def consent(request): if not request.user.is_authenticated(): return redirect('/') if request.method == 'POST': user = request.user user.profile.has_seen_consent = True user.profile.save() if is_worker(request.user): return redirect('/') if request.POST.get('consent') == 'yes': consent_to_policy(user, AUTOMATIC_LIU_DETAILS) if 'automatic_fullname' in request.POST: consent_to_policy(user, AUTOMATIC_FULLNAME) # Force re-login as this will update the username logout(request) return redirect(reverse('social:begin', args=['liu'])) else: # Make sure that personal information is erased before continuing revoke_automatic_liu_details(user) revoke_automatic_fullname(user) return redirect('/') if is_worker(request.user): return render(request, 'baljan/consent_worker.html') else: return render(request, 'baljan/consent.html')
def consent(request): if not request.user.is_authenticated: return redirect('/') if request.method == 'POST': user = request.user user.profile.has_seen_consent = True user.profile.save() if is_worker(request.user): return redirect('/') if request.POST.get('consent') == 'yes': consent_to_policy(user, AUTOMATIC_LIU_DETAILS) if 'automatic_fullname' in request.POST: consent_to_policy(user, AUTOMATIC_FULLNAME) # Force re-login as this will update the username logout(request) return redirect(reverse('social:begin', args=['liu'])) else: # Make sure that personal information is erased before continuing revoke_automatic_liu_details(user) revoke_automatic_fullname(user) return redirect('/') if is_worker(request.user): return render(request, 'baljan/consent_worker.html') else: return render(request, 'baljan/consent.html')
def legal_social_details(backend, strategy, details, response, user, *args, **kwargs): # We censor the field fullname immediately because it's not certain if it will # be used at all, and it will most definetely be replaceable by first_name and # last_name. See it as a measure of precaution. details = dict(backend.get_user_details(response), **details) details['fullname'] = None if user is not None and is_worker(user): # Workers are not affected by the consent as they are bound by an agreement which # regulates our processing of their personal details. # We must ensure that we keep an up-to-date username though. username = details['username'] # Only update the username if it has changed! if user.username != username: user.username = username strategy.storage.user.changed(user) return {'details': details} if not LegalConsent.is_present(user, AUTOMATIC_LIU_DETAILS): # Note that we must NOT remove the e-mail address here! This is needed for the step # social_core.pipeline.social_auth.associate_by_email # # Users that have never logged in using OAUTH before will not have an anonymous # identifier connected to their account, which is what python-social-auth uses for # connecting a login response to an actual user by default. If this identifier is # missing they must instead be associated using their e-mail address so we need to # keep the email-value in the details dictionary for this. We will later reset # this value in the step # cafesys.baljan.gdpr.clean_social_details # # Note: users that have never logged in using OAUTH could either be very old, and # previously logged in using the ADFS solution. Another alternative is that they # have been created as part of the "jobbsläpp" and thus have never logged in at all. # pass else: # The user has given their consent to storing their username and e-mail # given from LiU ADFS. If this is their first time logging in after # giving their consent we must explicitly change the username here, # as python-social-auth will not change this "protected" field themselves. username = details['username'] # Only update the username if it has changed! if user.username != username: user.username = username strategy.storage.user.changed(user) if not LegalConsent.is_present(user, AUTOMATIC_FULLNAME): # The user has not consented to the automatic retrieval of their fullname # from the LiU database, so we clear these fields from the details dict. details['first_name'] = '' details['last_name'] = '' return {'details': details}
def legal_social_details(backend, strategy, details, response, user, *args, **kwargs): # We censor the field fullname immediately because it's not certain if it will # be used at all, and it will most definetely be replaceable by first_name and # last_name. See it as a measure of precaution. details = dict(backend.get_user_details(response), **details) details['fullname'] = None if user is not None and is_worker(user): # Workers are not affected by the consent as they are bound by an agreement which # regulates our processing of their personal details. # We must ensure that we keep an up-to-date username though. username = details['username'] # Only update the username if it has changed! if user.username != username: user.username = username strategy.storage.user.changed(user) return {'details': details} if not LegalConsent.is_present(user, AUTOMATIC_LIU_DETAILS): # Note that we must NOT remove the e-mail address here! This is needed for the step # social_core.pipeline.social_auth.associate_by_email # # Users that have never logged in using OAUTH before will not have an anonymous # identifier connected to their account, which is what python-social-auth uses for # connecting a login response to an actual user by default. If this identifier is # missing they must instead be associated using their e-mail address so we need to # keep the email-value in the details dictionary for this. We will later reset # this value in the step # cafesys.baljan.gdpr.clean_social_details # # Note: users that have never logged in using OAUTH could either be very old, and # previously logged in using the ADFS solution. Another alternative is that they # have been created as part of the "jobbsläpp" and thus have never logged in at all. # pass else: # The user has given their consent to storing their username and e-mail # given from LiU ADFS. If this is their first time logging in after # giving their consent we must explicitly change the username here, # as python-social-auth will not change this "protected" field themselves. username = details['username'] # Only update the username if it has changed! if user.username != username: user.username = username strategy.storage.user.changed(user) if not LegalConsent.is_present(user, AUTOMATIC_FULLNAME): # The user has not consented to the automatic retrieval of their fullname # from the LiU database, so we clear these fields from the details dict. details['first_name'] = '' details['last_name'] = '' return {'details': details}
def set_anonymous_username(user, strategy, *args, **kwargs): if not is_worker(user) and not LegalConsent.is_present(user, AUTOMATIC_LIU_DETAILS): # This is the first time the user has logged in, or the user has not # approved any automatic storage of LiU details: generate a unique name. username = generate_anonymous_username(user) if user.username != username: user.username = username strategy.storage.user.changed(user) return {}
def set_anonymous_username(user, strategy, *args, **kwargs): if not is_worker(user) and not LegalConsent.is_present(user, AUTOMATIC_LIU_DETAILS): # This is the first time the user has logged in, or the user has not # approved any automatic storage of LiU details: generate a unique name. username = generate_anonymous_username(user) if user.username != username: user.username = username strategy.storage.user.changed(user) return {}
def clean_social_details(details, user, *args, **kwargs): if user is not None and is_worker(user): # This step is not needed for workers, see comment in # cafesys.baljan.gdpr.legal_social_details return {} if not LegalConsent.is_present(user, AUTOMATIC_LIU_DETAILS): # We have temporarily set an e-mail address that we aren't allowed # to persistently store, so we clear it and continue. details['email'] = '' return {'details': details} return {}
def clean_social_details(details, user, *args, **kwargs): if user is not None and is_worker(user): # This step is not needed for workers, see comment in # cafesys.baljan.gdpr.legal_social_details return {} if not LegalConsent.is_present(user, AUTOMATIC_LIU_DETAILS): # We have temporarily set an e-mail address that we aren't allowed # to persistently store, so we clear it and continue. details['email'] = '' return {'details': details} return {}
def see_user(request, who): u = request.user tpl = {} watched = User.objects.get(id=who) watching_self = u == watched if u.is_authenticated(): profile_form_cls_inst = ( (forms.UserForm, u), (forms.ProfileForm, u.profile), ) if watching_self and request.method == 'POST': # Handle policy consent and revocation actions if request.POST.get('policy') is not None: if not is_worker(u): policy_name, policy_version, action = request.POST.get('policy').split('/') if action == 'revoke': revoke_policy(u, policy_name) return redirect(request.path) elif action == 'consent': consent_to_policy(u, policy_name, int(policy_version)) if policy_name == AUTOMATIC_LIU_DETAILS or policy_name == AUTOMATIC_FULLNAME: logout(request) return redirect(reverse('social:begin', args=['liu']) + '?next=' + request.path) else: profile_forms = [c(request.POST, request.FILES, instance=i) for c, i in profile_form_cls_inst] # Make sure all forms are valid before saving. all_valid = True for f in profile_forms: if not f.is_valid(): all_valid = False if all_valid: for f in profile_forms: f.save() MutedConsent.log(u, ACTION_PROFILE_SAVED) else: messages.add_message(request, messages.WARNING, 'Kunde inte spara din profil. Ditt LiU-kortnummer kanske finns sparat hos någon annan användare.') return redirect(reverse('profile')) tpl['watched'] = watched tpl['watching_self'] = watching_self tpl['watched_groups'] = pseudogroups.real_only().filter(user=watched).order_by('name') if watching_self: tpl['sent_trade_requests'] = tr_sent = trades.requests_sent_by(u) tpl['received_trade_requests'] = tr_recd = trades.requests_sent_to(u) tpl['trade_requests'] = tr_sent or tr_recd profile_forms = [c(instance=i) for c, i in profile_form_cls_inst] tpl['profile_forms'] = profile_forms policies = get_policies(u) tpl['policies'] = policies tpl['is_worker'] = is_worker(u) # Call duties come after work shifts because they are more frequent. tpl['signup_types'] = ( (_("work shifts"), ['work'], signups_for(watched)), (_("call duties"), ['call-duty'], callduties_for(watched)), ) return render(request, 'baljan/user.html', tpl)
def see_user(request, who): u = request.user tpl = {} watched = get_object_or_404(User, id=who) watching_self = u == watched if u.is_authenticated: profile_form_cls_inst = ( (forms.UserForm, u), (forms.ProfileForm, u.profile), ) if watching_self and request.method == 'POST': # Handle policy consent and revocation actions if request.POST.get('policy') is not None: if not is_worker(u): policy_name, policy_version, action = request.POST.get( 'policy').split('/') if action == 'revoke': revoke_policy(u, policy_name) return redirect(request.path) elif action == 'consent': consent_to_policy(u, policy_name, int(policy_version)) if policy_name == AUTOMATIC_LIU_DETAILS or policy_name == AUTOMATIC_FULLNAME: logout(request) return redirect( reverse('social:begin', args=['liu']) + '?next=' + request.path) else: profile_forms = [ c(request.POST, request.FILES, instance=i) for c, i in profile_form_cls_inst ] # Make sure all forms are valid before saving. all_valid = True for f in profile_forms: if not f.is_valid(): all_valid = False if all_valid: for f in profile_forms: f.save() MutedConsent.log(u, ACTION_PROFILE_SAVED) else: messages.add_message( request, messages.WARNING, 'Kunde inte spara din profil. Ditt LiU-kortnummer kanske finns sparat hos någon annan användare.' ) return redirect(reverse('profile')) tpl['watched'] = watched tpl['watching_self'] = watching_self tpl['watched_groups'] = pseudogroups.real_only().filter( user=watched).order_by('name') if watching_self: tpl['sent_trade_requests'] = tr_sent = trades.requests_sent_by(u) tpl['received_trade_requests'] = tr_recd = trades.requests_sent_to(u) tpl['trade_requests'] = tr_sent or tr_recd profile_forms = [c(instance=i) for c, i in profile_form_cls_inst] tpl['profile_forms'] = profile_forms policies = get_policies(u) tpl['policies'] = policies tpl['is_worker'] = is_worker(u) # Call duties come after work shifts because they are more frequent. tpl['signup_types'] = ( (_("work shifts"), ['work'], signups_for(watched)), (_("call duties"), ['call-duty'], callduties_for(watched)), ) return render(request, 'baljan/user.html', tpl)