def myprofile(request):
if request.method == "GET":
userform = EditMyProfileForm(instance=request.user)
swordphishuser = SwordphishUserForm(
instance=request.user.swordphishuser)
return render(request, "LocalUsers/editprofile.html", {
'userform': userform,
'swordphishform': swordphishuser
})
if request.method == "POST":
userform = EditMyProfileForm(request.POST, instance=request.user)
swordphishuser = SwordphishUserForm(
request.POST, instance=request.user.swordphishuser)
if userform.is_valid() and swordphishuser.is_valid():
editeduser = userform.save(commit=False)
if userform.cleaned_data["password_confirmation"] != "":
editeduser.set_password(
userform.cleaned_data["password_confirmation"])
update_session_auth_hash(request, editeduser)
editeduser.save()
editedswordphishuser = swordphishuser.save(commit=False)
editedswordphishuser.must_change_password = False
editedswordphishuser.save()
return HttpResponse("Ok")
return render(request, "LocalUsers/editprofile.html", {
'userform': userform,
'swordphishform': swordphishuser
})
return HttpResponseForbidden()
def password_change_mandatory(request):
if not request.user.is_authenticated():
return redirect("Authent:login")
if request.method == "GET":
if not request.user.swordphishuser.must_change_password:
return redirect("Main:index")
changepwdform = ChangePasswordForm(instance=request.user)
swordphishuser = SwordphishUserForm(
instance=request.user.swordphishuser)
return render(request, "LocalUsers/loginchangepassword.html", {
'changepassform': changepwdform,
'swordphishform': swordphishuser
})
if request.method == "POST":
changepwdform = ChangePasswordForm(request.POST, instance=request.user)
swordphishuser = SwordphishUserForm(
request.POST, instance=request.user.swordphishuser)
if not changepwdform.is_valid() or not swordphishuser.is_valid():
return render(request, "LocalUsers/loginchangepassword.html", {
'changepassform': changepwdform,
'swordphishform': swordphishuser
})
editeduser = changepwdform.save(commit=False)
editeduser.set_password(
changepwdform.cleaned_data["password_confirmation"])
editeduser.save()
editedswordphishuser = swordphishuser.save(commit=False)
editedswordphishuser.must_change_password = False
editedswordphishuser.save()
return redirect("Main:index")
return HttpResponseForbidden()
def new_user(request):
if not request.user.swordphishuser.is_staff_or_admin():
return HttpResponseForbidden()
if request.method == "GET":
userform = CreateUserForm()
phishform = SwordphishUserForm()
return render(request, 'LocalUsers/newuser.html', {
'swordphishform': phishform,
'userform': userform
})
if request.method == "POST":
userform = CreateUserForm(request.POST)
phishform = SwordphishUserForm(request.POST)
if not request.user.swordphishuser.is_staff_or_admin():
return HttpResponseForbidden()
if not userform.is_valid():
return render(request, 'LocalUsers/newuser.html', {
'swordphishform': phishform,
'userform': userform
})
if User.objects.filter(email=userform.cleaned_data["email"]):
return render(
request, 'LocalUsers/newuser.html', {
'swordphishform': phishform,
'userform': userform,
'user_already_exists': True
})
if not phishform.is_valid():
return render(request, 'LocalUsers/newuser.html', {
'swordphishform': phishform,
'userform': userform
})
user = userform.save(commit=False)
user.username = userform.cleaned_data["email"].lower()
password = User.objects.make_random_password()
user.set_password(password)
user.save()
user.swordphishuser.phone_number = phishform.cleaned_data[
"phone_number"]
user.swordphishuser.must_change_password = True
user.swordphishuser.save()
__send_user_informations(userform.cleaned_data["first_name"],
userform.cleaned_data["email"], password,
request.user.email)
return HttpResponse("Ok")
return HttpResponseForbidden()
def edit_user(request, userid=None):
user = get_object_or_404(SwordphishUser, id=userid)
usermail = user.user.username
if not user.can_be_edited(request.user):
return HttpResponseForbidden()
if request.method == "GET":
userform = UserForm(instance=user.user)
phishform = SwordphishUserForm(instance=user)
return render(request, 'LocalUsers/edituser.html', {
'swordphishform': phishform,
'userform': userform,
'userid': userid
})
if request.method == "POST":
userform = UserForm(request.POST, instance=user.user)
swordphishform = SwordphishUserForm(request.POST, instance=user)
if not userform.is_valid():
return render(
request, 'LocalUsers/edituser.html', {
'swordphishform': swordphishform,
'userform': userform,
'userid': userid
})
if not swordphishform.is_valid():
return render(
request, 'LocalUsers/edituser.html', {
'swordphishform': swordphishform,
'userform': userform,
'userid': userid
})
if userform.cleaned_data["email"] != usermail:
if User.objects.filter(
email=userform.cleaned_data["email"]).count() > 0:
return render(
request, 'LocalUsers/newuser.html', {
'swordphishform': swordphishform,
'userform': userform,
'user_already_exists': True
})
newuser = userform.save(commit=False)
newuser.username = userform.cleaned_data["email"].lower()
newuser.save()
swordphishform.save()
password = request.POST.get("password", "")
password_confirmation = request.POST.get("password_confirmation", "")
if password != "" and password == password_confirmation:
user.user.set_password(password)
if user.user != request.user:
user.must_change_password = True
user.save()
user.user.save()
return HttpResponse("Ok")
return HttpResponseForbidden()