def new_user(request): if not request.user.swordphishuser.is_staff_or_admin(): return HttpResponseForbidden() if request.method == "GET": userform = CreateUserForm() phishform = SwordphishUserForm() return render(request, 'LocalUsers/newuser.html', { 'swordphishform': phishform, 'userform': userform }) if request.method == "POST": userform = CreateUserForm(request.POST) phishform = SwordphishUserForm(request.POST) if not request.user.swordphishuser.is_staff_or_admin(): return HttpResponseForbidden() if not userform.is_valid(): return render(request, 'LocalUsers/newuser.html', { 'swordphishform': phishform, 'userform': userform }) if User.objects.filter(email=userform.cleaned_data["email"]): return render( request, 'LocalUsers/newuser.html', { 'swordphishform': phishform, 'userform': userform, 'user_already_exists': True }) if not phishform.is_valid(): return render(request, 'LocalUsers/newuser.html', { 'swordphishform': phishform, 'userform': userform }) user = userform.save(commit=False) user.username = userform.cleaned_data["email"].lower() password = User.objects.make_random_password() user.set_password(password) user.save() user.swordphishuser.phone_number = phishform.cleaned_data[ "phone_number"] user.swordphishuser.must_change_password = True user.swordphishuser.save() __send_user_informations(userform.cleaned_data["first_name"], userform.cleaned_data["email"], password, request.user.email) return HttpResponse("Ok") return HttpResponseForbidden()
def password_change_mandatory(request): if not request.user.is_authenticated(): return redirect("Authent:login") if request.method == "GET": if not request.user.swordphishuser.must_change_password: return redirect("Main:index") changepwdform = ChangePasswordForm(instance=request.user) swordphishuser = SwordphishUserForm( instance=request.user.swordphishuser) return render(request, "LocalUsers/loginchangepassword.html", { 'changepassform': changepwdform, 'swordphishform': swordphishuser }) if request.method == "POST": changepwdform = ChangePasswordForm(request.POST, instance=request.user) swordphishuser = SwordphishUserForm( request.POST, instance=request.user.swordphishuser) if not changepwdform.is_valid() or not swordphishuser.is_valid(): return render(request, "LocalUsers/loginchangepassword.html", { 'changepassform': changepwdform, 'swordphishform': swordphishuser }) editeduser = changepwdform.save(commit=False) editeduser.set_password( changepwdform.cleaned_data["password_confirmation"]) editeduser.save() editedswordphishuser = swordphishuser.save(commit=False) editedswordphishuser.must_change_password = False editedswordphishuser.save() return redirect("Main:index") return HttpResponseForbidden()
def myprofile(request): if request.method == "GET": userform = EditMyProfileForm(instance=request.user) swordphishuser = SwordphishUserForm( instance=request.user.swordphishuser) return render(request, "LocalUsers/editprofile.html", { 'userform': userform, 'swordphishform': swordphishuser }) if request.method == "POST": userform = EditMyProfileForm(request.POST, instance=request.user) swordphishuser = SwordphishUserForm( request.POST, instance=request.user.swordphishuser) if userform.is_valid() and swordphishuser.is_valid(): editeduser = userform.save(commit=False) if userform.cleaned_data["password_confirmation"] != "": editeduser.set_password( userform.cleaned_data["password_confirmation"]) update_session_auth_hash(request, editeduser) editeduser.save() editedswordphishuser = swordphishuser.save(commit=False) editedswordphishuser.must_change_password = False editedswordphishuser.save() return HttpResponse("Ok") return render(request, "LocalUsers/editprofile.html", { 'userform': userform, 'swordphishform': swordphishuser }) return HttpResponseForbidden()
def admin_users(request): if request.user.swordphishuser.is_staff_or_admin(): users_list = request.user.swordphishuser.subordinates() userform = UserForm() phishform = SwordphishUserForm() return render( request, 'Main/Admin/users.html', { 'newswordphishform': phishform, 'newuserform': userform, "menuactive": "users", "userslist": users_list }) return HttpResponseForbidden()
def edit_user(request, userid=None): user = get_object_or_404(SwordphishUser, id=userid) usermail = user.user.username if not user.can_be_edited(request.user): return HttpResponseForbidden() if request.method == "GET": userform = UserForm(instance=user.user) phishform = SwordphishUserForm(instance=user) return render(request, 'LocalUsers/edituser.html', { 'swordphishform': phishform, 'userform': userform, 'userid': userid }) if request.method == "POST": userform = UserForm(request.POST, instance=user.user) swordphishform = SwordphishUserForm(request.POST, instance=user) if not userform.is_valid(): return render( request, 'LocalUsers/edituser.html', { 'swordphishform': swordphishform, 'userform': userform, 'userid': userid }) if not swordphishform.is_valid(): return render( request, 'LocalUsers/edituser.html', { 'swordphishform': swordphishform, 'userform': userform, 'userid': userid }) if userform.cleaned_data["email"] != usermail: if User.objects.filter( email=userform.cleaned_data["email"]).count() > 0: return render( request, 'LocalUsers/newuser.html', { 'swordphishform': swordphishform, 'userform': userform, 'user_already_exists': True }) newuser = userform.save(commit=False) newuser.username = userform.cleaned_data["email"].lower() newuser.save() swordphishform.save() password = request.POST.get("password", "") password_confirmation = request.POST.get("password_confirmation", "") if password != "" and password == password_confirmation: user.user.set_password(password) if user.user != request.user: user.must_change_password = True user.save() user.user.save() return HttpResponse("Ok") return HttpResponseForbidden()