mgoetz/ldap_account_manager
Archived
2
2
Fork 0
Code Issues 9 Pull Requests Releases 2 Wiki Activity

Compare commits

base: mgoetz:master
Branches Tags
mgoetz:master
mgoetz:dev_translation
mgoetz:feature_deletion_system
mgoetz:translation
mgoetz:v1.1.0
mgoetz:v1.0.0
..
compare: mgoetz:v1.1.0
Branches Tags
mgoetz:master
mgoetz:dev_translation
mgoetz:feature_deletion_system
mgoetz:translation
mgoetz:v1.1.0
mgoetz:v1.0.0

No commits in common. "master" and "v1.1.0" have entirely different histories.
master ... v1.1.0

34 changed files with 226 additions and 1034 deletions
Show Stats Expand all files Collapse all files

1
.gitignore vendored
View File

@ -118,6 +118,5 @@ dmypy.json
migrations/
logs/
db/
data/
!docker/ldap/data/var/
*.mdb

12
docker/lama/dev.env
View File

@ -28,15 +28,3 @@ LDAP_GROUP_NAME_ATTR=cn
EMAIL_BACKEND=file
DEFAULT_FROM_EMAIL=
SERVER_EMAIL=
DELETION_WAIT_DAYS=14
#EMAIL_BACKEND=smtp
#EMAIL_HOST=smtp.uni-bamberg.de
#EMAIL_PORT=587
#EMAIL_USE_TLS=False
#EMAIL_USE_SSL=False
#DEFAULT_FROM_EMAIL=vergesslich@uni-bamberg.de
##DEFAULT_FROM_EMAIL=fachschaft-wiai.stuve@uni-bamberg.de
#SERVER_EMAIL=fachschaft-wiai.stuve@uni-bamberg.de

32
example.env
View File

@ -1,32 +0,0 @@
DJANGO_SETTINGS_MODULE=core.docker_settings
DOMAIN=localhost
SITE_NAME=LAMa
SECRET_KEY=supersecret
ALLOWED_HOSTS=localhost
DATABASE_HOST=dblama
DATABASE_PORT=5432
POSTGRES_USER=lama
POSTGRES_PASSWORD=secret
DEBUG=True
LDAP_SERVER_URI=ldap://ldap:389
LDAP_ADMIN_USER_NAME=cn=admin,dc=test,dc=de
LDAP_ADMIN_USER_PASSWORD=secret
LDAP_USER_ENTRY=dc=test,dc=de
LDAP_USER_SELECTOR=(uid=%(user)s)
LDAP_GROUP_ENTRY=dc=test,dc=de
LDAP_GROUP_SELECTOR=(objectClass=groupOfNames)
LDAP_GROUP_NAME_ATTR=cn
EMAIL_BACKEND=file
DEFAULT_FROM_EMAIL=
SERVER_EMAIL=
DELETION_WAIT_DAYS=14

4
src/account_helper/admin.py
View File

@ -1,6 +1,6 @@
from django.contrib import admin
from .models import Realm, DeletedUser
from .models import Realm
# Register your models here.
admin.site.register(Realm)
admin.site.register(DeletedUser)
# admin.site.register(DeletedUser)

0
src/account_helper/management/__init__.py
View File

0
src/account_helper/management/commands/__init__.py
View File

64
src/account_helper/management/commands/deletable.py
View File

@ -1,64 +0,0 @@
import json
from django.core.exceptions import ObjectDoesNotExist
from django.core.management.base import BaseCommand
from django.utils import timezone
from account_helper.models import DeletedUser
from account_manager.models import LdapGroup, LdapUser
class Command(BaseCommand):
help = 'Get and delete the deleted marked users'
def add_arguments(self, parser):
parser.add_argument(
'--delete',
action='store_true',
help='Delete users which deletion time is lower than the current date',
)
parser.add_argument(
'--json',
action='store_true',
help='Return an json encoded String',
)
parser.add_argument(
'--all',
action='store_true',
help='Delete all marked user, --delete is required',
)
def handle(self, *args, **options):
if options['all']:
deletables = DeletedUser.objects.all()
else:
deletables = DeletedUser.objects.filter(deletion_date__lte=timezone.now())
output = ""
if options['json']:
json_output = {'deletables': []}
for deletable in deletables:
json_output['deletables'].append({'ldap_dn': deletable.ldap_dn, 'username': deletable.user.username})
output = json.dumps(json_output)
else:
for user in deletables:
output += f'{user}\n'
if options['delete']:
LdapUser.base_dn = LdapUser.ROOT_DN
for user in deletables:
ldap_user = LdapUser.objects.get(dn=user.ldap_dn)
LdapGroup.remove_user_from_groups(ldap_user.dn)
ldap_user.delete()
try:
user.user.delete()
user.delete()
except ObjectDoesNotExist:
pass
if not options['json']:
output += '\nSuccessfully deleted all listed users'
if output:
self.stdout.write(self.style.SUCCESS(output))
else:
for deletable in deletables:
self.stdout.write(self.style.SUCCESS(deletable))

20
src/account_helper/models.py
View File

@ -1,7 +1,5 @@
from django.contrib.auth.models import Group, User
from django.db import models
from django.utils import timezone
from django.conf import settings
# Create your models here.
@ -16,15 +14,9 @@ class Realm(models.Model):
return f'{self.name} - {self.ldap_base_dn}'
def get_deletion_time():
return timezone.now() + timezone.timedelta(settings.DELETION_WAIT_DAYS)
class DeletedUser(models.Model):
deletion_marker_date = models.DateField(auto_now_add=True)
user = models.ForeignKey(User, on_delete=models.CASCADE)
ldap_dn = models.CharField(max_length=512, unique=True)
deletion_date = models.DateField(default=get_deletion_time)
def __str__(self):
return f'{self.user.username} - {self.deletion_marker_date} - {self.deletion_date} - {self.ldap_dn}'
# class DeletedUser(models.Model):
# deletion_date = models.DateField(auto_now=True)
# user = models.ForeignKey(User, on_delete=models.CASCADE)
#
# def __str__(self):
# return f'{self.user.username} - {self.deletion_date}'

15
src/account_manager/forms.py
View File

@ -1,8 +1,7 @@
from django import forms
from django.contrib.auth import get_user_model
from django.contrib.auth.forms import PasswordResetForm, PasswordChangeForm
from django.contrib.auth.forms import PasswordResetForm
from account_manager.utils.django_user import update_dajngo_user
from .models import LdapUser, LdapGroup
from django.forms import modelformset_factory
import logging
@ -84,10 +83,6 @@ class LdapPasswordResetForm(PasswordResetForm):
that prevent inactive users and users with unusable passwords from
resetting their password.
"""
LdapUser.base_dn = LdapUser.ROOT_DN
ldap_users = LdapUser.objects.filter(email=email)
for ldap_user in ldap_users:
update_dajngo_user(ldap_user)
logger.debug('Pasword reset get users')
active_users = UserModel._default_manager.filter(**{
'%s__iexact' % UserModel.get_email_field_name(): email,
@ -95,11 +90,3 @@ class LdapPasswordResetForm(PasswordResetForm):
})
logger.debug((u for u in active_users))
return (u for u in active_users)
class LdapPasswordChangeForm(PasswordChangeForm):
def clean_old_password(self):
"""
Validates that the old_password field is correct.
"""
return "ralf"

162
src/account_manager/main_views.py
View File

@ -1,19 +1,20 @@
import logging
import re
from smtplib import SMTPAuthenticationError, SMTPConnectError, SMTPException
from socket import timeout
from django.contrib.auth.decorators import login_required
from django.contrib.auth.models import Group, User
from django.core.exceptions import ObjectDoesNotExist
from django.db import IntegrityError
from django.shortcuts import render, redirect
from ldap import LDAPError
from django.shortcuts import render, redirect, HttpResponse
from datetime import datetime, timedelta
from account_helper.models import Realm
from account_manager.utils.mail_utils import realm_send_mail
from account_manager.utils.main_views import render_permission_denied_view, render_realm_detail_view, \
get_users_home_view
from .forms import RealmAddForm, RealmUpdateForm
from .models import LdapGroup, LdapUser
from ldap import LDAPError
logger = logging.getLogger(__name__)
@ -26,20 +27,44 @@ def is_realm_admin(view_func):
admin_group__user__username__contains=request.user.username)) > 0):
return view_func(request, *args, **kwargs)
else:
return render_permission_denied_view(request)
return redirect('permission-denied')
return decorator
@login_required
def realm_list(request):
django_user = request.user
if django_user.is_superuser:
user = request.user
if user.is_superuser:
realms = Realm.objects.order_by('name').all()
else:
realms = Realm.objects.filter(admin_group__user__username__contains=django_user.username).order_by('name')
realms = Realm.objects.filter(admin_group__user__username__contains=user.username).order_by('name').order_by(
'name')
show_user = request.GET.get('show_user', False)
if show_user or (len(realms) == 0 and not user.is_superuser):
try:
LdapUser.base_dn = LdapUser.ROOT_DN
user = LdapUser.objects.get(username=user.username)
realm_base_dn = re.compile('(uid=[a-zA-Z0-9_]*),(ou=[a-zA-Z_]*),(.*)').match(user.dn).group(3)
realm = Realm.objects.get(ldap_base_dn=realm_base_dn)
return get_users_home_view(request, django_user, realms)
return redirect('user-detail', realm.id, user.dn)
except ObjectDoesNotExist as err:
logger.info('Anmeldung fehlgeschlagen', err)
return HttpResponse("Invalid login. Please try again.")
elif len(realms) == 1:
return redirect('realm-detail', realms[0].id)
else:
realm_wrappers = []
for realm in realms:
realm_wrappers.append(_get_group_user_count_wrapper(realm))
return render(request, 'realm/realm_home.jinja2', {'realms': realms, 'realm_wrappers': realm_wrappers})
def _get_group_user_count_wrapper(realm):
LdapUser.base_dn = f'ou=people,{realm.ldap_base_dn}'
LdapGroup.base_dn = f'ou=groups,{realm.ldap_base_dn}'
return {'realm': realm, 'group_count': LdapGroup.objects.count(), 'user_count': LdapUser.objects.count()}
@login_required
@ -54,21 +79,21 @@ def realm_add(request):
try:
base_dn_available(ldap_base_dn)
realm = Realm.objects.create(name=name, ldap_base_dn=ldap_base_dn)
realm.save()
return render_realm_detail_view(request, realm.id, status_code=201)
realm_obj = Realm.objects.create(name=name, ldap_base_dn=ldap_base_dn)
realm_obj.save()
return redirect('realm-detail', realm_obj.id)
except IntegrityError as err:
# TODO: Load no extra fail view, use current add view
return render(request, 'realm/realm_add_failed.jinja2',
{'realm_name': name, 'error': err}, status=409)
{'realm_name': name, 'error': err})
except LDAPError as err:
logger.debug("Ldap Error", err)
return render(request, 'realm/realm_add_failed.jinja2',
{'realm_name': name}, status=409)
{'realm_name': name})
else:
form = RealmAddForm()
return render(request, 'realm/realm_add.jinja2', {'realms': realms, 'form': form})
return render_permission_denied_view(request)
else:
redirect('permission-denied')
def base_dn_available(base_dn):
@ -80,7 +105,28 @@ def base_dn_available(base_dn):
@login_required
@is_realm_admin
def realm_detail(request, realm_id):
return render_realm_detail_view(request, realm_id)
realm = Realm.objects.get(id=realm_id)
LdapUser.base_dn = realm.ldap_base_dn
inactive_users = LdapUser.get_inactive_users().count()
logger.info(inactive_users)
ldap_admin_group, ldap_default_group = get_default_admin_group(realm)
return render(request, 'realm/realm_detailed.jinja2',
{'realm': realm, 'ldap_admin_group': ldap_admin_group, 'ldap_default_group': ldap_default_group,
'inactive_user_count': inactive_users, 'users_count': LdapUser.objects.all().count()})
def get_default_admin_group(realm):
ldap_admin_group = None
ldap_default_group = None
if realm.admin_group:
LdapGroup.base_dn = f'ou=groups,{realm.ldap_base_dn}'
ldap_admin_group = LdapGroup.objects.get(name=realm.admin_group.name)
if realm.default_group:
LdapGroup.base_dn = f'ou=groups,{realm.ldap_base_dn}'
ldap_default_group = LdapGroup.objects.get(name=realm.default_group.name)
return ldap_admin_group, ldap_default_group
@login_required
@ -88,12 +134,14 @@ def realm_detail(request, realm_id):
def realm_update(request, realm_id):
if request.user.is_superuser:
realm = Realm.objects.get(id=realm_id)
LdapGroup.base_dn = f'ou=groups,{realm.ldap_base_dn}'
ldap_admin_group = None if not realm.admin_group else LdapGroup.objects.get(name=realm.admin_group.name)
ldap_default_group = None if not realm.default_group else LdapGroup.objects.get(name=realm.default_group.name)
form_data = {'id': realm.id,
ldap_admin_group = None
if realm.admin_group:
ldap_admin_group = LdapGroup.objects.get(name=realm.admin_group.name)
ldap_default_group = None
if realm.default_group:
ldap_default_group = LdapGroup.objects.get(name=realm.default_group.name)
data = {'id': realm.id,
'ldap_base_dn': realm.ldap_base_dn,
'name': realm.name,
'email': realm.email,
@ -106,16 +154,23 @@ def realm_update(request, realm_id):
realm.ldap_base_dn = form.cleaned_data['ldap_base_dn']
realm.email = form.cleaned_data['email']
admin_ldap_group = form.cleaned_data['admin_group']
realm.admin_group = None if not admin_ldap_group else admin_ldap_group.get_django_group()
default_ldap_group = form.cleaned_data['default_group']
realm.default_group = None if not default_ldap_group else default_ldap_group.get_django_group()
realm.save()
return render_realm_detail_view(request, realm_id, status_code=200)
return render(request, 'realm/realm_update.jinja2', {'realm': realm, 'form': form}, status=422)
if admin_ldap_group:
realm.admin_group, _ = Group.objects.get_or_create(name=admin_ldap_group.name)
else:
form = RealmUpdateForm(initial=form_data)
realm.admin_group = None
default_ldap_group = form.cleaned_data['default_group']
if default_ldap_group:
realm.default_group, _ = Group.objects.get_or_create(name=default_ldap_group.name)
else:
realm.default_group = None
realm.save()
return redirect('realm-detail', realm.id)
else:
form = RealmUpdateForm(initial=data)
return render(request, 'realm/realm_update.jinja2', {'realm': realm, 'form': form})
return render_permission_denied_view(request)
else:
realm = Realm.objects.get(id=realm_id)
return render(request, 'realm/realm_update.jinja2', {'realm': realm})
@login_required
@ -154,27 +209,38 @@ def realm_delete(request, realm_id):
def permission_denied(request):
return render_permission_denied_view(request)
return render(request, 'permission_denied.jinja2', {})
def realm_email_test(request, realm_id):
realm = Realm.objects.get(id=realm_id)
test_msg = f'Du hast die Mail Konfiguration für {realm.name} erfolgreich abgeschlossen.'
success_msg = 'Test erfolgreich'
error_msg_auth = f'Mail konnte nicht versendet werden, Anmeldedaten inkorrekt.'
error_msg_connect = f'Mail konnte nicht versendet werden. Verbindungsaufbau abgelehnt. ' \
f'Bitte überprüfen sie die Server Addresse und den Port'
error_msg_timeout = f'Mail konnte nicht versendet werden. Zeitüberschreitung beim Verbindungsaufbau. ' \
f'Bitte überprüfen sie die Server Addresse und den Port'
error_msg_smtp = f'Mail konnte nicht versendet werden. Bitte kontaktieren sie den Administrator'
ldap_admin_group, ldap_default_group = get_default_admin_group(realm)
try:
realm_send_mail(realm, realm.email, f'{realm.name} Test Mail', test_msg)
except SMTPAuthenticationError:
return render_realm_detail_view(request, realm_id, error_headline="Testmail", error_text=error_msg_auth)
except SMTPConnectError:
return render_realm_detail_view(request, realm_id, error_headline="Testmail", error_text=error_msg_connect)
except timeout:
return render_realm_detail_view(request, realm_id, error_headline="Testmail", error_text=error_msg_timeout)
realm_send_mail(realm, realm.email, f'{realm.name} Test Mail',
f'Du hast die Mail Konfiguration für {realm.name} erfolgreich abgeschlossen.')
except SMTPAuthenticationError as err:
return render(request, 'realm/realm_detailed.jinja2',
{'realm': realm, 'error': f'Mail konnte nicht versendet werden, Anmeldedaten inkorrekt.',
'ldap_admin_group': ldap_admin_group,
'ldap_default_group': ldap_default_group})
except SMTPConnectError as err:
return render(request, 'realm/realm_detailed.jinja2',
{'realm': realm,
'error': f'Mail konnte nicht versendet werden. Verbindungsaufbau abgelehnt. Bitte überprüfen sie die Server Addresse und den Port',
'ldap_admin_group': ldap_admin_group,
'ldap_default_group': ldap_default_group})
except timeout as err:
return render(request, 'realm/realm_detailed.jinja2',
{'realm': realm,
'error': f'Mail konnte nicht versendet werden. Zeitüberschreitung beim Verbindungsaufbau. Bitte überprüfen sie die Server Addresse und den Port',
'ldap_admin_group': ldap_admin_group,
'ldap_default_group': ldap_default_group})
except SMTPException:
return render_realm_detail_view(request, realm_id, error_headline="Testmail", error_text=error_msg_smtp)
return render_realm_detail_view(request, realm_id, success_headline="Testmail", success_text=success_msg)
return render(request, 'realm/realm_detailed.jinja2',
{'realm': realm,
'error': f'Mail konnte nicht versendet werden. Bitte kontaktieren sie den Administrator',
'ldap_admin_group': ldap_admin_group,
'ldap_default_group': ldap_default_group})
return render(request, 'realm/realm_detailed.jinja2',
{'realm': realm, 'notice': 'Test erfolgreich', 'ldap_admin_group': ldap_admin_group,
'ldap_default_group': ldap_default_group})

51
src/account_manager/models.py
View File

@ -4,22 +4,17 @@ import os
import re
from datetime import datetime, timedelta
from django.contrib.auth.models import User, Group
from django.contrib.auth.models import User
from django.core.exceptions import ObjectDoesNotExist
from django.db import OperationalError
from django.db.models import Q
from ldap import NO_SUCH_OBJECT, ALREADY_EXISTS
from ldapdb.models import fields as ldap_fields
from ldapdb.models.base import Model
from account_helper.models import DeletedUser
from account_manager.utils.dbldap import get_filterstr
from account_manager.utils.mail_utils import send_welcome_mail
logger = logging.getLogger(__name__)
import ldap
class LdapUser(Model):
"""
@ -62,29 +57,12 @@ class LdapUser(Model):
else:
raise ALREADY_EXISTS('User already exists')
@staticmethod
def get_extended_user(ldap_user):
wrapper = {'user': ldap_user}
try:
wrapper['deleted_user'] = DeletedUser.objects.get(ldap_dn=ldap_user.dn)
except ObjectDoesNotExist:
wrapper['deleted_user'] = {}
try:
django_user = User.objects.get(username=ldap_user.username)
if django_user.last_login:
wrapper['active'] = True
else:
wrapper['active'] = False
except ObjectDoesNotExist:
wrapper['active'] = False
return wrapper
@staticmethod
def password_reset(user, raw_password):
LdapUser.base_dn = LdapUser.ROOT_DN
ldap_user = LdapUser.objects.get(username=user.username)
ldap_user.password = raw_password
LdapUser.base_dn = re.compile('(uid=[a-zA-Z0-9_-]*),(.*)').match(ldap_user.dn).group(2)
LdapUser.base_dn = re.compile('(uid=[a-zA-Z0-9_]*),(.*)').match(ldap_user.dn).group(2)
ldap_user.save()
@staticmethod
@ -132,13 +110,6 @@ class LdapUser(Model):
return (LdapUser.objects.filter(last_login__lte=last_semester) | LdapUser.objects.exclude(
last_login__lte=datetime.now() + timedelta(days=1)))
def get_users_realm_base_dn(self):
return re.compile('(uid=[a-zA-Z0-9_-]*),(ou=[a-zA-Z_-]*),(.*)').match(self.dn).group(3)
@staticmethod
def set_root_dn(realm):
LdapUser.base_dn = f'ou=people,{realm.ldap_base_dn}'
class LdapGroup(Model):
"""
@ -159,24 +130,6 @@ class LdapGroup(Model):
LdapGroup.base_dn = group_base_dn
return LdapGroup.objects.filter(members=user.dn)
@staticmethod
def remove_user_from_groups(ldap_user_dn, user_groups=None):
if not user_groups:
LdapGroup.base_dn = LdapGroup.ROOT_DN
user_groups = LdapGroup.objects.filter(members__contains=ldap_user_dn)
for group in user_groups:
LdapGroup.base_dn = re.compile('cn=([a-zA-Z0-9_-]*),(ou=[a-zA-Z_]*.*)').match(group.dn).group(2)
group.members.remove(ldap_user_dn)
group.save()
def get_django_group(self):
django_group, _ = Group.objects.get_or_create(name=self.name)
return django_group
@staticmethod
def set_root_dn(realm):
LdapGroup.base_dn = f'ou=groups,{realm.ldap_base_dn}'
def __str__(self):
return self.name

0
src/account_manager/tests/test_models.py → src/account_manager/tests.py
View File

0
src/account_manager/tests/__init__.py
View File

0
src/account_manager/tests/test_forms.py
View File

430
src/account_manager/tests/test_views.py
View File

@ -1,430 +0,0 @@
import logging
from django.contrib.auth.models import User, Group
from django.test import TestCase
# Create your tests here.
from django.urls import reverse
from account_helper.models import Realm
from account_manager.models import LdapUser, LdapGroup
class RealmHomeViewTest(TestCase):
@classmethod
def setUpTestData(cls):
# User.objects.get_or_create(username="test", email="test@test.de")
User.objects.create_superuser(
username='test_superuser',
password=RealmHomeViewTest.get_password(),
email='test@test.de',
is_staff=True,
is_superuser=True,
is_active=True,
)
def create_ldap_objects(self):
self.realm_1, _ = Realm.objects.get_or_create(name="test_realm_1",
ldap_base_dn="ou=test,ou=fachschaften,dc=test,dc=de")
self.realm_2, _ = Realm.objects.get_or_create(name="test_realm_2",
ldap_base_dn="ou=test2,ou=fachschaften,dc=test,dc=de")
LdapUser.set_root_dn(self.realm_1)
self.ldap_user_multiple_admin, _ = LdapUser.objects.get_or_create(username="test_multi_admin",
email="test@test.de",
password=RealmHomeViewTest.get_password(),
first_name="max",
last_name="musterstudent")
self.ldap_user_admin, _ = LdapUser.objects.get_or_create(username="test_admin", email="test@test.de",
password=RealmHomeViewTest.get_password(),
first_name="max",
last_name="musterstudent")
self.ldap_user, _ = LdapUser.objects.get_or_create(username="test", email="test@test.de",
password=RealmHomeViewTest.get_password(),
first_name="max",
last_name="musterstudent")
LdapGroup.set_root_dn(self.realm_1)
self.realm_1_ldap_group = LdapGroup.objects.create(name="test_realm_1_admin_group",
members=[self.ldap_user_multiple_admin.dn,
self.ldap_user_admin.dn])
LdapGroup.set_root_dn(self.realm_1)
self.realm_2_ldap_group = LdapGroup.objects.create(name="test_realm_2_admin_group",
members=[self.ldap_user_multiple_admin.dn])
logging.disable(logging.DEBUG)
self.realm_1.admin_group = self.realm_1_ldap_group.get_django_group()
self.realm_1.save()
self.realm_2.admin_group = self.realm_2_ldap_group.get_django_group()
self.realm_2.save()
@classmethod
def get_password(cls):
return "12345678"
def setUp(self):
self.create_ldap_objects()
self.django_superuser = User.objects.get(username="test_superuser")
def tearDown(self):
self.clear_ldap_objects()
self.django_superuser.delete()
logging.disable(logging.NOTSET)
def clear_ldap_objects(self):
self.realm_1.delete()
self.realm_2.delete()
self.ldap_user_multiple_admin.delete()
self.ldap_user_admin.delete()
self.ldap_user.delete()
self.realm_1_ldap_group.delete()
self.realm_2_ldap_group.delete()
def test_without_login(self):
response = self.client.get(reverse('realm-home'))
self.assertEqual(response.status_code, 302)
def test_with_user_login(self):
self.client.login(username=self.ldap_user.username, password=RealmHomeViewTest.get_password())
response = self.client.get(reverse('realm-home'))
self.assertContains(response, 'Profil löschen', status_code=200)
self.client.logout()
def test_with_admin_login(self):
self.client.login(username=self.ldap_user_admin.username, password=RealmHomeViewTest.get_password())
response = self.client.get(reverse('realm-home'))
self.assertContains(response, 'Bereich ', status_code=200)
self.client.logout()
def test_with_admin_multiple_realms_login(self):
self.client.login(username=self.ldap_user_multiple_admin.username, password=RealmHomeViewTest.get_password())
response = self.client.get(reverse('realm-home'))
self.assertContains(response, 'Bereiche', status_code=200)
self.client.logout()
def test_with_superuser_login(self):
self.client.login(username=self.django_superuser.username, password=RealmHomeViewTest.get_password())
response = self.client.get(reverse('realm-home'))
self.assertContains(response, 'Bereiche', status_code=200)
self.client.logout()
class RealmAddViewTest(TestCase):
@classmethod
def setUpTestData(cls):
realm, _ = Realm.objects.get_or_create(name="test", ldap_base_dn="ou=test,ou=fachschaften,dc=test,dc=de")
LdapUser.set_root_dn(realm)
LdapUser.objects.get_or_create(username="test", email="test@test.de",
password=RealmAddViewTest.get_password(),
first_name="max",
last_name="musterstudent")
User.objects.get_or_create(username="test", email="test@test.de")
logging.disable(logging.DEBUG)
@classmethod
def get_password(cls):
return "12345678"
def setUp(self):
self.realm = Realm.objects.get(name="test")
LdapUser.set_root_dn(self.realm)
self.ldap_user = LdapUser.objects.get(username="test")
self.django_user = User.objects.get(username="test")
self.django_superuser = User.objects.create_superuser(
username='superuser_test',
password='test',
email='test@test.de',
is_staff=True,
is_superuser=True,
is_active=True,
)
def tearDown(self):
self.realm.delete()
self.ldap_user.delete()
self.django_user.delete()
logging.disable(logging.NOTSET)
def test_without_login(self):
response = self.client.get(reverse('realm-add'))
self.assertEqual(response.status_code, 302)
def test_with_login(self):
self.client.login(username=self.ldap_user.username, password=RealmAddViewTest.get_password())
response = self.client.get(reverse('realm-add'))
self.assertContains(response, 'Leider hast du keine Rechte', status_code=403)
self.client.logout()
def test_with_login_and_post_valid_form(self):
self.client.login(username=self.ldap_user.username, password=RealmAddViewTest.get_password())
response = self.client.post(reverse('realm-add'),
{'name': 'test', 'ldap_base_dn': 'ou=test,ou=fachschaften,dc=test,dc=de'})
self.assertContains(response, 'Leider hast du keine Rechte', status_code=403)
self.client.logout()
def test_with_super_user_login(self):
self.client.login(username=self.django_superuser.username, password='test')
response = self.client.get(reverse('realm-add'))
self.assertContains(response, 'Neuen Bereich anlegen', status_code=200)
self.client.logout()
def test_with_super_user_login_add_realm(self):
realm = Realm.objects.get(name=self.realm.name)
realm.delete()
self.client.login(username=self.django_superuser.username, password='test')
response = self.client.post(reverse('realm-add'),
{'name': 'test', 'ldap_base_dn': 'ou=test,ou=fachschaften,dc=test,dc=de'})
self.assertContains(response, 'Bereich test', status_code=201)
self.client.logout()
self.realm, _ = Realm.objects.get_or_create(name="test", ldap_base_dn="ou=test,ou=fachschaften,dc=test,dc=de")
def test_with_super_user_login_add_extisting_realm(self):
self.client.login(username=self.django_superuser.username, password='test')
response = self.client.post(reverse('realm-add'),
{'name': 'test', 'ldap_base_dn': 'ou=test,ou=fachschaften,dc=test,dc=de'})
self.assertContains(response, 'Das hinzufügen des Bereichs ist fehlgeschlagen.', status_code=409)
self.client.logout()
def test_with_super_user_login_add_extisting_realm_with_different_name(self):
self.client.login(username=self.django_superuser.username, password='test')
response = self.client.post(reverse('realm-add'),
{'name': 'test_new', 'ldap_base_dn': 'ou=test,ou=fachschaften,dc=test,dc=de'})
self.assertContains(response, 'Das hinzufügen des Bereichs ist fehlgeschlagen.', status_code=409)
self.client.logout()
def test_with_super_user_login_add_realm_with_not_existing_ldap_base_dn(self):
self.client.login(username=self.django_superuser.username, password='test')
response = self.client.post(reverse('realm-add'),
{'name': 'test_not_extisting_ldap_dn',
'ldap_base_dn': 'ou=not_exists,ou=fachschaften,dc=test,dc=de'})
self.assertContains(response, 'Das hinzufügen des Bereichs ist fehlgeschlagen.', status_code=409)
self.client.logout()
class RealmDetailViewTest(TestCase):
@classmethod
def setUpTestData(cls):
# User.objects.get_or_create(username="test", email="test@test.de")
User.objects.create_superuser(
username='test_superuser',
password=RealmDetailViewTest.get_password(),
email='test@test.de',
is_staff=True,
is_superuser=True,
is_active=True,
)
def create_ldap_objects(self):
self.realm_1, _ = Realm.objects.get_or_create(name="test_realm_1",
ldap_base_dn="ou=test,ou=fachschaften,dc=test,dc=de")
LdapUser.set_root_dn(self.realm_1)
self.ldap_user_admin, _ = LdapUser.objects.get_or_create(username="test_admin", email="test@test.de",
password=RealmDetailViewTest.get_password(),
first_name="max",
last_name="musterstudent")
self.ldap_user, _ = LdapUser.objects.get_or_create(username="test", email="test@test.de",
password=RealmDetailViewTest.get_password(),
first_name="max",
last_name="musterstudent")
LdapGroup.set_root_dn(self.realm_1)
self.realm_1_ldap_group = LdapGroup.objects.create(name="test_realm_1_admin_group",
members=[self.ldap_user_admin.dn])
logging.disable(logging.DEBUG)
self.realm_1.admin_group = self.realm_1_ldap_group.get_django_group()
self.realm_1.save()
@classmethod
def get_password(cls):
return "12345678"
def setUp(self):
self.create_ldap_objects()
self.django_superuser = User.objects.get(username="test_superuser")
def tearDown(self):
self.clear_ldap_objects()
self.django_superuser.delete()
logging.disable(logging.NOTSET)
def clear_ldap_objects(self):
self.realm_1.delete()
self.ldap_user_admin.delete()
self.ldap_user.delete()
self.realm_1_ldap_group.delete()
def test_without_login(self):
response = self.client.get(reverse('realm-detail', args=[self.realm_1.id]))
self.assertEqual(response.status_code, 302)
def test_with_user_login(self):
self.client.login(username=self.ldap_user.username, password=RealmDetailViewTest.get_password())
response = self.client.get(reverse('realm-detail', args=[self.realm_1.id]))
self.assertContains(response, 'Leider hast du keine Rechte', status_code=403)
self.client.logout()
def test_with_admin_login(self):
self.client.login(username=self.ldap_user_admin.username, password=RealmDetailViewTest.get_password())
response = self.client.get(reverse('realm-detail', args=[self.realm_1.id]))
self.assertContains(response, 'Bereich ', status_code=200)
self.client.logout()
def test_with_superuser_login(self):
self.client.login(username=self.django_superuser.username, password=RealmDetailViewTest.get_password())
response = self.client.get(reverse('realm-detail', args=[self.realm_1.id]))
self.assertContains(response, 'Bereich', status_code=200)
self.client.logout()
class RealmUpdateViewTest(TestCase):
@classmethod
def setUpTestData(cls):
# User.objects.get_or_create(username="test", email="test@test.de")
User.objects.create_superuser(
username='test_superuser',
password=RealmUpdateViewTest.get_password(),
email='test@test.de',
is_staff=True,
is_superuser=True,
is_active=True,
)
def create_ldap_objects(self):
self.realm_1, _ = Realm.objects.get_or_create(name="test_realm_1",
ldap_base_dn="ou=test,ou=fachschaften,dc=test,dc=de",
email="test.realm@test.de")
self.realm_2, _ = Realm.objects.get_or_create(name="test_realm_2",
ldap_base_dn="ou=test2,ou=fachschaften,dc=test,dc=de")
LdapUser.set_root_dn(self.realm_1)
self.ldap_user_multiple_admin, _ = LdapUser.objects.get_or_create(username="test_multi_admin",
email="test@test.de",
password=RealmUpdateViewTest.get_password(),
first_name="max",
last_name="musterstudent")
self.ldap_user_admin, _ = LdapUser.objects.get_or_create(username="test_admin", email="test@test.de",
password=RealmUpdateViewTest.get_password(),
first_name="max",
last_name="musterstudent")
self.ldap_user, _ = LdapUser.objects.get_or_create(username="test", email="test@test.de",
password=RealmUpdateViewTest.get_password(),
first_name="max",
last_name="musterstudent")
LdapGroup.set_root_dn(self.realm_1)
self.realm_1_ldap_group = LdapGroup.objects.create(name="test_realm_1_admin_group",
members=[self.ldap_user_multiple_admin.dn,
self.ldap_user_admin.dn])
LdapGroup.set_root_dn(self.realm_1)
self.realm_2_ldap_group = LdapGroup.objects.create(name="test_realm_2_admin_group",
members=[self.ldap_user_multiple_admin.dn])
LdapGroup.set_root_dn(self.realm_1)
self.realm_3_ldap_group = LdapGroup.objects.create(name="test_realm_3_admin_group",
members=[self.ldap_user_admin.dn])
logging.disable(logging.DEBUG)
self.realm_1.admin_group = self.realm_1_ldap_group.get_django_group()
self.realm_1.save()
self.realm_2.admin_group = self.realm_2_ldap_group.get_django_group()
self.realm_2.save()
@classmethod
def get_password(cls):
return "12345678"
def setUp(self):
self.create_ldap_objects()
self.django_superuser = User.objects.get(username="test_superuser")
def tearDown(self):
self.clear_ldap_objects()
self.django_superuser.delete()
logging.disable(logging.NOTSET)
def clear_ldap_objects(self):
self.realm_1.delete()
self.realm_2.delete()
self.ldap_user_multiple_admin.delete()
self.ldap_user_admin.delete()
self.ldap_user.delete()
self.realm_1_ldap_group.delete()
self.realm_2_ldap_group.delete()
self.realm_3_ldap_group.delete()
def test_without_login(self):
response = self.client.get(reverse('realm-update', args=[self.realm_1.id]))
self.assertEqual(response.status_code, 302)
def test_with_user_login(self):
self.client.login(username=self.ldap_user.username, password=RealmUpdateViewTest.get_password())
response = self.client.get(reverse('realm-update', args=[self.realm_1.id]))
self.assertContains(response, 'Leider hast du keine Rechte', status_code=403)
self.client.logout()
def test_with_admin_login(self):
self.client.login(username=self.ldap_user_admin.username, password=RealmUpdateViewTest.get_password())
response = self.client.get(reverse('realm-update', args=[self.realm_1.id]))
self.assertContains(response, 'Leider hast du keine Rechte', status_code=403)
self.client.logout()
def test_with_superuser_login(self):
self.client.login(username=self.django_superuser.username, password=RealmUpdateViewTest.get_password())
response = self.client.get(reverse('realm-update', args=[self.realm_1.id]))
self.assertContains(response, '<label for="id_name">Bereichsname</label>', status_code=200)
self.client.logout()
def test_with_superuser_login_post_single_changes(self):
self.client.login(username=self.django_superuser.username, password=RealmUpdateViewTest.get_password())
new_name = "new test realm"
new_email = "newtest@test.de"
new_admin_group = self.realm_1_ldap_group
new_default_group = self.realm_3_ldap_group
response = self.client.post(reverse('realm-update', args=[self.realm_1.id]),
{'name': new_name, 'email': new_email,
'ldap_base_dn': self.realm_1.ldap_base_dn})
self.assertContains(response, 'Nutzeranzahl', status_code=200)
self.realm_1.refresh_from_db()
self.assertEqual(self.realm_1.name, new_name)
self.assertEqual(self.realm_1.email, new_email)
response = self.client.post(reverse('realm-update', args=[self.realm_1.id]),
{'name': new_name, 'email': new_email,
'ldap_base_dn': self.realm_1.ldap_base_dn, 'admin_group': new_admin_group.name})
self.assertContains(response, 'Nutzeranzahl', status_code=200)
self.realm_1.refresh_from_db()
django_group = Group.objects.get(name=new_admin_group.name)
self.assertEqual(self.realm_1.admin_group, django_group)
response = self.client.post(reverse('realm-update', args=[self.realm_1.id]),
{'name': new_name, 'email': new_email,
'ldap_base_dn': self.realm_1.ldap_base_dn,
'default_group': new_default_group.name})
self.assertContains(response, 'Nutzeranzahl', status_code=200)
self.realm_1.refresh_from_db()
django_group = Group.objects.get(name=new_default_group.name)
self.assertEqual(self.realm_1.default_group, django_group)
self.client.logout()
def test_with_superuser_login_post_with_missing_data(self):
self.client.login(username=self.django_superuser.username, password=RealmUpdateViewTest.get_password())
new_name = "new test realm"
response = self.client.post(reverse('realm-update', args=[self.realm_1.id]),
{'name': new_name,
'ldap_base_dn': self.realm_1.ldap_base_dn})
self.assertContains(response, '<label for="id_name">Bereichsname</label>', status_code=422)
response = self.client.post(reverse('realm-update', args=[self.realm_1.id]),
{'email': "test@test.de",
'ldap_base_dn': self.realm_1.ldap_base_dn})
self.assertContains(response, '<label for="id_name">Bereichsname</label>', status_code=422)
response = self.client.post(reverse('realm-update', args=[self.realm_1.id]),
{'name': new_name, 'email': "test@test.de"})
self.assertContains(response, '<label for="id_name">Bereichsname</label>', status_code=422)
response = self.client.post(reverse('realm-update', args=[self.realm_1.id]),
{'name': new_name, 'email': "abc",
'ldap_base_dn': self.realm_1.ldap_base_dn})
self.assertContains(response, '<label for="id_name">Bereichsname</label>', status_code=422)
self.client.logout()

4
src/account_manager/urls.py
View File

@ -53,8 +53,6 @@ urlpatterns = [
name='realm-multiple-user-delete'),
path('realm/<int:realm_id>/user/delete/multiple/inactive/', user_views.realm_multiple_user_delete_inactive,
name='realm-multiple-user-delete-inactive'),
path('realm/<int:realm_id>/user/delete/<str:user_dn>/cancel/', user_views.realm_user_delete_cancel,
name='realm-user-delete-cancel'),
# Realm Group
path('realm/<int:realm_id>/groups/', group_views.realm_groups, name='realm-group-list'),
@ -80,8 +78,6 @@ urlpatterns = [
name='user-delete'),
path('accounts/reset/<uidb64>/<token>/', user_views.LdapPasswordResetConfirmView.as_view(),
name='ldap_password_reset_confirm'),
path('accounts/password_change/secure/', user_views.password_change_controller,
name='password_change_controller'),
path('accounts/password_change/', user_views.LdapPasswordChangeView.as_view(),
name='password_change'),

7
src/account_manager/utils/django_user.py
View File

@ -1,7 +0,0 @@
from django.contrib.auth.models import User
def update_dajngo_user(ldap_user):
user, _ = User.objects.get_or_create(username=ldap_user.username)
user.email = ldap_user.email
user.save()

12
src/account_manager/utils/mail_utils.py
View File

@ -8,7 +8,6 @@ from django.contrib.auth.tokens import default_token_generator
from django.template.loader import render_to_string
from django.utils.encoding import force_bytes
from django.utils.http import urlsafe_base64_encode
from django.conf import settings
from core.settings import EMAIL_HOST, EMAIL_PORT, EMAIL_USE_SSL, EMAIL_USE_TLS
@ -45,14 +44,3 @@ def send_welcome_mail(domain, email, protocol, realm, user):
# TODO failure handling
p1 = Process(target=realm_send_mail, args=(realm, user.email, mail_subject, message))
p1.start()
def send_deletion_mail(realm, user):
mail_subject = 'Aktiviere deinen StuVe Account'
message = render_to_string('registration/deletion_information_email.jinja2', {
'user': user,
'deletion_wait_days': settings.DELETION_WAIT_DAYS,
})
# TODO failure handling
p1 = Process(target=realm_send_mail, args=(realm, user.email, mail_subject, message))
p1.start()

62
src/account_manager/utils/main_views.py
View File

@ -1,62 +0,0 @@
from django.shortcuts import render
from account_helper.models import Realm
from account_manager.models import LdapUser, LdapGroup
from account_manager.utils.user_views import render_user_detail_view
def render_realm_detail_view(request, realm_id, success_headline=None, success_text=None, error_headline=None,
error_text=None, status_code=200):
realm = Realm.objects.get(id=realm_id)
LdapUser.base_dn = realm.ldap_base_dn
inactive_users = LdapUser.get_inactive_users().count()
ldap_admin_group, ldap_default_group = get_default_admin_group(realm)
return render(request, 'realm/realm_detailed.jinja2',
{'realm': realm,
'ldap_admin_group': ldap_admin_group,
'ldap_default_group': ldap_default_group,
'inactive_user_count': inactive_users,
'users_count': LdapUser.objects.all().count(),
'success_headline': success_headline,
'success_text': success_text,
'error_headline': error_headline,
'error_text': error_text}, status=status_code)
def get_default_admin_group(realm):
ldap_admin_group = None
ldap_default_group = None
if realm.admin_group:
LdapGroup.base_dn = f'ou=groups,{realm.ldap_base_dn}'
ldap_admin_group = LdapGroup.objects.get(name=realm.admin_group.name)
if realm.default_group:
LdapGroup.base_dn = f'ou=groups,{realm.ldap_base_dn}'
ldap_default_group = LdapGroup.objects.get(name=realm.default_group.name)
return ldap_admin_group, ldap_default_group
def render_permission_denied_view(request):
return render(request, 'permission_denied.jinja2', {}, status=403)
def get_group_user_count_wrapper(realm):
LdapUser.base_dn = f'ou=people,{realm.ldap_base_dn}'
LdapGroup.base_dn = f'ou=groups,{realm.ldap_base_dn}'
return {'realm': realm, 'group_count': LdapGroup.objects.count(), 'user_count': LdapUser.objects.count()}
def get_users_home_view(request, django_user, realms):
show_user = request.GET.get('show_user', False)
if show_user or (len(realms) == 0 and not django_user.is_superuser):
LdapUser.base_dn = LdapUser.ROOT_DN
ldap_user = LdapUser.objects.get(username=django_user.username)
realm = Realm.objects.get(ldap_base_dn=ldap_user.get_users_realm_base_dn())
return render_user_detail_view(request, realm, ldap_user)
elif len(realms) == 1:
return render_realm_detail_view(request, realms[0].id)
else:
realm_wrappers = []
for realm in realms:
realm_wrappers.append(get_group_user_count_wrapper(realm))
return render(request, 'realm/realm_home.jinja2', {'realms': realms, 'realm_wrappers': realm_wrappers})

10
src/account_manager/utils/user_views.py
View File

@ -1,10 +0,0 @@
from django.shortcuts import render
from account_manager.models import LdapUser, LdapGroup
def render_user_detail_view(request, realm, ldap_user):
user_wrapper = LdapUser.get_extended_user(ldap_user)
LdapGroup.base_dn = LdapGroup.ROOT_DN
groups = LdapGroup.objects.filter(members=ldap_user.dn)
return render(request, 'user/user_detail.jinja2', {'user': user_wrapper, 'groups': groups, 'realm': realm})

111
src/account_manager/views/user_views.py
View File

@ -1,4 +1,5 @@
import logging
import os
from django.contrib.auth.decorators import login_required
from django.contrib.auth.forms import PasswordResetForm
@ -6,26 +7,17 @@ from django.contrib.auth.models import User
from django.contrib.auth.views import PasswordResetConfirmView, PasswordChangeView
from django.contrib.sites.shortcuts import get_current_site
from django.core.exceptions import ObjectDoesNotExist
from django.db import IntegrityError
from django.http import HttpRequest
from django.shortcuts import render, redirect
from django.utils.translation import gettext as _
from ldap import ALREADY_EXISTS, OBJECT_CLASS_VIOLATION
from django.urls import reverse
from urllib.parse import urlencode
from account_helper.models import Realm, DeletedUser
from account_helper.models import Realm
from account_manager.forms import AddLDAPUserForm, UserDeleteListForm, UpdateLDAPUserForm, AdminUpdateLDAPUserForm, \
UserGroupListForm, LdapPasswordChangeForm
UserGroupListForm
from account_manager.main_views import is_realm_admin
from account_manager.models import LdapUser, LdapGroup
from account_manager.utils.django_user import update_dajngo_user
from account_manager.utils.mail_utils import send_welcome_mail, send_deletion_mail
from django.contrib.auth import logout
from django.conf import settings
from account_manager.utils.user_views import render_user_detail_view
from account_manager.utils.mail_utils import send_welcome_mail
logger = logging.getLogger(__name__)
@ -54,7 +46,14 @@ def realm_user(request, realm_id):
realm_users = LdapUser.objects.all()
user_wrappers = []
for user in realm_users:
user_wrappers.append(LdapUser.get_extended_user(user))
try:
django_user = User.objects.get(username=user.username)
if django_user.last_login:
user_wrappers.append({'user': user, 'active': True})
else:
user_wrappers.append({'user': user, 'active': False})
except ObjectDoesNotExist:
user_wrappers.append({'user': user, 'active': False})
return render(request, 'realm/realm_user.jinja2', {'realm': realm, 'realm_user': user_wrappers})
@ -62,28 +61,24 @@ def realm_user(request, realm_id):
@is_realm_admin
@protect_cross_realm_user_access
def realm_user_detail(request, realm_id, user_dn):
return get_rendered_user_details(request, realm_id, user_dn)
def get_rendered_user_details(request, realm_id, user_dn, success_headline=None, success_text=None):
realm = Realm.objects.get(id=realm_id)
LdapUser.base_dn = realm.ldap_base_dn
LdapGroup.base_dn = LdapGroup.ROOT_DN
user = LdapUser.objects.get(dn=user_dn)
user_wrapper = LdapUser.get_extended_user(user)
groups = LdapGroup.objects.filter(members=user.dn)
return render(request, 'user/realm_user_detail.jinja2',
{'user': user_wrapper, 'groups': groups, 'realm': realm, 'success_headline': success_headline,
'success_text': success_text})
return render(request, 'user/realm_user_detail.jinja2', {'user': user, 'groups': groups, 'realm': realm})
@login_required
def user_detail(request, realm_id, user_dn):
realm = Realm.objects.get(id=realm_id)
LdapUser.base_dn = realm.ldap_base_dn
ldap_user = LdapUser.objects.get(dn=user_dn)
LdapGroup.base_dn = LdapGroup.ROOT_DN
return render_user_detail_view(request, realm, ldap_user)
user = LdapUser.objects.get(dn=user_dn)
groups = LdapGroup.objects.filter(members=user.dn)
return render(request, 'user/user_detail.jinja2', {'user': user, 'groups': groups, 'realm': realm})
@login_required
@ -154,7 +149,7 @@ def realm_user_resend_password_reset(request, realm_id, user_dn):
ldap_user = LdapUser.objects.get(dn=user_dn)
try:
if ldap_user.email:
logger.info(f"Sending email to {ldap_user.email}")
logger.info("Sending email for to this email:", ldap_user.email)
form = PasswordResetForm({'email': ldap_user.email})
if form.is_valid():
logger.info('CREATE REQUEST')
@ -167,11 +162,11 @@ def realm_user_resend_password_reset(request, realm_id, user_dn):
form.save(
request=pw_reset_request,
use_https=True,
from_email=settings.DEFAULT_FROM_EMAIL,
from_email=os.environ.get('DEFAULT_FROM_EMAIL', 'vergesslich@test.de'),
email_template_name='registration/password_reset_email.html')
except Exception as e:
logger.error('Error')
logger.info('Error')
return redirect('realm-user-detail', realm_id, user_dn)
@ -182,15 +177,13 @@ def realm_user_resend_welcome_mail(request, realm_id, user_dn):
realm = Realm.objects.get(id=realm_id)
LdapUser.base_dn = f'ou=people,{realm.ldap_base_dn}'
ldap_user = LdapUser.objects.get(dn=user_dn)
update_dajngo_user(ldap_user)
current_site = get_current_site(request)
protocol = 'http'
if request.is_secure():
protocol = 'https'
send_welcome_mail(domain=current_site.domain, email=ldap_user.email, protocol=protocol, realm=realm,
user=User.objects.get(username=ldap_user.username))
return get_rendered_user_details(request, realm_id, user_dn, success_headline="Willkommensmail",
success_text="Willkommensmail erfolgreich versendet.")
return redirect('realm-user-detail', realm_id, user_dn)
@login_required
@ -227,24 +220,7 @@ def realm_user_delete_confirm(request, realm_id, user_dn):
deletion_link = {'name': 'realm-user-delete', 'args': [realm.id, ldap_user.dn]}
cancel_link = {'name': 'realm-user-detail', 'args': [realm.id, ldap_user.dn]}
return render(request, 'user/user_confirm_delete.jinja2',
{'realm': realm, 'user': ldap_user, 'deletion_link': deletion_link, 'cancel_link': cancel_link,
'deletion_wait_days': settings.DELETION_WAIT_DAYS})
@login_required
@is_realm_admin
@protect_cross_realm_user_access
def realm_user_delete_cancel(request, realm_id, user_dn):
realm = Realm.objects.get(id=realm_id)
LdapUser.base_dn = f'ou=people,{realm.ldap_base_dn}'
ldap_user = LdapUser.objects.get(dn=user_dn)
try:
deleted_user = DeletedUser.objects.get(ldap_dn=ldap_user.dn)
deleted_user.delete()
except ObjectDoesNotExist as err:
pass
return redirect('realm-user-detail', realm_id, user_dn)
{'realm': realm, 'user': ldap_user, 'deletion_link': deletion_link, 'cancel_link': cancel_link})
@login_required
@ -441,7 +417,7 @@ def realm_user_group_update_delete(request, realm_id, user_dn):
for group_name in group_names:
groups.append(LdapGroup.objects.get(name=group_name))
try:
LdapGroup.remove_user_from_groups(user_dn, groups)
ldap_remove_user_from_groups(user_dn, groups)
except OBJECT_CLASS_VIOLATION as err:
ldap_user, realm_groups_available, user_groups = get_available_given_groups(realm, user_dn)
return render(request, 'user/realm_user_update_groups.jinja2',
@ -478,56 +454,45 @@ def user_update_controller(request, realm, ldap_user, redirect_name, update_view
def user_delete_controller(ldap_user, realm):
LdapGroup.base_dn = f'ou=groups,{realm.ldap_base_dn}'
user_groups = LdapGroup.objects.filter(members__contains=ldap_user.dn)
ldap_remove_user_from_groups(ldap_user.dn, user_groups)
ldap_user.delete()
try:
django_user = User.objects.get(username=ldap_user.username)
try:
DeletedUser.objects.create(user=django_user, ldap_dn=ldap_user.dn)
send_deletion_mail(realm=realm, user=ldap_user)
except IntegrityError as err:
pass
django_user.delete()
# TODO user deletion cron
# DeletedUser.objects.create(user=django_user)
except ObjectDoesNotExist:
pass
return
def ldap_remove_user_from_groups(ldap_user, user_groups):
for group in user_groups:
group.members.remove(ldap_user)
group.save()
def ldap_add_user_to_groups(ldap_user, user_groups):
for group in user_groups:
group.members.append(ldap_user)
group.save()
@login_required
def password_change_controller(request):
logout(request)
base_url = reverse('login')
next_param = reverse('password_change')
query_string = urlencode({'next': next_param})
url = '{}?{}'.format(base_url, query_string)
return redirect(url)
class LdapPasswordResetConfirmView(PasswordResetConfirmView):
def form_valid(self, form):
user = form.save()
password = form.cleaned_data['new_password1']
LdapUser.base_dn = LdapUser.ROOT_DN
LdapUser.password_reset(user, password)
cached_redirect = super().form_valid(form)
user.set_unusable_password()
user.save()
return cached_redirect
return super().form_valid(form)
class LdapPasswordChangeView(PasswordChangeView):
form_class = LdapPasswordChangeForm
def form_valid(self, form):
user = form.save()
password = form.cleaned_data['new_password1']
LdapUser.base_dn = LdapUser.ROOT_DN
LdapUser.password_reset(user, password)
cached_request = super().form_valid(form)
user.set_unusable_password()
user.save()
return cached_request
return super().form_valid(form)

11
src/core/docker_settings.py
View File

@ -20,7 +20,6 @@ SITE_NAME = os.environ['SITE_NAME']
SECRET_KEY = os.environ['SECRET_KEY']
DEBUG = os.environ.get('DEBUG', 'False') =='True'
ALLOWED_HOSTS = os.environ['ALLOWED_HOSTS'].split()
DELETION_WAIT_DAYS = int(os.environ.get('DELETION_WAIT_DAYS', "14"))
# Application definition
INSTALLED_APPS = [
@ -180,8 +179,6 @@ else:
EMAIL_TIMEOUT = 15
EMAIL_HOST = os.environ['EMAIL_HOST']
EMAIL_PORT = int(os.environ['EMAIL_PORT'])
EMAIL_HOST_USER = os.environ.get('EMAIL_HOST_USER','')
EMAIL_HOST_PASSWORD = os.environ.get('EMAIL_HOST_PASSWORD','')
EMAIL_USE_TLS = os.environ.get('EMAIL_USE_TLS', 'False') == 'True'
EMAIL_USE_SSL = os.environ.get('EMAIL_USE_SSL', 'False') == 'True'
@ -220,14 +217,10 @@ LOGGING = {
'level': 'DEBUG',
},
'django_auth_ldap': {
'level': 'DEBUG',
'level': 'WARNING',
'handlers': ['console'],
},
'django_ldapdb': {
'level': 'DEBUG',
'handlers': ['console'],
},
'*': {
'django': {
'handlers': ['console'],
'level': 'DEBUG',
}

2
src/core/urls.py
View File

@ -18,7 +18,6 @@ from django.urls import path, include
from django.contrib.auth import views as auth_views
from django.contrib.auth.decorators import user_passes_test
from account_manager.forms import LdapPasswordResetForm
from account_manager.views.user_views import LdapPasswordChangeView
from .views import about
login_forbidden = user_passes_test(lambda u: u.is_anonymous(), '/')
@ -32,6 +31,5 @@ urlpatterns = [
auth_views.PasswordResetView.as_view(html_email_template_name='registration/password_reset_email.html',
form_class=LdapPasswordResetForm),
name='password_reset'),
path('accounts/', include('django.contrib.auth.urls')),
]

15
src/static/css/floating_labels.css
View File

@ -215,21 +215,6 @@
color: #6c757d;
}
/* ------------------------------------------------------------------------------------------------------------------ */
/* -- Toast -- */
/* ------------------------------------------------------------------------------------------------------------------ */
.toast {
position: absolute;
top: 5px;
right: -250px;
width: 250px;
min-height: 50px;
z-index: 1000;
transform: translateX(-280px);
transition: transform 2s;
}
/* ------------------------------------------------------------------------------------------------------------------ */
/* -- Footer -- */
/* ------------------------------------------------------------------------------------------------------------------ */

4
src/static/js/main.js
View File

@ -3,10 +3,6 @@ const TABLE_CLASS = '.data-table';
const TABLE_CLASS_NO_PAGING = '.data-table-npaging';
$(document).ready(function () {
// Bottstrap Toast
$('.toast').toast('show');
//Datatables
const data_table = $(TABLE_CLASS).DataTable({
"paging": true,
"pageLength": 10,

1
src/templates/base.jinja2
View File

@ -65,7 +65,6 @@
<script src="{{ static('libs/DataTables/DataTables-1.10.18/js/jquery.dataTables.js') }}"></script>
<script src="{{ static('libs/DataTables/RowReorder-1.2.4/js/dataTables.rowReorder.min.js') }}"></script>
<script src="{{ static('libs/DataTables/Responsive-2.2.2/js/dataTables.responsive.min.js') }}"></script>
<script src="{{ static('libs/bootstrap-4.3.1-dist/js/bootstrap.min.js') }}"></script>
<script src="{{ static('js/main.js') }}"></script>
</body>

31
src/templates/macros/utils_macros.jinja2
View File

@ -36,12 +36,11 @@
<th scope="col">Nachname</th>
<th scope="col">Aktiv</th>
<th scope="col">Letzer Login</th>
<th scope="col">Löschdatum</th>
</tr>
</thead>
<tbody>
{% for user in users %}
<tr class="{% if user.deleted_user %}bg-warning{% endif %}">
<tr>
<td>
<a href="{{ url('realm-user-detail', args=[realm.id, user.user.dn]) }}">{{ user.user.username }}</a>
</td>
@ -58,11 +57,6 @@
<i class="far fa-times-circle text-danger"></i><span class="d-none">+</span>
{% endif %}
</td>
<td class="text-center">
{% if user.deleted_user %}
{{ user.deleted_user.deletion_date.strftime('%Y-%m-%d') }}
{% endif %}
</td>
</tr>
{% endfor %}
</tbody>
@ -131,29 +125,6 @@
{% endif %}
{% endmacro %}
{% macro get_success_toast(success_head, success_text, error_headline, error_text) -%}
{% if success_text and success_head %}
<div class="toast" role="alert" aria-live="polite" aria-atomic="true" data-delay="5000">
<div role="alert" aria-live="assertive" aria-atomic="true">
<div role="alert" aria-live="assertive" aria-atomic="true" class="" data-autohide="false">
<div class="toast-header text-success"><strong class="mr-auto">{{ success_head }}</strong></div>
<div class="toast-body">{{ success_text }}</div>
</div>
</div>
</div>
{% endif %}
{% if error_text and error_headline %}
<div class="toast" role="alert" aria-live="polite" aria-atomic="true" data-delay="5000">
<div role="alert" aria-live="assertive" aria-atomic="true">
<div role="alert" aria-live="assertive" aria-atomic="true" class="" data-autohide="false">
<div class="toast-header text-error"><strong class="mr-auto">{{ error_headline }}</strong></div>
<div class="toast-body">{{ error_text }}</div>
</div>
</div>
</div>
{% endif %}
{% endmacro %}
{% macro get_data_table_search_field(input_id="data-table-search-input") -%}
<div class="form-group w-25 float-right">
<input type="text"

12
src/templates/realm/realm_detailed.jinja2
View File

@ -1,6 +1,4 @@
{% extends 'base_admin.jinja2' %}
{% import 'macros/utils_macros.jinja2' as mutils %}
{% block admin_content %}
<div class="row ">
<div class="col-12 p-3">
@ -21,17 +19,13 @@
<p style="color: darkred">{{ error }}</p>
{% endif %}
{% block detail_content %}
{{ mutils.get_success_toast(success_headline, success_text, error_headline, error_text) }}
<ul class="list-group list-group-flush w-100">
<li class="list-group-item">LDAP Organisationseinheit: {{ realm.ldap_base_dn }}</li>
<li class="list-group-item">Nutzeranzahl (Aktive/Inaktive): {{ users_count }}
({{ users_count-inactive_user_count }}/{{ inactive_user_count }})
<a
<li class="list-group-item">Nutzeranzahl: {{ users_count }}</li>
<li class="list-group-item">Inaktive Nutzer: {{ inactive_user_count }} <a
href="{{ url('realm-multiple-user-delete-inactive', args=[realm.id]) }}"
class="float-right">
Inaktive Nutzer löschen
</a>
</li>
Inaktive Nutzer löschen</a></li>
{% if realm.email %}
<li class="list-group-item">Email: {{ realm.email }}</li>
{% else %}

9
src/templates/registration/deletion_information_email.jinja2
View File

@ -1,9 +0,0 @@
<h1>StuVe Accountlöschung</h1>
<p>Dein Account mit dem Nutzernamen <strong>{{ user.username }}</strong> wurde als gelöscht markiert. Deine Nutzerdaten
werden in {{ deletion_wait_days }} Tagen gelöscht. Falls du noch wichtige Daten in den StuVe Services gespeichert
hast, bitte kopiere diese noch vor der Löschung. Danach werden diese nicht mehr zugänglich sein. </p>
<p>Möchtest du weiter Teil der StuVe Services sein, bitte kontaktiere zuvor deinen Administrator.</p>
<p>Wir wünschen dir noch einen schöne Studienzeit</p>
<p>Das Fachschaft WIAI Admin Team</p>
Kontakt: <a href="mailto:fachschaft-wiai.stuve@uni-bamberg.de?subject=LAMa (Dein Betreff)">fachschaft-wiai.stuve@uni-bamberg.de</a>

13
src/templates/registration/password_change_form.html
View File

@ -7,18 +7,7 @@
<h1 class="mb-4">Passwort ändern</h1>
<form method="post" class="floating-label-form">
<input type="hidden" name="csrfmiddlewaretoken" value="{{ csrf_token }}">
<!-- {{form.errors}}-->
<input type="password"
class="form-control"
placeholder="Old password"
aria-describedby="id_old_password_help"
name="old_password"
id="id_old_password"
maxlength="None"
value="ralf"
hidden>
<!-- {{ mform.password_input(form.old_password) }}-->
{{ mform.password_input(form.old_password) }}
{{ mform.password_input(form.new_password1) }}
{{ mform.password_input(form.new_password2) }}
<div class="d-flex mt-4">

71
src/templates/user/realm_user_detail.jinja2
View File

@ -1,49 +1,26 @@
{% extends 'realm/realm_detailed.jinja2' %}
{% import 'macros/form_macros.jinja2' as mform %}
{% import 'macros/utils_macros.jinja2' as mutils %}
{% block detail_content %}
{{ mutils.get_success_toast(success_headline, success_text) }}
{% if user.user %}
{% if user.deleted_user.deletion_date %}
<h3 class="text-danger">{{ user.user.username }}
<small>Nutzer wird vorraussichtlich am {{ user.deleted_user.deletion_date.strftime('%d.%m.%Y') }}
gelöscht
</small>
</h3>
{% else %}
<h3>{{ user.user.username }}</h3>
{% endif %}
{% else %}
<h3>{{ user.username }}</h3>
{% endif %}
{% if not form %}
<ul class="list-group list-group-flush w-100">
<li class="list-group-item">Ldap Domain: {{ user.user.dn }}</li>
<li class="list-group-item">Ldap Domain: {{ user.dn }}</li>
<li class="list-group-item"> Anzeigename:
{% if user.user.display_name %}
{{ user.user.display_name }}
{% if user.display_name %}
{{ user.display_name }}
{% else %}
<span class="text-warning"> Noch nicht generiert </span>
{% endif %}
</li>
{% if user.user.phone %}
<li class="list-group-item">Vorname: {{ user.user.first_name }}</li>
{% endif %}
{% if user.user.phone %}
<li class="list-group-item">Nachname: {{ user.user.last_name }}</li>
{% endif %}
<li class="list-group-item">Email: {{ user.user.email }}</li>
<li class="list-group-item">Vorname: {{ user.first_name }}</li>
<li class="list-group-item">Nachname: {{ user.last_name }}</li>
<li class="list-group-item">Email: {{ user.email }}</li>
<li class="list-group-item">Passwort: <a
href="{{ url('realm-user-password-reset', args = [realm.id, user.user.dn]) }}" class="float-right">Nutzerpasswort
href="{{ url('realm-user-password-reset', args = [realm.id, user.dn]) }}" class="float-right">Nutzerpasswort
zurücksetzen</a></li>
{% if user.user.phone %}
<li class="list-group-item">Telefon: {{ user.user.phone }}</li>
{% endif %}
{% if user.user.mobile_phone %}
<li class="list-group-item">Mobiltelefon: {{ user.user.mobile_phone }}</li>
{% endif %}
<li class="list-group-item">Telefon: {{ user.phone }}</li>
<li class="list-group-item">Mobiltelefon: {{ user.mobile_phone }}</li>
<li class="list-group-item">Gruppen:
{% if groups %}
{% for group in groups %}
@ -56,45 +33,29 @@
{% else %}
<span class="text-warning">Keine zugewiesen</span>
{% endif %}
{% if not user.deleted_user.deletion_date %}
<a href="{{ url('realm-user-group-update', args=[realm.id, user.user.dn]) }}" class="float-right">
<a href="{{ url('realm-user-group-update', args=[realm.id, user.dn]) }}" class="float-right">
Gruppen zuweisen</a>
{% endif %}
</li>
<li class="list-group-item">Zuletzt eingeloggt:
{% if user.user.last_login %}
{{ user.user.last_login.strftime('%d.%m.%Y') }}
{% if user.last_login %}
{{ user.last_login.strftime('%d.%m.%Y') }}
{% else %}
<i class="far fa-times-circle text-danger"></i><span class="d-none">+</span>
{% endif %}</li>
{% if user.deleted_user.deletion_date %}
<li class="list-group-item text-danger">
Löschvorgang: {{ user.deleted_user.deletion_date.strftime('%d.%m.%Y') }}
<a href="{{ url('realm-user-delete-cancel', args=[realm.id, user.user.dn]) }}"
class="float-right">
Löschvorgang abbrechen</a>
</li>
{% endif %}
</ul>
<div class="d-flex mt-3">
{% if not user.deleted_user.deletion_date %}
<a href="{{ url('realm-user-update', args = [realm.id, user.user.dn]) }}"
class="btn btn-primary mr-auto p-2">
<a href="{{ url('realm-user-update', args = [realm.id, user.dn]) }}" class="btn btn-primary mr-auto p-2">
<i class="fas fa-user-cog"></i> Nutzer bearbeiten
</a>
{% if not user.user.last_login %}
<a href="{{ url('realm-user-resend-welcome-mail', args = [realm.id, user.user.dn]) }}"
{% if not user.last_login %}
<a href="{{ url('realm-user-resend-welcome-mail', args = [realm.id, user.dn]) }}"
class="btn btn-secondary p-2 mr-2">
<i class="fas fa-paper-plane"></i> Wilkommensmail erneut senden
</a>
{% endif %}
<a href="{{ url('realm-user-delete-confirm', args = [realm.id, user.user.dn]) }}"
class="btn btn-danger p-2">
<a href="{{ url('realm-user-delete-confirm', args = [realm.id, user.dn]) }}" class="btn btn-danger p-2">
<i class="fas fa-trash"></i> Nutzer löschen
</a>
{% endif %}
</div>
{% else %}
<form method="post">

5
src/templates/user/user_confirm_delete.jinja2
View File

@ -7,7 +7,7 @@
<div class="row justify-content-center justify-content-sm-center">
<div class="col-12 col-sm-8 col-md-7 col-lg-5 col-xl-4 bg-white text-dark p-3 mt-5">
<div class="alert alert-warning" role="alert">
<p><strong>Achtung!</strong> Sie sind gerade dabei den Account von <strong>{{ user.username }}</strong> zu schließen.
<p>Achtung! Sie sind gerade dabei den Account von <strong>{{ user.username }}</strong> zu schließen.
</p>
<p>Falls Sie sich sicher sind, dass Sie diesen Nutzer löschen wollen, klicken Sie bitte auf "Nutzer
löschen".
@ -15,9 +15,6 @@
Diensten hochgeladen wurden, weiterhin bestehen bleiben.</p>
<p>Um auch diese zu löschen müssen Sie zuvor Ihre Daten entsprechend löschen. </p>
<p>Möchten Sie das Löschen der Accountdaten verhindern, klicken Sie auf "Abbrechen"</p>
<p>Der Nutzer wird automatisch über die Löschung informiert.</p>
<p><strong>Der Account bleibt noch {{ deletion_wait_days }} Tage (vom heutigen Tag aus) bis zur geplanten Löschung
bestehen.</strong></p>
</div>
<div class="d-flex">
<a href="{{ url(cancel_link.name, args = cancel_link.args) }}"

27
src/templates/user/user_detail.jinja2
View File

@ -8,14 +8,8 @@
<div class="col-12 col-sm-8 col-md-7 col-lg-5 col-xl-4 bg-white text-dark p-3 mt-5">
<div class="card">
<div class="card-body">
{% if user.deleted_user.deletion_date %}
<h5 class="card-title text-danger">{{ user.user.username }}
<small>Als gelöscht markiert</small>
</h5>
{% else %}
<h5 class="card-title">{{ user.user.username }}</h5>
{% endif %}
<h6 class="card-subtitle mb-2 text-muted">{{ user.user.last_name }}, {{ user.user.first_name }}</h6>
<h5 class="card-title">{{ user.username }}</h5>
<h6 class="card-subtitle mb-2 text-muted">{{ user.last_name }}, {{ user.first_name }}</h6>
<ul class="list-group list-group-flush">
{% if groups %}
<li class="list-group-item">
@ -29,26 +23,21 @@
</li>
{% endif %}
<li class="list-group-item"><span
class="font-weight-bold">Email:</span> {{ user.user.email }}</li>
class="font-weight-bold">Email:</span> {{ user.email }}</li>
<li class="list-group-item"><span
class="font-weight-bold">Passwort:</span> <a
href="{{ url('password_change_controller') }}">Passwort ändern</a>
href="{{ url('password_change') }}">Passwort ändern</a>
</li>
<li class="list-group-item"><span
class="font-weight-bold">Telefon:</span> {{ user.user.phone }}</li>
class="font-weight-bold">Telefon:</span> {{ user.phone }}</li>
<li class="list-group-item"><span
class="font-weight-bold">Mobiltelefon:</span> {{ user.user.mobile_phone }}</li>
{% if user.deleted_user.deletion_date %}
<li class="list-group-item text-danger">
Löschvorgang: {{ user.deleted_user.deletion_date.strftime('%d.%m.%Y') }}
</li>
{% endif %}
class="font-weight-bold">Mobiltelefon:</span> {{ user.mobile_phone }}</li>
</ul>
<div class="card-footer d-flex bg-white">
<a href="{{ url('user-update', args = [realm.id, user.user.dn]) }}"
<a href="{{ url('user-update', args = [realm.id, user.dn]) }}"
class="btn btn-primary mr-auto p-2"><i class="fas fa-user-edit"></i> Profil
bearbeiten</a>
<a href="{{ url('user-delete-confirm', args = [realm.id, user.user.dn]) }}"
<a href="{{ url('user-delete-confirm', args = [realm.id, user.dn]) }}"
class="btn btn-danger p-2"><i class="fas fa-trash"></i> Profil löschen</a>
</div>
</div>