def settings(request, classe_name=None):
if not request.user.is_superuser:
return HttpResponseRedirect('/')
try:
mail = MailSettings.objects.get()
except MailSettings.DoesNotExist:
mail = MailSettings()
try:
security = SecuritySettings.objects.get()
except SecuritySettings.DoesNotExist:
security = SecuritySettings()
try:
general = GeneralSettings.objects.get()
except GeneralSettings.DoesNotExist:
general = GeneralSettings()
mail_form = MailSettingsForm(instance=mail)
security_form = SecuritySettingsForm(instance=security)
general_form = GeneralSettingsForm(instance=general)
if request.POST:
if classe_name == 'mail':
mail_form = MailSettingsForm(request.POST, instance=mail)
if mail_form.is_valid():
mail_form.save()
elif classe_name == 'security':
security_form = SecuritySettingsForm(request.POST,
instance=security)
if security_form.is_valid():
security_form.save()
elif classe_name == 'general':
general_form = GeneralSettingsForm(request.POST, instance=general)
if general_form.is_valid():
general_form.save()
# connected_users = Session.objects.filter(
# expire_date__gte=datetime.datetime.now()).count()
return render(
request,
'settings.html',
{
'nb_workspaces': Workspace.objects.count(),
# 'connected_users': connected_users,
'security': security_form,
'general': general_form,
'mail': mail_form,
})
def __init__(self, user=None):
"""Initialize crypto class
Args:
user (None, optional): User of the django request
"""
self.random_gen = Random.new().read
self.user = user
self.bs = 32
try:
self.settings = SecuritySettings.objects.get()
except SecuritySettings.DoesNotExist:
self.settings = SecuritySettings()
def update_password(request):
if not request.method == "POST":
return profile(request)
old_password = request.POST['old_password']
new_password = request.POST['new_password']
confirm_password = request.POST['confirm_password']
if not request.user.check_password(old_password):
return profile(request, error=_("Invalid password"))
if new_password != confirm_password:
return profile(request, error=_("Password mismatch"))
try:
settings = SecuritySettings.objects.get()
except SecuritySettings.DoesNotExist:
settings = SecuritySettings(length_password=8)
if len(new_password) < settings.length_password:
error = "The password must be at least {} characters long.".format(
settings.length_password)
return profile(request, error=error)
# At least one letter and one non-letter
first_isalpha = new_password[0].isalpha()
if all(c.isalpha() == first_isalpha for c in new_password):
error = _("The password must contain at least one letter and at least \
one digit or punctuation character.")
return profile(request, error=error)
if old_password == new_password:
error = _("You must choose a new password")
return profile(request, error=error)
workspaces = Workspace.objects.filter(owner=request.user)
shares = Shared.objects.filter(user=request.user)
passphrase = hashlib.sha512(old_password.encode("utf-8")).hexdigest()
new_passphrase = hashlib.sha512(new_password.encode('utf-8')).hexdigest()
try:
update_password_toolkit(request.user, workspaces, shares, passphrase,
new_passphrase, new_password)
except Exception as e:
return profile(request, error=str(e))
return profile(request, success=_("Password updated"))
def middleware(request):
# Code to be executed for each request before
# the view (and later middleware) are called.
# if resolve(request.path_info).url_name == 'install':
# return get_response(request)
user = request.user
if resolve(request.path_info).url_name in (
'install', 'configure_account', 'change_password') \
or user.is_anonymous:
return get_response(request)
if not user.configure:
return HttpResponseRedirect('/configure/{}'.format(user.id))
if user.is_locked:
return HttpResponseForbidden()
try:
settings_teamlock = SecuritySettings.objects.get()
except SecuritySettings.DoesNotExist:
return HttpResponseRedirect('/install')
settings_teamlock = SecuritySettings(password_change=100)
try:
date_last_change = datetime.datetime(user.last_change_passwd.year,
user.last_change_passwd.month,
user.last_change_passwd.day)
if ((datetime.datetime.now() - date_last_change).days >=
settings_teamlock.password_change):
return HttpResponseRedirect('/changepassword')
except AttributeError:
return HttpResponseRedirect('/changepassword')
return get_response(request)
def install(request):
# Check if installation have already be done
if get_user_model().objects.count():
return HttpResponseRedirect('/')
mail_form = MailSettingsForm(instance=MailSettings())
security_form = SecuritySettingsForm(instance=SecuritySettings())
general_form = GeneralSettingsForm(instance=GeneralSettings())
if request.method == "POST":
User = get_user_model()
secu_settings = SecuritySettings(
password_change=int(request.POST['password_change']),
length_password=int(request.POST['length_password']),
key_size=int(request.POST['key_size']),
)
mail_settings = MailSettings(host=request.POST['host'])
gen_settings = GeneralSettings(
company_name=request.POST['company_name'])
first_name = request.POST['first_name']
last_name = request.POST['last_name']
email = request.POST['email']
password = request.POST['password']
password = request.POST['password']
repassword = request.POST['repassword']
backup_password = request.POST['backup_password']
if password != repassword:
error = _("Password mismatch")
return JsonResponse({'status': False, 'error': error})
if len(password) < secu_settings.length_password:
error = _("The password must be at least \
{} characters long.".format(secu_settings.length_password))
return JsonResponse({'status': False, 'error': error})
# At least one letter and one non-letter
first_isalpha = password[0].isalpha()
if all(c.isalpha() == first_isalpha for c in password):
error = _("The password must contain at least one letter and at \
least one digit or punctuation character.")
return JsonResponse({'status': False, 'error': error})
superuser = User(first_name=first_name,
last_name=last_name,
email=email,
last_change_passwd=datetime.datetime.now(),
configure=True,
is_superuser=True)
superuser.set_password(password)
superuser.generate_keys(
hashlib.sha512(password.encode('utf-8')).hexdigest())
superuser.save()
backup_user = User(first_name="Backup",
last_name="Backup",
email="*****@*****.**",
last_change_passwd=datetime.datetime.now(),
configure=True,
is_superuser=False)
backup_user.set_password(password)
backup_user.generate_keys(
hashlib.sha512(backup_password.encode('utf-8')).hexdigest())
backup_user.save()
secu_settings.save()
try:
mail_settings.save()
except Exception:
pass
gen_settings.save()
# Creating workspace
workspace_utils = WorkspaceUtils(superuser)
status, error = workspace_utils.create_workspace(name="Personal")
return JsonResponse({'status': True})
return render(request, 'install.html', {
'security': security_form,
'general': general_form,
'mail': mail_form,
})
def recover_passphrase(request):
if request.method == "GET":
return render(request, "recover_passphrase.html")
email = request.POST['email']
new_password = request.POST['new_password']
confirm_password = request.POST['confirm_password']
if new_password != confirm_password:
return render(request, 'recover_passphrase.html', {
'error': _('Passwords mismatch')
})
try:
settings = SecuritySettings.objects.get()
except SecuritySettings.DoesNotExist:
settings = SecuritySettings(length_password=8)
if len(new_password) < settings.length_password:
error = "The password must be at least {} characters long.".format(
settings.length_password)
return render(request, 'recover_passphrase.html', {
'error': error
})
# At least one letter and one non-letter
first_isalpha = new_password[0].isalpha()
if all(c.isalpha() == first_isalpha for c in new_password):
error = _("The password must contain at least one letter and at least \
one digit or punctuation character.")
return render(request, 'recover_passphrase.html', {
'error': error
})
try:
recovery_file = request.FILES['recovery_file'].read()
recovery_file = base64.b64decode(recovery_file).decode('utf-8')
except Exception:
return render(request, 'recover_passphrase.html', {
'error': _('Invalid recovery file provided')
})
try:
user = get_user_model().objects.get(email=email)
except get_user_model().DoesNotExist:
return render(request, 'recover_passphrase.html', {
'error': _('No such user')
})
recovery_passphrase = user.recovery_passphrase
crypto_utils = CryptoUtils()
decrypted_recovery = crypto_utils.sym_decrypt(recovery_passphrase, recovery_file)
workspaces = Workspace.objects.filter(owner=user)
shares = Shared.objects.filter(user=user)
new_passphrase = hashlib.sha512(new_password.encode('utf-8')).hexdigest()
try:
update_password_toolkit(
user,
workspaces,
shares,
decrypted_recovery,
new_passphrase,
new_password
)
except Exception as e:
return render(request, 'recover_passphrase.html', {
'error': str(e)
})
return render(request, 'logon.html', {
'message': _("Password successfully updated")
})
def configure_account(request, user_id):
model_user = get_user_model()
try:
user = model_user.objects.get(pk=user_id)
except model_user.DoesNotExist:
return HttpResponseForbidden('Not allowed')
if user.configure:
return HttpResponseRedirect('/')
try:
settings = SecuritySettings.objects.get()
except SecuritySettings.DoesNotExist:
settings = SecuritySettings(length_password=8)
if request.method == "POST":
first_name = request.POST['first_name']
last_name = request.POST['last_name']
password = request.POST['password']
password = request.POST['password']
repassword = request.POST['repassword']
if password != repassword:
error = _("Password mismatch")
return render(request, 'configure.html', {
'user': user,
'error': error
})
if len(password) < settings.length_password:
error = "The password must be at least {} characters long.".format(
settings.length_password)
return render(request, 'configure.html', {
'user': user,
'error': error
})
# At least one letter and one non-letter
first_isalpha = password[0].isalpha()
if all(c.isalpha() == first_isalpha for c in password):
error = _("The password must contain at least one letter and at least \
one digit or punctuation character.")
return render(request, 'configure.html', {
'user': user,
'error': error
})
hashed_passwd = hashlib.sha512(password.encode('utf-8')).hexdigest()
user.generate_keys(hashed_passwd)
user.set_password(password)
user.first_name = first_name
user.last_name = last_name
user.last_change_passwd = datetime.datetime.now()
user.configure = True
user.save()
workspace_utils = WorkspaceUtils(user)
workspace_utils.create_workspace("Personal")
logger.info("User {} configured".format(user.email))
return HttpResponseRedirect('/login')
password_indication = "At least {} characters, with one letter and \
one digit or punctuation".format(settings.length_password)
return render(request, 'configure.html', {
'user': user,
'password_indication': password_indication,
})