7 files changed, 119 insertions, 12 deletions

diff --git a/app.py b/app.py
index 2754b96..ccbc5dc 100644
--- a/app.py
+++ b/app.py
@@ -84,17 +84,7 @@ def register():
     #TODO: check for double mails
     form = RegisterForm(request.form, csrf_enabled=False)
     if request.method == 'POST' and form.validate():
-        username = form.username.data
-        mail = form.mail.data
-
-        confirm_token = make_confirmation('register', (username, mail))
-        confirm_link = url_for('register_complete', token=confirm_token, _external=True)
-
-        body = render_template('mail/register.txt', username=username,
-                               mail=mail, link=confirm_link)
-
-        send_mail(mail, u'E-Mail-Adresse bestätigen', body,
-                  sender=app.config.get('MAIL_CONFIRM_SENDER'))
+        send_register_confirmation_mail(form.username.data, form.mail.data)
 
         flash(u'Es wurde eine E-Mail an die angegebene Adresse geschickt, '
               u'um diese zu überprüfen. Bitte folge den Anweisungen in der '
@@ -277,6 +267,43 @@ def about():
     return {}
 
 
+@app.route('/admin')
+@templated('admin_index.html')
+def admin():
+    return {}
+
+
+@app.route('/admin/create_account', methods=['GET', 'POST'])
+@templated('admin_create_account.html')
+@admin_required
+def admin_create_account():
+    form = AdminCreateAccountForm()
+    if request.method == 'POST' and form.validate():
+        send_register_confirmation_mail(form.username.data, form.mail.data)
+
+        flash(u'Mail versandt.', 'success')
+        return redirect(url_for('index'))
+    return {'form': form}
+
+@app.route('/admin/view_blacklist')
+@app.route('/admin/view_blacklist/<start>')
+@templated('admin_view_blacklist.html')
+@admin_required
+def admin_view_blacklist(start=''):
+    entries = app.username_blacklist
+    if start:
+        entries = [e for e in entries if e.startswith(start)]
+
+    next_letters = set(e[len(start)] for e in entries if len(e) > len(start))
+
+    return {
+        'entries': entries,
+        'start': start,
+        'next_letters': next_letters,
+    }
+
+
+
 @app.errorhandler(403)
 @app.errorhandler(404)
 def errorhandler(e):
@@ -290,7 +317,7 @@ def debug():
 
 # we need the app to exist before initializing the forms
 from forms import RegisterForm, RegisterCompleteForm, LoginForm, SettingsForm,\
-                  LostPasswordForm
+                  LostPasswordForm, AdminCreateAccountForm
 
 
 if __name__ == '__main__':
diff --git a/forms.py b/forms.py
index 59da874..a65d45c 100644
--- a/forms.py
+++ b/forms.py
@@ -31,6 +31,15 @@ class RegisterForm(Form):
         #TODO
         pass
 
+class AdminCreateAccountForm(RegisterForm):
+    def validate_username(form, field):
+        try:
+            g.ldap.get_by_uid(field.data)
+        except NoSuchUserError:
+            return
+        else:
+            raise ValidationError(u'Dieser Benutzername ist schon vergeben')
+
 
 class RegisterCompleteForm(Form):
     password = PasswordField('Passwort', [validators.Required(),
diff --git a/templates/admin_create_account.html b/templates/admin_create_account.html
new file mode 100644
index 0000000..744cbef
--- /dev/null
+++ b/templates/admin_create_account.html
@@ -0,0 +1,19 @@
+{%- extends 'base.html' %}
+{%- from '_macros.html' import render_field, render_submit, render_csrf %}
+{%- set title = 'Account erstellen' %}
+{%- block content %}
+<p>
+  Hier kannst du einen Account erstellen, auch wenn der gewünschte
+  Benutzername in der Blacklist steht.
+</p>
+<p>
+  Der Benutzer bekommt eine Mail, mit der er sich dann ganz normal
+  ein Passwort setzen kann.
+</p>
+<form action="" method="post" class="form-horizontal">
+  {{ render_field(form.username, autofocus="autofocus") }}
+  {{ render_field(form.mail) }}
+  {{ render_submit(value='Link verschicken')}}
+  {{ render_csrf(form) }}
+</form>
+{%- endblock %}
diff --git a/templates/admin_index.html b/templates/admin_index.html
new file mode 100644
index 0000000..6275bcc
--- /dev/null
+++ b/templates/admin_index.html
@@ -0,0 +1,8 @@
+{%- extends 'base.html' %}
+{%- set title = 'Admin-Interface' %}
+{%- block content %}
+<ul>
+  <li><a href="{{ url_for('admin_create_account') }}">Account erstellen</a></li>
+  <li><a href="{{ url_for('admin_view_blacklist') }}">Blacklist anzeigen</a></li>
+</ul>
+{%- endblock %}
diff --git a/templates/admin_view_blacklist.html b/templates/admin_view_blacklist.html
new file mode 100644
index 0000000..4f203f6
--- /dev/null
+++ b/templates/admin_view_blacklist.html
@@ -0,0 +1,19 @@
+{%- extends 'base.html' %}
+{%- set title = 'Blacklist anzeigen' %}
+{%- block content %}
+<nav>
+  <ul>
+    {%- if start %}
+    <li><a href="{{ url_for('admin_view_blacklist') }}">Alle</a></li>
+    {%- endif %}
+    {%- for l in next_letters %}
+    <li><a href="{{ url_for('admin_view_blacklist', start=start+l) }}">{{ l }}</a></li>
+    {%- endfor %}
+  </ul>
+</nav>
+<ul>
+  {%- for e in entries %}
+  <li>{{ e }}</li>
+  {%- endfor %}
+</ul>
+{%- endblock %}
diff --git a/templates/base.html b/templates/base.html
index 4f2b22b..4123d7f 100644
--- a/templates/base.html
+++ b/templates/base.html
@@ -33,6 +33,9 @@
         <ul>
           {%- if g.user %}
           <li>Angemeldet als <strong>{{ g.user.uid }}</strong></li>
+            {%- if g.user.uid in config.get('ADMIN_USERS', []) %}
+          <li><a href="{{ url_for('admin') }}">Admin</a></li>
+            {%- endif %}
           <li><a href="{{ url_for('logout') }}">Abmelden</a></li>
           {%- else %}
           <li>Nicht angemeldet</li>
diff --git a/utils.py b/utils.py
index 27dfb33..24a17b2 100644
--- a/utils.py
+++ b/utils.py
@@ -45,6 +45,16 @@ def login_required(f):
         return f(*args, **kwargs)
     return login_required_
 
+def admin_required(f):
+    @wraps(f)
+    def admin_required_(*args, **kwargs):
+        if not g.user:
+            raise Forbidden(u'Bitte einloggen!')
+        if g.user.uid not in current_app.config.get('ADMIN_USERS', []):
+            raise Forbidden(u'Du bist kein Admin.')
+        return f(*args, **kwargs)
+    return admin_required_
+
 def logout_required(f):
     @wraps(f)
     def logout_required_(*args, **kwargs):
@@ -186,7 +196,19 @@ class Service(object):
     def __repr__(self):
         return '<Service %s>' % self.id
 
+
 def ensure_utf8(s):
     if isinstance(s, unicode):
         s = s.encode('utf8')
     return s
+
+
+def send_register_confirmation_mail(username, mail):
+    confirm_token = make_confirmation('register', (username, mail))
+    confirm_link = url_for('register_complete', token=confirm_token, _external=True)
+
+    body = render_template('mail/register.txt', username=username,
+                           mail=mail, link=confirm_link)
+
+    send_mail(mail, u'E-Mail-Adresse bestätigen', body,
+              sender=current_app.config.get('MAIL_CONFIRM_SENDER'))