add possibility to disable accounts

author: Marian Sigler <m@qjym.de> 2013-05-09 23:49:08 +0200
committer: Marian Sigler <m@qjym.de> 2013-05-09 23:49:08 +0200
commit: 7da85c36293a0821cf009724aa135b8343c882e4 (patch)
tree: abd8b2d253f47244a980103ff26d9141bc099e10
parent: 5f1e320a6ca7b781b8c4b4a0cfbc207d2719f38e (diff)
download: web-7da85c36293a0821cf009724aa135b8343c882e4.tar.gz
web-7da85c36293a0821cf009724aa135b8343c882e4.tar.bz2
web-7da85c36293a0821cf009724aa135b8343c882e4.zip
5 files changed, 84 insertions, 3 deletions
diff --git a/app.py b/app.py
index 523e38d..15434bf 100644
--- a/app.py
+++ b/app.py
@@ -9,6 +9,9 @@ import os
 from copy import deepcopy
 from flask import flash, Flask, g, redirect, request, session
 from utils import *
+from uuid import uuid4
+
+
 
 
 app = Flask(__name__)
@@ -100,6 +103,14 @@ def register_complete(token):
     #TODO: check for double uids and mail
     username, mail = http_verify_confirmation('register', token.encode('ascii'), timeout=3*24*60*60)
 
+    try:
+        g.ldap.get_by_uid(username)
+        g.ldap.get_by_mail(mail)
+    except account.NoSuchUserError:
+        pass
+    else:
+        flash(u'Du hast den Benutzer bereits angelegt! Du kannst dich jetzt einfach einloggen:')
+        return redirect(url_for('index'))
 
     form = RegisterCompleteForm(request.form, csrf_enabled=False)
     if request.method == 'POST' and form.validate():
@@ -115,7 +126,9 @@ def register_complete(token):
             send_mail(
                 app.config['MAIL_REGISTER_NOTIFY'],
                 u'[accounts] Neuer Benutzer %s erstellt' % username,
-                'Benutzername: %s\nE-Mail:       %s\n' % (username, mail)
+                u'Benutzername: %s\nE-Mail:       %s\n\nSpammer? Deaktivieren: '
+                u'%s\n' % (username, mail,
+                    url_for('admin_disable_account', uid=username, _external=True))
             )
 
         flash(u'Benutzer erfolgreich angelegt.', 'success')
@@ -308,6 +321,40 @@ def admin_view_blacklist(start=''):
     }
 
 
+@app.route('/admin/disable_account', methods=['GET', 'POST'])
+@templated('admin_disable_account.html')
+@admin_required
+def admin_disable_account():
+    form = AdminDisableAccountForm()
+    if 'uid' in request.args:
+        form = AdminDisableAccountForm(username=request.args['uid'])
+    if request.method == 'POST' and form.validate():
+        random_pw = str(uuid4())
+        form.user.change_password(random_pw)
+        for service in app.all_services:
+            form.user.reset_password(service.id)
+
+        oldmail = form.user.attributes['mail']
+        mail = app.config['DISABLED_ACCOUNT_MAILADDRESS_TEMPLATE'] % form.user.uid
+        form.user.change_email(mail)
+
+        g.ldap.update(form.user, as_admin=True)
+
+        flash(u'Passwort auf ein zufälliges und Mailadresse auf %s '
+              u'gesetzt.' % mail, 'success')
+
+        if app.config.get('MAIL_REGISTER_NOTIFY'):
+            send_mail(
+                app.config['MAIL_REGISTER_NOTIFY'],
+                u'[accounts] Benutzer %s deaktiviert' % form.user.uid,
+                'Benutzername: %s\nE-Mail war:   %s\n\ndurch:        %s\n' % \
+                (form.user.uid, oldmail, session['username'])
+            )
+
+        return redirect(url_for('admin'))
+
+    return {'form': form}
+
 
 @app.errorhandler(403)
 @app.errorhandler(404)
@@ -322,7 +369,8 @@ def debug():
 
 # we need the app to exist before initializing the forms
 from forms import RegisterForm, RegisterCompleteForm, LoginForm, SettingsForm,\
-                  LostPasswordForm, AdminCreateAccountForm
+                  LostPasswordForm, AdminCreateAccountForm,\
+                  AdminDisableAccountForm
 
 
 if __name__ == '__main__':
diff --git a/default_settings.py b/default_settings.py
index 45491fa..b51cbb3 100644
--- a/default_settings.py
+++ b/default_settings.py
@@ -9,6 +9,7 @@ PASSWORD_ENCRYPTION_KEY = '.\x14\xa7\x1b\xa2:\x1b\xb7\xbck\x1bD w\xab\x87a\xb4\x
 
 MAIL_DEFAULT_SENDER = 'spline accounts <noreply@accounts.spline.de>'
 MAIL_REGISTER_NOTIFY = None
+DISABLED_ACCOUNT_MAILADDRESS_TEMPLATE = 'noreply-disabledaccount-%s@accounts.spline.de'
 
 SENDMAIL_COMMAND = '/usr/sbin/sendmail'
 
diff --git a/forms.py b/forms.py
index 06c7800..d10d27e 100644
--- a/forms.py
+++ b/forms.py
@@ -42,7 +42,7 @@ class RegisterForm(Form):
         else:
             raise ValidationError(Markup(u'Ein Benutzername mit dieser Adresse existiert bereits. '
                                          u'Falls du deinen Benutzernamen vergessen hast, kannst du die '
-                                         u'<a href="%s">Passwort-vergessen-Funktion</a> benutzen'
+                                         u'<a href="%s">Passwort-vergessen-Funktion</a> benutzen.'
                                          % url_for('lost_password')))
 
 class AdminCreateAccountForm(RegisterForm):
@@ -115,6 +115,17 @@ class SettingsForm(Form):
         return getattr(self, 'delete_%s' % service_id)
 
 
+class AdminDisableAccountForm(Form):
+    username = TextField(u'Benutzername')
+
+    def validate_username(form, field):
+        try:
+            form.user = g.ldap.get_by_uid(field.data)
+        except NoSuchUserError:
+            raise ValidationError(u'Dieser Benutzername existiert nicht')
+
+
+
 #TODO: find out how we can use app.all_services in that early state
 for service in SERVICES:
     setattr(SettingsForm, 'password_%s' % service.id,
diff --git a/templates/admin_disable_account.html b/templates/admin_disable_account.html
new file mode 100644
index 0000000..b6eccda
--- /dev/null
+++ b/templates/admin_disable_account.html
@@ -0,0 +1,20 @@
+{%- extends 'base.html' %}
+{%- from '_macros.html' import render_field, render_submit, render_csrf %}
+{%- set title = 'Account deaktivieren' %}
+{%- block content %}
+<p>
+  Hier kannst du einen Account deaktivieren. Da es quasi unmöglich ist,
+  Accounts zu löschen, ohne dass es Konsistenzprobleme zwischen dem LDAP und
+  den Datenbanken der Anwendungen gibt, wird dazu einfach das Passwort auf was
+  zufälliges und die Mail auf was ungültiges gesetzt.
+</p>
+<p>
+  Der Benutzer wird davon nicht benachrichtigt, mach das also nur mit
+  Accounts, die sicher Spammer sind!
+</p>
+<form action="" method="post" class="form-horizontal">
+  {{ render_field(form.username, autofocus="autofocus") }}
+  {{ render_submit(value='Account deaktivieren')}}
+  {{ render_csrf(form) }}
+</form>
+{%- endblock %}
diff --git a/templates/admin_index.html b/templates/admin_index.html
index 6275bcc..7267493 100644
--- a/templates/admin_index.html
+++ b/templates/admin_index.html
@@ -4,5 +4,6 @@
 <ul>
   <li><a href="{{ url_for('admin_create_account') }}">Account erstellen</a></li>
   <li><a href="{{ url_for('admin_view_blacklist') }}">Blacklist anzeigen</a></li>
+  <li><a href="{{ url_for('admin_disable_account') }}">Account deaktivieren</a></li>
 </ul>
 {%- endblock %}
author	Marian Sigler <m@qjym.de>	2013-05-09 23:49:08 +0200
committer	Marian Sigler <m@qjym.de>	2013-05-09 23:49:08 +0200
commit	7da85c36293a0821cf009724aa135b8343c882e4 (patch)
tree	abd8b2d253f47244a980103ff26d9141bc099e10
parent	5f1e320a6ca7b781b8c4b4a0cfbc207d2719f38e (diff)
download	web-7da85c36293a0821cf009724aa135b8343c882e4.tar.gz web-7da85c36293a0821cf009724aa135b8343c882e4.tar.bz2 web-7da85c36293a0821cf009724aa135b8343c882e4.zip