LdapUser.set_root_dn(self.realm_1)
self.ldap_user_admin, _ = LdapUser.objects.get_or_create(username="test_admin", email="test@test.de",
password=RealmDetailViewTest.get_password(),
first_name="max",
last_name="musterstudent")
self.ldap_user, _ = LdapUser.objects.get_or_create(username="test", email="test@test.de",
password=RealmDetailViewTest.get_password(),
first_name="max",
last_name="musterstudent")
LdapGroup.set_root_dn(self.realm_1)
self.realm_1_ldap_group = LdapGroup.objects.create(name="test_realm_1_admin_group",
members=[self.ldap_user_admin.dn])
logging.disable(logging.DEBUG)
self.realm_1.admin_group = self.realm_1_ldap_group.get_django_group()
self.realm_1.save()
@classmethod
def get_password(cls):
return "12345678"
def setUp(self):
self.create_ldap_objects()
self.django_superuser = User.objects.get(username="test_superuser")
def tearDown(self):
self.clear_ldap_objects()
self.django_superuser.delete()
logging.disable(logging.NOTSET)
def clear_ldap_objects(self):
self.realm_1.delete()
self.ldap_user_admin.delete()
self.ldap_user.delete()
self.realm_1_ldap_group.delete()
def test_without_login(self):
response = self.client.get(reverse('realm-detail', args=[self.realm_1.id]))
self.assertEqual(response.status_code, 302)
def test_with_user_login(self):
self.client.login(username=self.ldap_user.username, password=RealmDetailViewTest.get_password())
response = self.client.get(reverse('realm-detail', args=[self.realm_1.id]))
self.assertContains(response, 'Leider hast du keine Rechte', status_code=403)
self.client.logout()
def test_with_admin_login(self):
self.client.login(username=self.ldap_user_admin.username, password=RealmDetailViewTest.get_password())
response = self.client.get(reverse('realm-detail', args=[self.realm_1.id]))
self.assertContains(response, 'Bereich ', status_code=200)
self.client.logout()
def test_with_superuser_login(self):
self.client.login(username=self.django_superuser.username, password=RealmDetailViewTest.get_password())
response = self.client.get(reverse('realm-detail', args=[self.realm_1.id]))
self.assertContains(response, 'Bereich', status_code=200)
self.client.logout()
class RealmUpdateViewTest(TestCase):
@classmethod
def setUpTestData(cls):
# User.objects.get_or_create(username="test", email="test@test.de")
User.objects.create_superuser(
username='test_superuser',
password=RealmUpdateViewTest.get_password(),
email='test@test.de',
is_staff=True,
is_superuser=True,
is_active=True,
)
def create_ldap_objects(self):
self.realm_1, _ = Realm.objects.get_or_create(name="test_realm_1",
ldap_base_dn="ou=test,ou=fachschaften,dc=test,dc=de",
email="test.realm@test.de")
self.realm_2, _ = Realm.objects.get_or_create(name="test_realm_2",
ldap_base_dn="ou=test2,ou=fachschaften,dc=test,dc=de")
LdapUser.set_root_dn(self.realm_1)
self.ldap_user_multiple_admin, _ = LdapUser.objects.get_or_create(username="test_multi_admin",
email="test@test.de",
password=RealmUpdateViewTest.get_password(),
first_name="max",
last_name="musterstudent")
self.ldap_user_admin, _ = LdapUser.objects.get_or_create(username="test_admin", email="test@test.de",
password=RealmUpdateViewTest.get_password(),
first_name="max",
last_name="musterstudent")
self.ldap_user, _ = LdapUser.objects.get_or_create(username="test", email="test@test.de",
password=RealmUpdateViewTest.get_password(),
first_name="max",
last_name="musterstudent")
LdapGroup.set_root_dn(self.realm_1)
self.realm_1_ldap_group = LdapGroup.objects.create(name="test_realm_1_admin_group",
members=[self.ldap_user_multiple_admin.dn,
self.ldap_user_admin.dn])
LdapGroup.set_root_dn(self.realm_1)
self.realm_2_ldap_group = LdapGroup.objects.create(name="test_realm_2_admin_group",
members=[self.ldap_user_multiple_admin.dn])
LdapGroup.set_root_dn(self.realm_1)
self.realm_3_ldap_group = LdapGroup.objects.create(name="test_realm_3_admin_group",
members=[self.ldap_user_admin.dn])
logging.disable(logging.DEBUG)
self.realm_1.admin_group = self.realm_1_ldap_group.get_django_group()
self.realm_1.save()
self.realm_2.admin_group = self.realm_2_ldap_group.get_django_group()
self.realm_2.save()
@classmethod
def get_password(cls):
return "12345678"
def setUp(self):
self.create_ldap_objects()
self.django_superuser = User.objects.get(username="test_superuser")
def tearDown(self):
self.clear_ldap_objects()
self.django_superuser.delete()
logging.disable(logging.NOTSET)
def clear_ldap_objects(self):
self.realm_1.delete()
self.realm_2.delete()
self.ldap_user_multiple_admin.delete()
self.ldap_user_admin.delete()
self.ldap_user.delete()
self.realm_1_ldap_group.delete()
self.realm_2_ldap_group.delete()
self.realm_3_ldap_group.delete()
def test_without_login(self):
response = self.client.get(reverse('realm-update', args=[self.realm_1.id]))
self.assertEqual(response.status_code, 302)
def test_with_user_login(self):
self.client.login(username=self.ldap_user.username, password=RealmUpdateViewTest.get_password())
response = self.client.get(reverse('realm-update', args=[self.realm_1.id]))
self.assertContains(response, 'Leider hast du keine Rechte', status_code=403)
self.client.logout()
def test_with_admin_login(self):
self.client.login(username=self.ldap_user_admin.username, password=RealmUpdateViewTest.get_password())
response = self.client.get(reverse('realm-update', args=[self.realm_1.id]))
self.assertContains(response, 'Leider hast du keine Rechte', status_code=403)
self.client.logout()
def test_with_superuser_login(self):
self.client.login(username=self.django_superuser.username, password=RealmUpdateViewTest.get_password())
response = self.client.get(reverse('realm-update', args=[self.realm_1.id]))
self.assertContains(response, '<label for="id_name">Bereichsname</label>', status_code=200)
self.client.logout()
def test_with_superuser_login_post_single_changes(self):
self.client.login(username=self.django_superuser.username, password=RealmUpdateViewTest.get_password())
new_name = "new test realm"
new_email = "newtest@test.de"
new_admin_group = self.realm_1_ldap_group
new_default_group = self.realm_3_ldap_group
response = self.client.post(reverse('realm-update', args=[self.realm_1.id]),
{'name': new_name, 'email': new_email,
'ldap_base_dn': self.realm_1.ldap_base_dn})
self.assertContains(response, 'Nutzeranzahl', status_code=200)
self.realm_1.refresh_from_db()
self.assertEqual(self.realm_1.name, new_name)
self.assertEqual(self.realm_1.email, new_email)
response = self.client.post(reverse('realm-update', args=[self.realm_1.id]),
{'name': new_name, 'email': new_email,
'ldap_base_dn': self.realm_1.ldap_base_dn, 'admin_group': new_admin_group.name})
self.assertContains(response, 'Nutzeranzahl', status_code=200)
self.realm_1.refresh_from_db()
django_group = Group.objects.get(name=new_admin_group.name)
self.assertEqual(self.realm_1.admin_group, django_group)
response = self.client.post(reverse('realm-update', args=[self.realm_1.id]),
{'name': new_name, 'email': new_email,
'ldap_base_dn': self.realm_1.ldap_base_dn,
'default_group': new_default_group.name})
self.assertContains(response, 'Nutzeranzahl', status_code=200)
self.realm_1.refresh_from_db()
django_group = Group.objects.get(name=new_default_group.name)
self.assertEqual(self.realm_1.default_group, django_group)
self.client.logout()
def test_with_superuser_login_post_with_missing_data(self):
self.client.login(username=self.django_superuser.username, password=RealmUpdateViewTest.get_password())
new_name = "new test realm"
response = self.client.post(reverse('realm-update', args=[self.realm_1.id]),
{'name': new_name,
'ldap_base_dn': self.realm_1.ldap_base_dn})
self.assertContains(response, '<label for="id_name">Bereichsname</label>', status_code=422)
response = self.client.post(reverse('realm-update', args=[self.realm_1.id]),
{'email': "test@test.de",
'ldap_base_dn': self.realm_1.ldap_base_dn})
self.assertContains(response, '<label for="id_name">Bereichsname</label>', status_code=422)
response = self.client.post(reverse('realm-update', args=[self.realm_1.id]),
{'name': new_name, 'email': "test@test.de"})
self.assertContains(response, '<label for="id_name">Bereichsname</label>', status_code=422)
response = self.client.post(reverse('realm-update', args=[self.realm_1.id]),
{'name': new_name, 'email': "abc",
'ldap_base_dn': self.realm_1.ldap_base_dn})
self.assertContains(response, '<label for="id_name">Bereichsname</label>', status_code=422)
self.client.logout()

2
src/account_manager/urls.py
View File

@ -80,6 +80,8 @@ urlpatterns = [
name='user-delete'), name='user-delete'),
path('accounts/reset/<uidb64>/<token>/', user_views.LdapPasswordResetConfirmView.as_view(), path('accounts/reset/<uidb64>/<token>/', user_views.LdapPasswordResetConfirmView.as_view(),
name='ldap_password_reset_confirm'), name='ldap_password_reset_confirm'),
path('accounts/password_change/secure/', user_views.password_change_controller,
name='password_change_controller'),
path('accounts/password_change/', user_views.LdapPasswordChangeView.as_view(), path('accounts/password_change/', user_views.LdapPasswordChangeView.as_view(),
name='password_change'), name='password_change'),

7
src/account_manager/utils/django_user.py Normal file
View File

@ -0,0 +1,7 @@
from django.contrib.auth.models import User
def update_dajngo_user(ldap_user):
user, _ = User.objects.get_or_create(username=ldap_user.username)
user.email = ldap_user.email
user.save()

62
src/account_manager/utils/main_views.py Normal file
View File

@ -0,0 +1,62 @@
from django.shortcuts import render
from account_helper.models import Realm
from account_manager.models import LdapUser, LdapGroup
from account_manager.utils.user_views import render_user_detail_view
def render_realm_detail_view(request, realm_id, success_headline=None, success_text=None, error_headline=None,
error_text=None, status_code=200):
realm = Realm.objects.get(id=realm_id)
LdapUser.base_dn = realm.ldap_base_dn
inactive_users = LdapUser.get_inactive_users().count()
ldap_admin_group, ldap_default_group = get_default_admin_group(realm)
return render(request, 'realm/realm_detailed.jinja2',
{'realm': realm,
'ldap_admin_group': ldap_admin_group,
'ldap_default_group': ldap_default_group,
'inactive_user_count': inactive_users,
'users_count': LdapUser.objects.all().count(),
'success_headline': success_headline,
'success_text': success_text,
'error_headline': error_headline,
'error_text': error_text}, status=status_code)
def get_default_admin_group(realm):
ldap_admin_group = None
ldap_default_group = None
if realm.admin_group:
LdapGroup.base_dn = f'ou=groups,{realm.ldap_base_dn}'
ldap_admin_group = LdapGroup.objects.get(name=realm.admin_group.name)
if realm.default_group:
LdapGroup.base_dn = f'ou=groups,{realm.ldap_base_dn}'
ldap_default_group = LdapGroup.objects.get(name=realm.default_group.name)
return ldap_admin_group, ldap_default_group
def render_permission_denied_view(request):
return render(request, 'permission_denied.jinja2', {}, status=403)
def get_group_user_count_wrapper(realm):
LdapUser.base_dn = f'ou=people,{realm.ldap_base_dn}'
LdapGroup.base_dn = f'ou=groups,{realm.ldap_base_dn}'
return {'realm': realm, 'group_count': LdapGroup.objects.count(), 'user_count': LdapUser.objects.count()}
def get_users_home_view(request, django_user, realms):
show_user = request.GET.get('show_user', False)
if show_user or (len(realms) == 0 and not django_user.is_superuser):
LdapUser.base_dn = LdapUser.ROOT_DN
ldap_user = LdapUser.objects.get(username=django_user.username)
realm = Realm.objects.get(ldap_base_dn=ldap_user.get_users_realm_base_dn())
return render_user_detail_view(request, realm, ldap_user)
elif len(realms) == 1:
return render_realm_detail_view(request, realms[0].id)
else:
realm_wrappers = []
for realm in realms:
realm_wrappers.append(get_group_user_count_wrapper(realm))
return render(request, 'realm/realm_home.jinja2', {'realms': realms, 'realm_wrappers': realm_wrappers})

10
src/account_manager/utils/user_views.py Normal file
View File

@ -0,0 +1,10 @@
from django.shortcuts import render
from account_manager.models import LdapUser, LdapGroup
def render_user_detail_view(request, realm, ldap_user):
user_wrapper = LdapUser.get_extended_user(ldap_user)
LdapGroup.base_dn = LdapGroup.ROOT_DN
groups = LdapGroup.objects.filter(members=ldap_user.dn)
return render(request, 'user/user_detail.jinja2', {'user': user_wrapper, 'groups': groups, 'realm': realm})

57
src/account_manager/views/user_views.py
View File

@ -1,5 +1,4 @@
import logging import logging
import os
from django.contrib.auth.decorators import login_required from django.contrib.auth.decorators import login_required
from django.contrib.auth.forms import PasswordResetForm from django.contrib.auth.forms import PasswordResetForm
@ -12,16 +11,22 @@ from django.http import HttpRequest
from django.shortcuts import render, redirect from django.shortcuts import render, redirect
from django.utils.translation import gettext as _ from django.utils.translation import gettext as _
from ldap import ALREADY_EXISTS, OBJECT_CLASS_VIOLATION from ldap import ALREADY_EXISTS, OBJECT_CLASS_VIOLATION
from django.urls import reverse
from urllib.parse import urlencode
from account_helper.models import Realm, DeletedUser from account_helper.models import Realm, DeletedUser
from account_manager.forms import AddLDAPUserForm, UserDeleteListForm, UpdateLDAPUserForm, AdminUpdateLDAPUserForm, \ from account_manager.forms import AddLDAPUserForm, UserDeleteListForm, UpdateLDAPUserForm, AdminUpdateLDAPUserForm, \
UserGroupListForm UserGroupListForm, LdapPasswordChangeForm
from account_manager.main_views import is_realm_admin from account_manager.main_views import is_realm_admin
from account_manager.models import LdapUser, LdapGroup from account_manager.models import LdapUser, LdapGroup
from account_manager.utils.django_user import update_dajngo_user
from account_manager.utils.mail_utils import send_welcome_mail, send_deletion_mail from account_manager.utils.mail_utils import send_welcome_mail, send_deletion_mail
from django.contrib.auth import logout
from django.conf import settings from django.conf import settings
from account_manager.utils.user_views import render_user_detail_view
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
@ -57,26 +62,28 @@ def realm_user(request, realm_id):
@is_realm_admin @is_realm_admin
@protect_cross_realm_user_access @protect_cross_realm_user_access
def realm_user_detail(request, realm_id, user_dn): def realm_user_detail(request, realm_id, user_dn):
return get_rendered_user_details(request, realm_id, user_dn)
def get_rendered_user_details(request, realm_id, user_dn, success_headline=None, success_text=None):
realm = Realm.objects.get(id=realm_id) realm = Realm.objects.get(id=realm_id)
LdapUser.base_dn = realm.ldap_base_dn LdapUser.base_dn = realm.ldap_base_dn
LdapGroup.base_dn = LdapGroup.ROOT_DN LdapGroup.base_dn = LdapGroup.ROOT_DN
user = LdapUser.objects.get(dn=user_dn) user = LdapUser.objects.get(dn=user_dn)
user_wrapper = LdapUser.get_extended_user(user) user_wrapper = LdapUser.get_extended_user(user)
groups = LdapGroup.objects.filter(members=user.dn) groups = LdapGroup.objects.filter(members=user.dn)
return render(request, 'user/realm_user_detail.jinja2', {'user': user_wrapper, 'groups': groups, 'realm': realm}) return render(request, 'user/realm_user_detail.jinja2',
{'user': user_wrapper, 'groups': groups, 'realm': realm, 'success_headline': success_headline,
'success_text': success_text})
@login_required @login_required
def user_detail(request, realm_id, user_dn): def user_detail(request, realm_id, user_dn):
realm = Realm.objects.get(id=realm_id) realm = Realm.objects.get(id=realm_id)
LdapUser.base_dn = realm.ldap_base_dn LdapUser.base_dn = realm.ldap_base_dn
LdapGroup.base_dn = LdapGroup.ROOT_DN ldap_user = LdapUser.objects.get(dn=user_dn)
user = LdapUser.objects.get(dn=user_dn) return render_user_detail_view(request, realm, ldap_user)
user_wrapper = LdapUser.get_extended_user(user)
groups = LdapGroup.objects.filter(members=user.dn)
return render(request, 'user/user_detail.jinja2', {'user': user_wrapper, 'groups': groups, 'realm': realm})
@login_required @login_required
@ -147,7 +154,7 @@ def realm_user_resend_password_reset(request, realm_id, user_dn):
ldap_user = LdapUser.objects.get(dn=user_dn) ldap_user = LdapUser.objects.get(dn=user_dn)
try: try:
if ldap_user.email: if ldap_user.email:
logger.info("Sending email for to this email:", ldap_user.email) logger.info(f"Sending email to {ldap_user.email}")
form = PasswordResetForm({'email': ldap_user.email}) form = PasswordResetForm({'email': ldap_user.email})
if form.is_valid(): if form.is_valid():
logger.info('CREATE REQUEST') logger.info('CREATE REQUEST')
@ -160,11 +167,11 @@ def realm_user_resend_password_reset(request, realm_id, user_dn):
form.save( form.save(
request=pw_reset_request, request=pw_reset_request,
use_https=True, use_https=True,
from_email=os.environ.get('DEFAULT_FROM_EMAIL', 'vergesslich@test.de'), from_email=settings.DEFAULT_FROM_EMAIL,
email_template_name='registration/password_reset_email.html') email_template_name='registration/password_reset_email.html')
except Exception as e: except Exception as e:
logger.info('Error') logger.error('Error')
return redirect('realm-user-detail', realm_id, user_dn) return redirect('realm-user-detail', realm_id, user_dn)
@ -175,13 +182,15 @@ def realm_user_resend_welcome_mail(request, realm_id, user_dn):
realm = Realm.objects.get(id=realm_id) realm = Realm.objects.get(id=realm_id)
LdapUser.base_dn = f'ou=people,{realm.ldap_base_dn}' LdapUser.base_dn = f'ou=people,{realm.ldap_base_dn}'
ldap_user = LdapUser.objects.get(dn=user_dn) ldap_user = LdapUser.objects.get(dn=user_dn)
update_dajngo_user(ldap_user)
current_site = get_current_site(request) current_site = get_current_site(request)
protocol = 'http' protocol = 'http'
if request.is_secure(): if request.is_secure():
protocol = 'https' protocol = 'https'
send_welcome_mail(domain=current_site.domain, email=ldap_user.email, protocol=protocol, realm=realm, send_welcome_mail(domain=current_site.domain, email=ldap_user.email, protocol=protocol, realm=realm,
user=User.objects.get(username=ldap_user.username)) user=User.objects.get(username=ldap_user.username))
return redirect('realm-user-detail', realm_id, user_dn) return get_rendered_user_details(request, realm_id, user_dn, success_headline="Willkommensmail",
success_text="Willkommensmail erfolgreich versendet.")
@login_required @login_required
@ -488,19 +497,37 @@ def ldap_add_user_to_groups(ldap_user, user_groups):
group.save() group.save()
@login_required
def password_change_controller(request):
logout(request)
base_url = reverse('login')
next_param = reverse('password_change')
query_string = urlencode({'next': next_param})
url = '{}?{}'.format(base_url, query_string)
return redirect(url)
class LdapPasswordResetConfirmView(PasswordResetConfirmView): class LdapPasswordResetConfirmView(PasswordResetConfirmView):
def form_valid(self, form): def form_valid(self, form):
user = form.save() user = form.save()
password = form.cleaned_data['new_password1'] password = form.cleaned_data['new_password1']
LdapUser.base_dn = LdapUser.ROOT_DN LdapUser.base_dn = LdapUser.ROOT_DN
LdapUser.password_reset(user, password) LdapUser.password_reset(user, password)
return super().form_valid(form) cached_redirect = super().form_valid(form)
user.set_unusable_password()
user.save()
return cached_redirect
class LdapPasswordChangeView(PasswordChangeView): class LdapPasswordChangeView(PasswordChangeView):
form_class = LdapPasswordChangeForm
def form_valid(self, form): def form_valid(self, form):
user = form.save() user = form.save()
password = form.cleaned_data['new_password1'] password = form.cleaned_data['new_password1']
LdapUser.base_dn = LdapUser.ROOT_DN LdapUser.base_dn = LdapUser.ROOT_DN
LdapUser.password_reset(user, password) LdapUser.password_reset(user, password)
return super().form_valid(form) cached_request = super().form_valid(form)
user.set_unusable_password()
user.save()
return cached_request

2
src/core/docker_settings.py
View File

@ -180,6 +180,8 @@ else:
EMAIL_TIMEOUT = 15 EMAIL_TIMEOUT = 15
EMAIL_HOST = os.environ['EMAIL_HOST'] EMAIL_HOST = os.environ['EMAIL_HOST']
EMAIL_PORT = int(os.environ['EMAIL_PORT']) EMAIL_PORT = int(os.environ['EMAIL_PORT'])
EMAIL_HOST_USER = os.environ.get('EMAIL_HOST_USER','')
EMAIL_HOST_PASSWORD = os.environ.get('EMAIL_HOST_PASSWORD','')
EMAIL_USE_TLS = os.environ.get('EMAIL_USE_TLS', 'False') == 'True' EMAIL_USE_TLS = os.environ.get('EMAIL_USE_TLS', 'False') == 'True'
EMAIL_USE_SSL = os.environ.get('EMAIL_USE_SSL', 'False') == 'True' EMAIL_USE_SSL = os.environ.get('EMAIL_USE_SSL', 'False') == 'True'

2
src/core/urls.py
View File

@ -18,6 +18,7 @@ from django.urls import path, include
from django.contrib.auth import views as auth_views from django.contrib.auth import views as auth_views
from django.contrib.auth.decorators import user_passes_test from django.contrib.auth.decorators import user_passes_test
from account_manager.forms import LdapPasswordResetForm from account_manager.forms import LdapPasswordResetForm
from account_manager.views.user_views import LdapPasswordChangeView
from .views import about from .views import about
login_forbidden = user_passes_test(lambda u: u.is_anonymous(), '/') login_forbidden = user_passes_test(lambda u: u.is_anonymous(), '/')
@ -31,5 +32,6 @@ urlpatterns = [
auth_views.PasswordResetView.as_view(html_email_template_name='registration/password_reset_email.html', auth_views.PasswordResetView.as_view(html_email_template_name='registration/password_reset_email.html',
form_class=LdapPasswordResetForm), form_class=LdapPasswordResetForm),
name='password_reset'), name='password_reset'),
path('accounts/', include('django.contrib.auth.urls')), path('accounts/', include('django.contrib.auth.urls')),
] ]

15
src/static/css/floating_labels.css
View File

@ -215,6 +215,21 @@
color: #6c757d; color: #6c757d;
} }
/* ------------------------------------------------------------------------------------------------------------------ */
/* -- Toast -- */
/* ------------------------------------------------------------------------------------------------------------------ */
.toast {
position: absolute;
top: 5px;
right: -250px;
width: 250px;
min-height: 50px;
z-index: 1000;
transform: translateX(-280px);
transition: transform 2s;
}
/* ------------------------------------------------------------------------------------------------------------------ */ /* ------------------------------------------------------------------------------------------------------------------ */
/* -- Footer -- */ /* -- Footer -- */
/* ------------------------------------------------------------------------------------------------------------------ */ /* ------------------------------------------------------------------------------------------------------------------ */

4
src/static/js/main.js
View File

@ -3,6 +3,10 @@ const TABLE_CLASS = '.data-table';
const TABLE_CLASS_NO_PAGING = '.data-table-npaging'; const TABLE_CLASS_NO_PAGING = '.data-table-npaging';
$(document).ready(function () { $(document).ready(function () {
// Bottstrap Toast
$('.toast').toast('show');
//Datatables
const data_table = $(TABLE_CLASS).DataTable({ const data_table = $(TABLE_CLASS).DataTable({
"paging": true, "paging": true,
"pageLength": 10, "pageLength": 10,

1
src/templates/base.jinja2
View File

@ -65,6 +65,7 @@
<script src="{{ static('libs/DataTables/DataTables-1.10.18/js/jquery.dataTables.js') }}"></script> <script src="{{ static('libs/DataTables/DataTables-1.10.18/js/jquery.dataTables.js') }}"></script>
<script src="{{ static('libs/DataTables/RowReorder-1.2.4/js/dataTables.rowReorder.min.js') }}"></script> <script src="{{ static('libs/DataTables/RowReorder-1.2.4/js/dataTables.rowReorder.min.js') }}"></script>
<script src="{{ static('libs/DataTables/Responsive-2.2.2/js/dataTables.responsive.min.js') }}"></script> <script src="{{ static('libs/DataTables/Responsive-2.2.2/js/dataTables.responsive.min.js') }}"></script>
<script src="{{ static('libs/bootstrap-4.3.1-dist/js/bootstrap.min.js') }}"></script>
<script src="{{ static('js/main.js') }}"></script> <script src="{{ static('js/main.js') }}"></script>
</body> </body>

23
src/templates/macros/utils_macros.jinja2
View File

@ -131,6 +131,29 @@
{% endif %} {% endif %}
{% endmacro %} {% endmacro %}
{% macro get_success_toast(success_head, success_text, error_headline, error_text) -%}
{% if success_text and success_head %}
<div class="toast" role="alert" aria-live="polite" aria-atomic="true" data-delay="5000">
<div role="alert" aria-live="assertive" aria-atomic="true">
<div role="alert" aria-live="assertive" aria-atomic="true" class="" data-autohide="false">
<div class="toast-header text-success"><strong class="mr-auto">{{ success_head }}</strong></div>
<div class="toast-body">{{ success_text }}</div>
</div>
</div>
</div>
{% endif %}
{% if error_text and error_headline %}
<div class="toast" role="alert" aria-live="polite" aria-atomic="true" data-delay="5000">
<div role="alert" aria-live="assertive" aria-atomic="true">
<div role="alert" aria-live="assertive" aria-atomic="true" class="" data-autohide="false">
<div class="toast-header text-error"><strong class="mr-auto">{{ error_headline }}</strong></div>
<div class="toast-body">{{ error_text }}</div>
</div>
</div>
</div>
{% endif %}
{% endmacro %}
{% macro get_data_table_search_field(input_id="data-table-search-input") -%} {% macro get_data_table_search_field(input_id="data-table-search-input") -%}
<div class="form-group w-25 float-right"> <div class="form-group w-25 float-right">
<input type="text" <input type="text"

3
src/templates/realm/realm_detailed.jinja2
View File

@ -1,4 +1,6 @@
{% extends 'base_admin.jinja2' %} {% extends 'base_admin.jinja2' %}
{% import 'macros/utils_macros.jinja2' as mutils %}
{% block admin_content %} {% block admin_content %}
<div class="row "> <div class="row ">
<div class="col-12 p-3"> <div class="col-12 p-3">
@ -19,6 +21,7 @@
<p style="color: darkred">{{ error }}</p> <p style="color: darkred">{{ error }}</p>
{% endif %} {% endif %}
{% block detail_content %} {% block detail_content %}
{{ mutils.get_success_toast(success_headline, success_text, error_headline, error_text) }}
<ul class="list-group list-group-flush w-100"> <ul class="list-group list-group-flush w-100">
<li class="list-group-item">LDAP Organisationseinheit: {{ realm.ldap_base_dn }}</li> <li class="list-group-item">LDAP Organisationseinheit: {{ realm.ldap_base_dn }}</li>
<li class="list-group-item">Nutzeranzahl (Aktive/Inaktive): {{ users_count }} <li class="list-group-item">Nutzeranzahl (Aktive/Inaktive): {{ users_count }}

17
src/templates/registration/password_change_form.html
View File

@ -1,13 +1,24 @@
{% extends 'base.jinja2' %} {% extends 'base.jinja2' %}
{% import 'macros/form_macros.jinja2' as mform %} {% import 'macros/form_macros.jinja2' as mform %}
{% block content %} {% block content %}
<div class="col-12 "> <div class="col-12 ">
<div class="row justify-content-center justify-content-sm-center"> <div class="row justify-content-center justify-content-sm-center">
<div class="col-12 col-sm-8 col-md-7 col-lg-5 col-xl-4 bg-white text-dark p-3 mt-5 border"> <div class="col-12 col-sm-8 col-md-7 col-lg-5 col-xl-4 bg-white text-dark p-3 mt-5 border">
<h1 class="mb-4">Passwort ändern</h1> <h1 class="mb-4">Passwort ändern</h1>
<form method="post" class="floating-label-form"> <form method="post" class="floating-label-form">
<input type="hidden" name="csrfmiddlewaretoken" value="{{ csrf_token }}"> <input type="hidden" name="csrfmiddlewaretoken" value="{{ csrf_token }}">
{{ mform.password_input(form.old_password) }} <!-- {{form.errors}}-->
<input type="password"
class="form-control"
placeholder="Old password"
aria-describedby="id_old_password_help"
name="old_password"
id="id_old_password"
maxlength="None"
value="ralf"
hidden>
<!-- {{ mform.password_input(form.old_password) }}-->
{{ mform.password_input(form.new_password1) }} {{ mform.password_input(form.new_password1) }}
{{ mform.password_input(form.new_password2) }} {{ mform.password_input(form.new_password2) }}
<div class="d-flex mt-4"> <div class="d-flex mt-4">
@ -18,5 +29,5 @@
</form> </form>
</div> </div>
</div> </div>
</div> </div>
{% endblock %} {% endblock %}

10
src/templates/user/realm_user_detail.jinja2
View File

@ -1,7 +1,9 @@
{% extends 'realm/realm_detailed.jinja2' %} {% extends 'realm/realm_detailed.jinja2' %}
{% import 'macros/form_macros.jinja2' as mform %} {% import 'macros/form_macros.jinja2' as mform %}
{% import 'macros/utils_macros.jinja2' as mutils %}
{% block detail_content %} {% block detail_content %}
{{ mutils.get_success_toast(success_headline, success_text) }}
{% if user.user %} {% if user.user %}
{% if user.deleted_user.deletion_date %} {% if user.deleted_user.deletion_date %}
<h3 class="text-danger">{{ user.user.username }} <h3 class="text-danger">{{ user.user.username }}
@ -26,14 +28,22 @@
<span class="text-warning"> Noch nicht generiert </span> <span class="text-warning"> Noch nicht generiert </span>
{% endif %} {% endif %}
</li> </li>
{% if user.user.phone %}
<li class="list-group-item">Vorname: {{ user.user.first_name }}</li> <li class="list-group-item">Vorname: {{ user.user.first_name }}</li>
{% endif %}
{% if user.user.phone %}
<li class="list-group-item">Nachname: {{ user.user.last_name }}</li> <li class="list-group-item">Nachname: {{ user.user.last_name }}</li>
{% endif %}
<li class="list-group-item">Email: {{ user.user.email }}</li> <li class="list-group-item">Email: {{ user.user.email }}</li>
<li class="list-group-item">Passwort: <a <li class="list-group-item">Passwort: <a
href="{{ url('realm-user-password-reset', args = [realm.id, user.user.dn]) }}" class="float-right">Nutzerpasswort href="{{ url('realm-user-password-reset', args = [realm.id, user.user.dn]) }}" class="float-right">Nutzerpasswort
zurücksetzen</a></li> zurücksetzen</a></li>
{% if user.user.phone %}
<li class="list-group-item">Telefon: {{ user.user.phone }}</li> <li class="list-group-item">Telefon: {{ user.user.phone }}</li>
{% endif %}
{% if user.user.mobile_phone %}
<li class="list-group-item">Mobiltelefon: {{ user.user.mobile_phone }}</li> <li class="list-group-item">Mobiltelefon: {{ user.user.mobile_phone }}</li>
{% endif %}
<li class="list-group-item">Gruppen: <li class="list-group-item">Gruppen:
{% if groups %} {% if groups %}
{% for group in groups %} {% for group in groups %}

2
src/templates/user/user_detail.jinja2
View File

@ -32,7 +32,7 @@
class="font-weight-bold">Email:</span> {{ user.user.email }}</li> class="font-weight-bold">Email:</span> {{ user.user.email }}</li>
<li class="list-group-item"><span <li class="list-group-item"><span
class="font-weight-bold">Passwort:</span> <a class="font-weight-bold">Passwort:</span> <a
href="{{ url('password_change') }}">Passwort ändern</a> href="{{ url('password_change_controller') }}">Passwort ändern</a>
</li> </li>
<li class="list-group-item"><span <li class="list-group-item"><span
class="font-weight-bold">Telefon:</span> {{ user.user.phone }}</li> class="font-weight-bold">Telefon:</span> {{ user.user.phone }}</li>