agree crate

rugwebsite/__init__.py

@@ -1 +1,3 @@
-__version__ = '0.1.31'
+__version__ = '0.1.33'
+
+import django.contrib.auth.models

rugwebsite/forms.py

@@ -4,3 +4,7 @@ from django import forms
 class RequestGDPRDelete(forms.Form):
     email = forms.EmailField(widget=forms.EmailInput)
 
+
+class GDPRAgreeCreate(forms.Form):
+    data = forms.TextField(widget=forms.HiddenInput)
+

rugwebsite/settings/default.py

@@ -69,6 +69,8 @@ AUTHENTICATION_BACKENDS = [
 
 SAML_ROUTE = 'sso/saml/'
 SAML_REDIRECT = '/'
+SAML_REDIRECT_CREATED = '/gdpr-just-created/'
+
 SAML_USERS_MAP = []
 
 SAML_PROVIDERS = []

rugwebsite/templates/rugwebsite/gdpr.html

@@ -17,6 +17,19 @@
       <h1>GDPR</h1>
       <p>Privacyverklaring</p>
       <br/>
+      {%  if created %}
+        <p>
+            U logt voor de eerste keer in en we willen uw persoonsgegevens opslaan. Gaat u daarvoor toestemming?
+            Als u geen toestemming wilt geven, kunt u deze pagina sluiten.
+        </p>
+
+        <form action="{% url 'gdpr-create-agree' %}" method="post" accept-charset="utf-8" >
+            {% csrf_token %}
+            {% bootstrap_form form %}
+            <button class="btn btn-default" type="submit">Toestemming geven</button>
+        </form>
+      <br/>
+      {% endif %}
       <a href="{% url 'gdpr-request-delete' %}">Verzoek tot verwijderen persoonsgegevens</a>
       {%  if show_agree_button %}
       <br/>

rugwebsite/views.py

@@ -1,8 +1,11 @@
+import json
+import hashlib
+
 from django.contrib.auth.decorators import login_required
 from django.contrib.auth.models import User
 from django.shortcuts import render
 
-from rugwebsite.forms import RequestGDPRDelete
+from rugwebsite.forms import RequestGDPRDelete, GDPRAgreeCreate
 from rugwebsite.models import PendingGDPRAgree, GDPRAgreed, PendingGDPRDelete
 
 from django.utils.crypto import get_random_string
@@ -30,6 +33,33 @@ def gdpr_ask_agreement(request):
     return render(request, 'rugwebsite/gdpr.html', {'show_agree_button': False, 'shownav': True})
 
 
+@login_required
+def gdpr_create_agree(request):
+    if request.method == 'POST':
+        form = GDPRAgreeCreate(request.POST)
+        assert form.is_valid()
+        data = form.cleaned_data['data']
+        sha256 = hashlib.sha256()
+        sha256.update(data.encode('utf-8'))
+        assert request.user.username[64:] == sha256.hexdigest(), "Persoonsgegevens have been tinkered with"
+        request.user.username, request.user.first_name, request.user.last_name, request.user.email = json.loads(data)
+
+        return render(request, 'rugwebsite/gdpr_agree_success.html', {'shownav': True})
+    else:
+        data = json.dumps([request.user.username, request.user.first_name, request.user.last_name, request.user.email])
+        sha256 = hashlib.sha256()
+        sha256.update(data.encode('utf-8'))
+        request.user.username = get_random_string(length=64) + sha256.hexdigest()
+        request.user.first_name = ''
+        request.user.last_name = ''
+        request.user.email = ''
+        request.user.save()
+
+        form = GDPRAgreeCreate()
+        return render(request, 'rugwebsite/gdpr.html', {'created': True, 'shownav': True, 'data': json.dumps(data),
+                                                        'form': form})
+
+
 def gdpr_request_delete(request):
     if request.method == 'POST':
         form = RequestGDPRDelete(request.POST)
@@ -77,4 +107,4 @@ def gdpr_agree(request, email, token):
             else:
                 result['token_not_found'] = True
 
-    return render(request, 'rugwebsite/gdpr_agree_success.html', result, {'shownav': True})
+    return render(request, 'rugwebsite/gdpr_agree_success.html', result)