def create_user(request, realm: Realm, form: AddLDAPUserForm):
username = form.cleaned_data['username']
email = form.cleaned_data['email']
current_site = get_current_site(request)
protocol = get_protocol(request=request)
try:
LdapUser.create_with_django_user_creation_and_welcome_mail(realm=realm,
protocol=protocol,
domain=current_site.domain,
username=username,
email=email)
if realm.default_group:
ldap_user = LdapUser.get_user(username=username, realm=realm)
ldap_default_group = LdapGroup.get_group(group_name=realm.default_group.name, realm=realm)
LdapGroup.add_user_to_groups(ldap_user=ldap_user, ldap_groups=[ldap_default_group, ])
return get_realm_user_list(request=request,
realm_id=realm.id,
status_code=201,
success_headline='Aktion erfolgreich',
success_text=f'Nutzer {username} erfolgreich angelegt.',
)
except ALREADY_EXISTS:
return render(request,
'user/realm_user_add.jinja2',
{
'form': form,
'realm': realm,
'extra_error': f'Nutzer {username} existiert bereits.',
},
status=409)
def form_valid(self, form):
user = form.save()
password = form.cleaned_data['new_password1']
LdapUser.base_dn = LdapUser.ROOT_DN
LdapUser.password_reset(user, password)
cached_request = super().form_valid(form)
user.set_unusable_password()
user.save()
return cached_request
def group_detail(request, realm_id, group_dn):
realm = Realm.objects.get(id=realm_id)
LdapGroup.base_dn = f'ou=groups,{realm.ldap_base_dn}'
group = LdapGroup.objects.get(dn=group_dn)
users = LdapUser.get_users_by_dn(realm, group.members)
user_wrapper = LdapUser.get_user_active_marked(users)
return render(request, 'group/group_detail.jinja2', {
'group': group,
'realm': realm,
'users': user_wrapper
})
def render_user_detail_view(request, realm_id, user_dn):
realm = Realm.objects.get(id=realm_id)
ldap_user = LdapUser.get_user_by_dn(dn=user_dn)
user_wrapper = LdapUser.get_extended_user(ldap_user)
LdapGroup.base_dn = LdapGroup.ROOT_DN
groups = LdapGroup.objects.filter(members=ldap_user.dn)
return render(request,
'user/user_detail.jinja2',
{
'user': user_wrapper,
'groups': groups,
'realm': realm,
}, )
def realm_user_update(request, realm_id, user_dn):
realm = Realm.objects.get(id=realm_id)
ldap_user = LdapUser.get_user_by_dn(dn=user_dn, realm=realm)
return user_update_controller(
request=request,
realm=realm,
ldap_user=ldap_user,
user_detail_render_method=render_realm_user_detail_view,
update_view='user/realm_user_detail.jinja2',
form_class=AdminUpdateLDAPUserForm,
form_attrs=[
{
'model_field': 'username',
'form_field': 'username'
},
{
'model_field': 'first_name',
'form_field': 'first_name'
},
{
'model_field': 'last_name',
'form_field': 'last_name'
},
{
'model_field': 'email',
'form_field': 'email'
},
])
def user_update(request, realm_id, user_dn):
realm = Realm.objects.get(id=realm_id)
ldap_user = LdapUser.get_user_by_dn(dn=user_dn, realm=realm)
if request.user.username == ldap_user.username:
return user_update_controller(
request=request,
realm=realm,
ldap_user=ldap_user,
user_detail_render_method=render_user_detail_view,
update_view='user/user_detail.jinja2',
form_class=UpdateLDAPUserForm,
form_attrs=[
{
'model_field': 'first_name',
'form_field': 'first_name'
},
{
'model_field': 'last_name',
'form_field': 'last_name'
},
{
'model_field': 'email',
'form_field': 'email'
},
{
'model_field': 'phone',
'form_field': 'phone'
},
{
'model_field': 'mobile_phone',
'form_field': 'mobile_phone'
},
])
return redirect('permission-denied')
def get_realm_user_list(request, realm_id, status_code=200, success_headline="", success_text=""):
realm = Realm.objects.get(id=realm_id)
realm_users = LdapUser.get_users(realm=realm)
user_wrappers = []
for user in realm_users:
user_wrappers.append(LdapUser.get_extended_user(user))
return render(request,
'realm/realm_user.jinja2',
{
'realm': realm,
'realm_user': user_wrappers,
'success_headline': success_headline,
'success_text': success_text,
},
status=status_code,
)
def realm_multiple_user_delete_inactive(request, realm_id):
realm = Realm.objects.get(id=realm_id)
if request.method == 'POST':
form = UserDeleteListForm(request.POST)
if form.is_valid():
ldap_users = form.cleaned_data['ldap_users']
blocked_users, deletable_users = get_deletable_blocked_users(
ldap_users, realm)
return render(
request, 'realm/realm_user_multiple_delete.jinja2', {
'form': form,
'realm': realm,
'deletable_users': deletable_users,
'blocked_users': blocked_users,
'confirm': True
})
inactive_users = LdapUser.get_inactive_users(realm=realm)
# TODO: Form not valid
form = UserDeleteListForm()
return render(request, 'realm/realm_user_multiple_delete_confirm.jinja2', {
'form': form,
'realm': realm,
'users': inactive_users,
})
def realm_user_resend_password_reset(request, realm_id, user_dn):
realm = Realm.objects.get(id=realm_id)
ldap_user = LdapUser.get_user_by_dn(dn=user_dn, realm=realm)
try:
if ldap_user.email:
logger.info(f"Sending email to {ldap_user.email}")
form = PasswordResetForm({'email': ldap_user.email})
if form.is_valid():
logger.info('CREATE REQUEST')
pw_reset_request = HttpRequest()
pw_reset_request.META['SERVER_NAME'] = get_current_site(
request).domain
pw_reset_request.META['SERVER_PORT'] = '80'
if request.is_secure():
pw_reset_request.META['SERVER_PORT'] = '443'
logger.info('form.save')
form.save(
request=pw_reset_request,
use_https=True,
from_email=realm.email,
email_template_name='registration/password_reset_email.html'
)
return render_realm_user_detail_view(
request,
realm_id,
user_dn,
success_headline="Erfolgreich",
success_text=
"Die Passwort zurücksetzen E-Mail wurde erfolgreich versendet."
)
return render_realm_user_detail_view(
request,
realm_id,
user_dn,
error_headline="Fehlgeschlagen",
error_text="Der Nutzer E-Mail Addresse ist ungültig. "
"Es wurde keine E-Mail übermittelt.")
return render_realm_user_detail_view(
request,
realm_id,
user_dn,
error_headline="Fehlgeschlagen",
error_text="Der Nutzer besitzt keine E-Mail Addresse. "
"Bitte tragen Sie diese nach und probieren es erneut.")
except Exception as err:
logger.error(f'Error: {err}')
return render_realm_user_detail_view(
request,
realm_id,
user_dn,
error_headline="Fehlgeschlagen",
error_text=
"Die Passwort zurücksetzen E-Mail konnte nicht versendet werden.")
def get_user(id: int,
realm: Realm,
admin=False,
multiple_admin=False,
super_admin=False):
LdapUser.set_root_dn(realm=realm)
username = f"test_user_{id}"
email = f"test_user_{id}[email protected]"
first_name = f"test_{id}"
last_name = f"musterstudierender_{id}"
if admin:
username = f"test_admin_user_{id}"
email = f"test_admin_user_{id}[email protected]"
first_name = f"test_admin_{id}"
last_name = f"musterstudierender_admin_{id}"
if multiple_admin:
username = f"test_multiple_admin_user_{id}"
email = f"test_multiple_admin_user_{id}[email protected]"
first_name = f"test_multiple_admin_{id}"
last_name = f"musterstudierender_multiple_admin_{id}"
if super_admin:
username = f"test_super_user_{id}"
email = f"test_super_user_{id}[email protected]"
first_name = f"test_super_user_{id}"
last_name = f"musterstudierender_super_user_{id}"
try:
ldap_user, _ = LdapUser.objects.get_or_create(username=username,
email=email,
password=PASSWORD,
first_name=first_name,
last_name=last_name)
User.objects.create(username=username,
email=email,
password=PASSWORD,
first_name=first_name,
last_name=last_name)
except (ALREADY_EXISTS, IntegrityError):
ldap_user = LdapUser.objects.get(username=username, )
return ldap_user
def user_delete(request, realm_id, user_dn):
realm = Realm.objects.get(id=realm_id)
LdapUser.base_dn = f'ou=people,{realm.ldap_base_dn}'
LdapGroup.base_dn = f'ou=groups,{realm.ldap_base_dn}'
ldap_user = LdapUser.get_user_by_dn(dn=user_dn, realm=realm)
if request.user.username == ldap_user.username:
user_delete_controller(request=request,
ldap_user=ldap_user,
realm=realm)
return redirect('account-deleted', realm_id)
else:
return redirect('permission-denied')
def realm_user_delete(request, realm_id, user_dn):
realm = Realm.objects.get(id=realm_id)
ldap_user = LdapUser.get_user_by_dn(dn=user_dn, realm=realm)
LdapGroup.base_dn = f'ou=groups,{realm.ldap_base_dn}'
if _is_deleteable_user(realm, ldap_user):
try:
return user_delete_controller(request=request,
ldap_user=ldap_user,
realm=realm)
except OBJECT_CLASS_VIOLATION:
deletion_link = {
'name': 'realm-user-delete',
'args': [realm.id, ldap_user.dn]
}
cancel_link = {
'name': 'realm-user-detail',
'args': [realm.id, ldap_user.dn]
}
return render(
request, 'user/user_confirm_delete.jinja2', {
'realm':
realm,
'user':
ldap_user,
'deletion_link':
deletion_link,
'cancel_link':
cancel_link,
'extra_errors':
f'Der Nutzer {ldap_user.username} konnte nicht gelöscht werden, '
f'da er der letzte Nutzer einer Gruppe ist. '
f'Bitte lösche die Gruppe zuerst oder trage einen anderen Nutzer '
f'in die Gruppe ein.',
})
else:
return render(
request,
'permission_denied.jinja2',
{
'extra_errors':
f'Der Nutzer, {ldap_user.username}, gehört anscheinend zu den Admins. '
f'Solange der Nutzer dieser Gruppe angehört kann dieser nicht gelöscht werden. '
f'Bitte trage vorher den Nutzer aus der Admin Gruppe aus.'
},
)
def group_update(request, realm_id, group_dn):
realm = Realm.objects.get(id=realm_id)
LdapUser.base_dn = LdapUser.ROOT_DN
LdapGroup.base_dn = f'ou=groups,{realm.ldap_base_dn}'
group = LdapGroup.objects.get(dn=group_dn)
users = LdapUser.objects.all()
if request.method == 'POST':
form = AddLDAPGroupForm(request.POST)
if form.is_valid():
group.name = form.cleaned_data['name']
group.description = form.cleaned_data['description']
members = form.cleaned_data['members']
group.members = [member.dn for member in members]
group.save()
return redirect('realm-group-detail', realm_id, group.dn)
elif 'members' not in form.cleaned_data:
return render(
request, 'group/group_detail.jinja2', {
'form':
form,
'realm':
realm,
'group':
group,
'extra_error':
'Gruppen dürfen nicht leer sein. Wenn du die Gruppe nicht mehr benutzen möchtest, solltest du Sie löschen'
})
else:
members = LdapUser.objects.none()
if group.members:
members = LdapUser.get_users_by_dn(realm, group.members)
data = {
'name': group.name,
'description': group.description,
'members': members
}
form = AddLDAPGroupForm(initial=data)
return render(request, 'group/group_detail.jinja2', {
'form': form,
'realm': realm,
'group': group,
'users': users
})
def realm_user_resend_welcome_mail(request, realm_id, user_dn):
realm = Realm.objects.get(id=realm_id)
ldap_user = LdapUser.get_user_by_dn(dn=user_dn, realm=realm)
update_dajngo_user(ldap_user)
current_site = get_current_site(request)
protocol = get_protocol(request)
send_welcome_mail(domain=current_site.domain,
email=ldap_user.email,
protocol=protocol,
realm=realm,
user=User.objects.get(username=ldap_user.username))
return render_realm_user_detail_view(
request,
realm_id,
user_dn,
success_headline="Willkommensmail",
success_text="Willkommensmail erfolgreich versendet.")
def render_realm_user_detail_view(request, realm_id, user_dn, success_headline=None, success_text=None,
error_headline=None, error_text=None, status_code=200):
realm = Realm.objects.get(id=realm_id)
LdapUser.base_dn = realm.ldap_base_dn
LdapGroup.base_dn = LdapGroup.ROOT_DN
user = LdapUser.objects.get(dn=user_dn)
user_wrapper = LdapUser.get_extended_user(user)
groups = LdapGroup.objects.filter(members=user.dn)
return render(request,
'user/realm_user_detail.jinja2',
{
'user': user_wrapper,
'groups': groups,
'realm': realm,
'success_headline': success_headline,
'success_text': success_text,
'error_headline': error_headline,
'error_text': error_text,
}, status=status_code)
def user_delete_confirm(request, realm_id, user_dn):
realm = Realm.objects.get(id=realm_id)
LdapGroup.base_dn = f'ou=groups,{realm.ldap_base_dn}'
ldap_user = LdapUser.get_user_by_dn(dn=user_dn, realm=realm)
if request.user.username == ldap_user.username:
deletion_link = {
'name': 'user-delete',
'args': [realm.id, ldap_user.dn]
}
cancel_link = {'name': 'user-detail', 'args': [realm.id, ldap_user.dn]}
return render(
request, 'user/user_confirm_delete.jinja2', {
'realm': realm,
'user': ldap_user,
'deletion_link': deletion_link,
'cancel_link': cancel_link
})
else:
return redirect('permission-denied')
def realm_user_delete_confirm(request, realm_id, user_dn):
realm = Realm.objects.get(id=realm_id)
ldap_user = LdapUser.get_user_by_dn(dn=user_dn, realm=realm)
deletion_link = {
'name': 'realm-user-delete',
'args': [realm.id, ldap_user.dn]
}
cancel_link = {
'name': 'realm-user-detail',
'args': [realm.id, ldap_user.dn]
}
return render(
request, 'user/user_confirm_delete.jinja2', {
'realm': realm,
'user': ldap_user,
'deletion_link': deletion_link,
'cancel_link': cancel_link,
'deletion_wait_days': settings.DELETION_WAIT_DAYS
})
def realm_user_delete_cancel(request, realm_id, user_dn):
realm = Realm.objects.get(id=realm_id)
ldap_user = LdapUser.get_user_by_dn(dn=user_dn, realm=realm)
try:
deleted_user = DeletedUser.objects.get(ldap_dn=ldap_user.dn)
deleted_user.delete()
except ObjectDoesNotExist:
return render_realm_user_detail_view(
request=request,
realm_id=realm_id,
user_dn=user_dn,
error_headline="Fehlgeschlagen",
error_text="Nutzer ist nicht als gelöscht markiert.",
status_code=409)
return render_realm_user_detail_view(
request=request,
realm_id=realm_id,
user_dn=user_dn,
success_headline="Erfolgreich",
success_text="Nutzerlöschung wurde abgebrochen")
def realm_user_direct_delete(request, realm_id, user_dn):
realm = Realm.objects.get(id=realm_id)
ldap_user = LdapUser.get_user_by_dn(dn=user_dn, realm=realm)
if _is_deleteable_user(realm, ldap_user):
username = ldap_user.username
ldap_user.delete_complete()
return get_realm_user_list(
request=request,
realm_id=realm_id,
success_headline="Löschen erfolgreich",
success_text=f"Nutzer {username} wurde erfolgreich gelöscht.")
else:
return render(
request,
'permission_denied.jinja2',
{
'extra_errors':
f'Der Nutzer, {ldap_user.username}, gehört anscheinend zu den Admins. '
f'Solange der Nutzer dieser Gruppe angehört kann dieser nicht gelöscht werden. '
f'Bitte trage vorher den Nutzer aus der Admin Gruppe aus.'
},
)
def render_realm_detail_view(request,
realm_id,
success_headline=None,
success_text=None,
error_headline=None,
error_text=None,
status_code=200):
realm = Realm.objects.get(id=realm_id)
LdapUser.base_dn = realm.ldap_base_dn
inactive_users = LdapUser.get_inactive_users().count()
ldap_admin_group, ldap_default_group = get_default_admin_group(realm)
return render(request,
'realm/realm_detailed.jinja2', {
'realm': realm,
'ldap_admin_group': ldap_admin_group,
'ldap_default_group': ldap_default_group,
'inactive_user_count': inactive_users,
'users_count': LdapUser.objects.all().count(),
'success_headline': success_headline,
'success_text': success_text,
'error_headline': error_headline,
'error_text': error_text
},
status=status_code)
def get_available_given_groups(realm, user_dn):
ldap_user = LdapUser.get_user_by_dn(dn=user_dn, realm=realm)
user_groups = LdapGroup.get_user_groups(realm=realm, ldap_user=ldap_user)
realm_groups = LdapGroup.get_groups(realm=realm)
realm_groups_available = [realm_group for realm_group in realm_groups if realm_group not in user_groups]
return ldap_user, realm_groups_available, user_groups