Exemple #1
0
def myprofile(request):
    if request.method == "GET":
        userform = EditMyProfileForm(instance=request.user)
        swordphishuser = SwordphishUserForm(
            instance=request.user.swordphishuser)
        return render(request, "LocalUsers/editprofile.html", {
            'userform': userform,
            'swordphishform': swordphishuser
        })

    if request.method == "POST":
        userform = EditMyProfileForm(request.POST, instance=request.user)
        swordphishuser = SwordphishUserForm(
            request.POST, instance=request.user.swordphishuser)
        if userform.is_valid() and swordphishuser.is_valid():
            editeduser = userform.save(commit=False)

            if userform.cleaned_data["password_confirmation"] != "":
                editeduser.set_password(
                    userform.cleaned_data["password_confirmation"])
                update_session_auth_hash(request, editeduser)

            editeduser.save()
            editedswordphishuser = swordphishuser.save(commit=False)
            editedswordphishuser.must_change_password = False
            editedswordphishuser.save()
            return HttpResponse("Ok")

        return render(request, "LocalUsers/editprofile.html", {
            'userform': userform,
            'swordphishform': swordphishuser
        })

    return HttpResponseForbidden()
Exemple #2
0
def password_change_mandatory(request):
    if not request.user.is_authenticated():
        return redirect("Authent:login")
    if request.method == "GET":
        if not request.user.swordphishuser.must_change_password:
            return redirect("Main:index")
        changepwdform = ChangePasswordForm(instance=request.user)
        swordphishuser = SwordphishUserForm(
            instance=request.user.swordphishuser)
        return render(request, "LocalUsers/loginchangepassword.html", {
            'changepassform': changepwdform,
            'swordphishform': swordphishuser
        })

    if request.method == "POST":
        changepwdform = ChangePasswordForm(request.POST, instance=request.user)
        swordphishuser = SwordphishUserForm(
            request.POST, instance=request.user.swordphishuser)
        if not changepwdform.is_valid() or not swordphishuser.is_valid():
            return render(request, "LocalUsers/loginchangepassword.html", {
                'changepassform': changepwdform,
                'swordphishform': swordphishuser
            })

        editeduser = changepwdform.save(commit=False)
        editeduser.set_password(
            changepwdform.cleaned_data["password_confirmation"])
        editeduser.save()
        editedswordphishuser = swordphishuser.save(commit=False)
        editedswordphishuser.must_change_password = False
        editedswordphishuser.save()
        return redirect("Main:index")

    return HttpResponseForbidden()
Exemple #3
0
def new_user(request):

    if not request.user.swordphishuser.is_staff_or_admin():
        return HttpResponseForbidden()

    if request.method == "GET":
        userform = CreateUserForm()
        phishform = SwordphishUserForm()
        return render(request, 'LocalUsers/newuser.html', {
            'swordphishform': phishform,
            'userform': userform
        })

    if request.method == "POST":
        userform = CreateUserForm(request.POST)
        phishform = SwordphishUserForm(request.POST)

        if not request.user.swordphishuser.is_staff_or_admin():
            return HttpResponseForbidden()

        if not userform.is_valid():
            return render(request, 'LocalUsers/newuser.html', {
                'swordphishform': phishform,
                'userform': userform
            })

        if User.objects.filter(email=userform.cleaned_data["email"]):
            return render(
                request, 'LocalUsers/newuser.html', {
                    'swordphishform': phishform,
                    'userform': userform,
                    'user_already_exists': True
                })

        if not phishform.is_valid():
            return render(request, 'LocalUsers/newuser.html', {
                'swordphishform': phishform,
                'userform': userform
            })

        user = userform.save(commit=False)
        user.username = userform.cleaned_data["email"].lower()
        password = User.objects.make_random_password()
        user.set_password(password)
        user.save()
        user.swordphishuser.phone_number = phishform.cleaned_data[
            "phone_number"]
        user.swordphishuser.must_change_password = True
        user.swordphishuser.save()

        __send_user_informations(userform.cleaned_data["first_name"],
                                 userform.cleaned_data["email"], password,
                                 request.user.email)

        return HttpResponse("Ok")

    return HttpResponseForbidden()
Exemple #4
0
def edit_user(request, userid=None):
    user = get_object_or_404(SwordphishUser, id=userid)
    usermail = user.user.username

    if not user.can_be_edited(request.user):
        return HttpResponseForbidden()

    if request.method == "GET":
        userform = UserForm(instance=user.user)
        phishform = SwordphishUserForm(instance=user)
        return render(request, 'LocalUsers/edituser.html', {
            'swordphishform': phishform,
            'userform': userform,
            'userid': userid
        })

    if request.method == "POST":
        userform = UserForm(request.POST, instance=user.user)
        swordphishform = SwordphishUserForm(request.POST, instance=user)

        if not userform.is_valid():
            return render(
                request, 'LocalUsers/edituser.html', {
                    'swordphishform': swordphishform,
                    'userform': userform,
                    'userid': userid
                })

        if not swordphishform.is_valid():
            return render(
                request, 'LocalUsers/edituser.html', {
                    'swordphishform': swordphishform,
                    'userform': userform,
                    'userid': userid
                })

        if userform.cleaned_data["email"] != usermail:
            if User.objects.filter(
                    email=userform.cleaned_data["email"]).count() > 0:
                return render(
                    request, 'LocalUsers/newuser.html', {
                        'swordphishform': swordphishform,
                        'userform': userform,
                        'user_already_exists': True
                    })

        newuser = userform.save(commit=False)
        newuser.username = userform.cleaned_data["email"].lower()
        newuser.save()
        swordphishform.save()

        password = request.POST.get("password", "")
        password_confirmation = request.POST.get("password_confirmation", "")

        if password != "" and password == password_confirmation:
            user.user.set_password(password)
            if user.user != request.user:
                user.must_change_password = True
                user.save()

        user.user.save()

        return HttpResponse("Ok")

    return HttpResponseForbidden()