diff --git a/rugwebsite/__init__.py b/rugwebsite/__init__.py
index 582a98e..4c3b96d 100644
--- a/rugwebsite/__init__.py
+++ b/rugwebsite/__init__.py
@@ -1 +1,3 @@
-__version__ = '0.1.31'
\ No newline at end of file
+__version__ = '0.1.33'
+
+import django.contrib.auth.models
\ No newline at end of file
diff --git a/rugwebsite/forms.py b/rugwebsite/forms.py
index 833bfe4..263cae2 100755
--- a/rugwebsite/forms.py
+++ b/rugwebsite/forms.py
@@ -4,3 +4,7 @@ from django import forms
class RequestGDPRDelete(forms.Form):
email = forms.EmailField(widget=forms.EmailInput)
+
+class GDPRAgreeCreate(forms.Form):
+ data = forms.TextField(widget=forms.HiddenInput)
+
diff --git a/rugwebsite/settings/default.py b/rugwebsite/settings/default.py
index 7cecf1c..d7cb835 100755
--- a/rugwebsite/settings/default.py
+++ b/rugwebsite/settings/default.py
@@ -69,6 +69,8 @@ AUTHENTICATION_BACKENDS = [
SAML_ROUTE = 'sso/saml/'
SAML_REDIRECT = '/'
+SAML_REDIRECT_CREATED = '/gdpr-just-created/'
+
SAML_USERS_MAP = []
SAML_PROVIDERS = []
diff --git a/rugwebsite/templates/rugwebsite/gdpr.html b/rugwebsite/templates/rugwebsite/gdpr.html
index 8c843f0..c88681c 100755
--- a/rugwebsite/templates/rugwebsite/gdpr.html
+++ b/rugwebsite/templates/rugwebsite/gdpr.html
@@ -17,6 +17,19 @@
GDPR
Privacyverklaring
+ {% if created %}
+
+ U logt voor de eerste keer in en we willen uw persoonsgegevens opslaan. Gaat u daarvoor toestemming?
+ Als u geen toestemming wilt geven, kunt u deze pagina sluiten.
+
+
+
+
+ {% endif %}
Verzoek tot verwijderen persoonsgegevens
{% if show_agree_button %}
diff --git a/rugwebsite/views.py b/rugwebsite/views.py
index 187c56b..cb8bb29 100644
--- a/rugwebsite/views.py
+++ b/rugwebsite/views.py
@@ -1,8 +1,11 @@
+import json
+import hashlib
+
from django.contrib.auth.decorators import login_required
from django.contrib.auth.models import User
from django.shortcuts import render
-from rugwebsite.forms import RequestGDPRDelete
+from rugwebsite.forms import RequestGDPRDelete, GDPRAgreeCreate
from rugwebsite.models import PendingGDPRAgree, GDPRAgreed, PendingGDPRDelete
from django.utils.crypto import get_random_string
@@ -30,6 +33,33 @@ def gdpr_ask_agreement(request):
return render(request, 'rugwebsite/gdpr.html', {'show_agree_button': False, 'shownav': True})
+@login_required
+def gdpr_create_agree(request):
+ if request.method == 'POST':
+ form = GDPRAgreeCreate(request.POST)
+ assert form.is_valid()
+ data = form.cleaned_data['data']
+ sha256 = hashlib.sha256()
+ sha256.update(data.encode('utf-8'))
+ assert request.user.username[64:] == sha256.hexdigest(), "Persoonsgegevens have been tinkered with"
+ request.user.username, request.user.first_name, request.user.last_name, request.user.email = json.loads(data)
+
+ return render(request, 'rugwebsite/gdpr_agree_success.html', {'shownav': True})
+ else:
+ data = json.dumps([request.user.username, request.user.first_name, request.user.last_name, request.user.email])
+ sha256 = hashlib.sha256()
+ sha256.update(data.encode('utf-8'))
+ request.user.username = get_random_string(length=64) + sha256.hexdigest()
+ request.user.first_name = ''
+ request.user.last_name = ''
+ request.user.email = ''
+ request.user.save()
+
+ form = GDPRAgreeCreate()
+ return render(request, 'rugwebsite/gdpr.html', {'created': True, 'shownav': True, 'data': json.dumps(data),
+ 'form': form})
+
+
def gdpr_request_delete(request):
if request.method == 'POST':
form = RequestGDPRDelete(request.POST)
@@ -77,4 +107,4 @@ def gdpr_agree(request, email, token):
else:
result['token_not_found'] = True
- return render(request, 'rugwebsite/gdpr_agree_success.html', result, {'shownav': True})
+ return render(request, 'rugwebsite/gdpr_agree_success.html', result)