diff options
author | Marian Sigler <m@qjym.de> | 2013-05-09 23:49:08 +0200 |
---|---|---|
committer | Marian Sigler <m@qjym.de> | 2013-05-09 23:49:08 +0200 |
commit | 7da85c36293a0821cf009724aa135b8343c882e4 (patch) | |
tree | abd8b2d253f47244a980103ff26d9141bc099e10 | |
parent | 5f1e320a6ca7b781b8c4b4a0cfbc207d2719f38e (diff) | |
download | web-7da85c36293a0821cf009724aa135b8343c882e4.tar.gz web-7da85c36293a0821cf009724aa135b8343c882e4.tar.bz2 web-7da85c36293a0821cf009724aa135b8343c882e4.zip |
add possibility to disable accounts
-rw-r--r-- | app.py | 52 | ||||
-rw-r--r-- | default_settings.py | 1 | ||||
-rw-r--r-- | forms.py | 13 | ||||
-rw-r--r-- | templates/admin_disable_account.html | 20 | ||||
-rw-r--r-- | templates/admin_index.html | 1 |
5 files changed, 84 insertions, 3 deletions
@@ -9,6 +9,9 @@ import os from copy import deepcopy from flask import flash, Flask, g, redirect, request, session from utils import * +from uuid import uuid4 + + app = Flask(__name__) @@ -100,6 +103,14 @@ def register_complete(token): #TODO: check for double uids and mail username, mail = http_verify_confirmation('register', token.encode('ascii'), timeout=3*24*60*60) + try: + g.ldap.get_by_uid(username) + g.ldap.get_by_mail(mail) + except account.NoSuchUserError: + pass + else: + flash(u'Du hast den Benutzer bereits angelegt! Du kannst dich jetzt einfach einloggen:') + return redirect(url_for('index')) form = RegisterCompleteForm(request.form, csrf_enabled=False) if request.method == 'POST' and form.validate(): @@ -115,7 +126,9 @@ def register_complete(token): send_mail( app.config['MAIL_REGISTER_NOTIFY'], u'[accounts] Neuer Benutzer %s erstellt' % username, - 'Benutzername: %s\nE-Mail: %s\n' % (username, mail) + u'Benutzername: %s\nE-Mail: %s\n\nSpammer? Deaktivieren: ' + u'%s\n' % (username, mail, + url_for('admin_disable_account', uid=username, _external=True)) ) flash(u'Benutzer erfolgreich angelegt.', 'success') @@ -308,6 +321,40 @@ def admin_view_blacklist(start=''): } +@app.route('/admin/disable_account', methods=['GET', 'POST']) +@templated('admin_disable_account.html') +@admin_required +def admin_disable_account(): + form = AdminDisableAccountForm() + if 'uid' in request.args: + form = AdminDisableAccountForm(username=request.args['uid']) + if request.method == 'POST' and form.validate(): + random_pw = str(uuid4()) + form.user.change_password(random_pw) + for service in app.all_services: + form.user.reset_password(service.id) + + oldmail = form.user.attributes['mail'] + mail = app.config['DISABLED_ACCOUNT_MAILADDRESS_TEMPLATE'] % form.user.uid + form.user.change_email(mail) + + g.ldap.update(form.user, as_admin=True) + + flash(u'Passwort auf ein zufälliges und Mailadresse auf %s ' + u'gesetzt.' % mail, 'success') + + if app.config.get('MAIL_REGISTER_NOTIFY'): + send_mail( + app.config['MAIL_REGISTER_NOTIFY'], + u'[accounts] Benutzer %s deaktiviert' % form.user.uid, + 'Benutzername: %s\nE-Mail war: %s\n\ndurch: %s\n' % \ + (form.user.uid, oldmail, session['username']) + ) + + return redirect(url_for('admin')) + + return {'form': form} + @app.errorhandler(403) @app.errorhandler(404) @@ -322,7 +369,8 @@ def debug(): # we need the app to exist before initializing the forms from forms import RegisterForm, RegisterCompleteForm, LoginForm, SettingsForm,\ - LostPasswordForm, AdminCreateAccountForm + LostPasswordForm, AdminCreateAccountForm,\ + AdminDisableAccountForm if __name__ == '__main__': diff --git a/default_settings.py b/default_settings.py index 45491fa..b51cbb3 100644 --- a/default_settings.py +++ b/default_settings.py @@ -9,6 +9,7 @@ PASSWORD_ENCRYPTION_KEY = '.\x14\xa7\x1b\xa2:\x1b\xb7\xbck\x1bD w\xab\x87a\xb4\x MAIL_DEFAULT_SENDER = 'spline accounts <noreply@accounts.spline.de>' MAIL_REGISTER_NOTIFY = None +DISABLED_ACCOUNT_MAILADDRESS_TEMPLATE = 'noreply-disabledaccount-%s@accounts.spline.de' SENDMAIL_COMMAND = '/usr/sbin/sendmail' @@ -42,7 +42,7 @@ class RegisterForm(Form): else: raise ValidationError(Markup(u'Ein Benutzername mit dieser Adresse existiert bereits. ' u'Falls du deinen Benutzernamen vergessen hast, kannst du die ' - u'<a href="%s">Passwort-vergessen-Funktion</a> benutzen' + u'<a href="%s">Passwort-vergessen-Funktion</a> benutzen.' % url_for('lost_password'))) class AdminCreateAccountForm(RegisterForm): @@ -115,6 +115,17 @@ class SettingsForm(Form): return getattr(self, 'delete_%s' % service_id) +class AdminDisableAccountForm(Form): + username = TextField(u'Benutzername') + + def validate_username(form, field): + try: + form.user = g.ldap.get_by_uid(field.data) + except NoSuchUserError: + raise ValidationError(u'Dieser Benutzername existiert nicht') + + + #TODO: find out how we can use app.all_services in that early state for service in SERVICES: setattr(SettingsForm, 'password_%s' % service.id, diff --git a/templates/admin_disable_account.html b/templates/admin_disable_account.html new file mode 100644 index 0000000..b6eccda --- /dev/null +++ b/templates/admin_disable_account.html @@ -0,0 +1,20 @@ +{%- extends 'base.html' %} +{%- from '_macros.html' import render_field, render_submit, render_csrf %} +{%- set title = 'Account deaktivieren' %} +{%- block content %} +<p> + Hier kannst du einen Account deaktivieren. Da es quasi unmöglich ist, + Accounts zu löschen, ohne dass es Konsistenzprobleme zwischen dem LDAP und + den Datenbanken der Anwendungen gibt, wird dazu einfach das Passwort auf was + zufälliges und die Mail auf was ungültiges gesetzt. +</p> +<p> + Der Benutzer wird davon nicht benachrichtigt, mach das also nur mit + Accounts, die sicher Spammer sind! +</p> +<form action="" method="post" class="form-horizontal"> + {{ render_field(form.username, autofocus="autofocus") }} + {{ render_submit(value='Account deaktivieren')}} + {{ render_csrf(form) }} +</form> +{%- endblock %} diff --git a/templates/admin_index.html b/templates/admin_index.html index 6275bcc..7267493 100644 --- a/templates/admin_index.html +++ b/templates/admin_index.html @@ -4,5 +4,6 @@ <ul> <li><a href="{{ url_for('admin_create_account') }}">Account erstellen</a></li> <li><a href="{{ url_for('admin_view_blacklist') }}">Blacklist anzeigen</a></li> + <li><a href="{{ url_for('admin_disable_account') }}">Account deaktivieren</a></li> </ul> {%- endblock %} |