add possibility to disable accounts

1 files changed, 50 insertions, 2 deletions

diff --git a/app.py b/app.py
index 523e38d..15434bf 100644
--- a/app.py
+++ b/app.py
@@ -9,6 +9,9 @@ import os
 from copy import deepcopy
 from flask import flash, Flask, g, redirect, request, session
 from utils import *
+from uuid import uuid4
+
+
 
 
 app = Flask(__name__)
@@ -100,6 +103,14 @@ def register_complete(token):
     #TODO: check for double uids and mail
     username, mail = http_verify_confirmation('register', token.encode('ascii'), timeout=3*24*60*60)
 
+    try:
+        g.ldap.get_by_uid(username)
+        g.ldap.get_by_mail(mail)
+    except account.NoSuchUserError:
+        pass
+    else:
+        flash(u'Du hast den Benutzer bereits angelegt! Du kannst dich jetzt einfach einloggen:')
+        return redirect(url_for('index'))
 
     form = RegisterCompleteForm(request.form, csrf_enabled=False)
     if request.method == 'POST' and form.validate():
@@ -115,7 +126,9 @@ def register_complete(token):
             send_mail(
                 app.config['MAIL_REGISTER_NOTIFY'],
                 u'[accounts] Neuer Benutzer %s erstellt' % username,
-                'Benutzername: %s\nE-Mail:       %s\n' % (username, mail)
+                u'Benutzername: %s\nE-Mail:       %s\n\nSpammer? Deaktivieren: '
+                u'%s\n' % (username, mail,
+                    url_for('admin_disable_account', uid=username, _external=True))
             )
 
         flash(u'Benutzer erfolgreich angelegt.', 'success')
@@ -308,6 +321,40 @@ def admin_view_blacklist(start=''):
     }
 
 
+@app.route('/admin/disable_account', methods=['GET', 'POST'])
+@templated('admin_disable_account.html')
+@admin_required
+def admin_disable_account():
+    form = AdminDisableAccountForm()
+    if 'uid' in request.args:
+        form = AdminDisableAccountForm(username=request.args['uid'])
+    if request.method == 'POST' and form.validate():
+        random_pw = str(uuid4())
+        form.user.change_password(random_pw)
+        for service in app.all_services:
+            form.user.reset_password(service.id)
+
+        oldmail = form.user.attributes['mail']
+        mail = app.config['DISABLED_ACCOUNT_MAILADDRESS_TEMPLATE'] % form.user.uid
+        form.user.change_email(mail)
+
+        g.ldap.update(form.user, as_admin=True)
+
+        flash(u'Passwort auf ein zufälliges und Mailadresse auf %s '
+              u'gesetzt.' % mail, 'success')
+
+        if app.config.get('MAIL_REGISTER_NOTIFY'):
+            send_mail(
+                app.config['MAIL_REGISTER_NOTIFY'],
+                u'[accounts] Benutzer %s deaktiviert' % form.user.uid,
+                'Benutzername: %s\nE-Mail war:   %s\n\ndurch:        %s\n' % \
+                (form.user.uid, oldmail, session['username'])
+            )
+
+        return redirect(url_for('admin'))
+
+    return {'form': form}
+
 
 @app.errorhandler(403)
 @app.errorhandler(404)
@@ -322,7 +369,8 @@ def debug():
 
 # we need the app to exist before initializing the forms
 from forms import RegisterForm, RegisterCompleteForm, LoginForm, SettingsForm,\
-                  LostPasswordForm, AdminCreateAccountForm
+                  LostPasswordForm, AdminCreateAccountForm,\
+                  AdminDisableAccountForm
 
 
 if __name__ == '__main__':