agree crate

This commit is contained in:
H.T. Kruitbosch 2018-05-04 16:34:35 +02:00
parent 300b971650
commit 37dde44830
5 changed files with 54 additions and 3 deletions

View File

@ -1 +1,3 @@
__version__ = '0.1.31' __version__ = '0.1.33'
import django.contrib.auth.models

View File

@ -4,3 +4,7 @@ from django import forms
class RequestGDPRDelete(forms.Form): class RequestGDPRDelete(forms.Form):
email = forms.EmailField(widget=forms.EmailInput) email = forms.EmailField(widget=forms.EmailInput)
class GDPRAgreeCreate(forms.Form):
data = forms.TextField(widget=forms.HiddenInput)

View File

@ -69,6 +69,8 @@ AUTHENTICATION_BACKENDS = [
SAML_ROUTE = 'sso/saml/' SAML_ROUTE = 'sso/saml/'
SAML_REDIRECT = '/' SAML_REDIRECT = '/'
SAML_REDIRECT_CREATED = '/gdpr-just-created/'
SAML_USERS_MAP = [] SAML_USERS_MAP = []
SAML_PROVIDERS = [] SAML_PROVIDERS = []

View File

@ -17,6 +17,19 @@
<h1>GDPR</h1> <h1>GDPR</h1>
<p>Privacyverklaring</p> <p>Privacyverklaring</p>
<br/> <br/>
{% if created %}
<p>
U logt voor de eerste keer in en we willen uw persoonsgegevens opslaan. Gaat u daarvoor toestemming?
Als u geen toestemming wilt geven, kunt u deze pagina sluiten.
</p>
<form action="{% url 'gdpr-create-agree' %}" method="post" accept-charset="utf-8" >
{% csrf_token %}
{% bootstrap_form form %}
<button class="btn btn-default" type="submit">Toestemming geven</button>
</form>
<br/>
{% endif %}
<a href="{% url 'gdpr-request-delete' %}">Verzoek tot verwijderen persoonsgegevens</a> <a href="{% url 'gdpr-request-delete' %}">Verzoek tot verwijderen persoonsgegevens</a>
{% if show_agree_button %} {% if show_agree_button %}
<br/> <br/>

View File

@ -1,8 +1,11 @@
import json
import hashlib
from django.contrib.auth.decorators import login_required from django.contrib.auth.decorators import login_required
from django.contrib.auth.models import User from django.contrib.auth.models import User
from django.shortcuts import render from django.shortcuts import render
from rugwebsite.forms import RequestGDPRDelete from rugwebsite.forms import RequestGDPRDelete, GDPRAgreeCreate
from rugwebsite.models import PendingGDPRAgree, GDPRAgreed, PendingGDPRDelete from rugwebsite.models import PendingGDPRAgree, GDPRAgreed, PendingGDPRDelete
from django.utils.crypto import get_random_string from django.utils.crypto import get_random_string
@ -30,6 +33,33 @@ def gdpr_ask_agreement(request):
return render(request, 'rugwebsite/gdpr.html', {'show_agree_button': False, 'shownav': True}) return render(request, 'rugwebsite/gdpr.html', {'show_agree_button': False, 'shownav': True})
@login_required
def gdpr_create_agree(request):
if request.method == 'POST':
form = GDPRAgreeCreate(request.POST)
assert form.is_valid()
data = form.cleaned_data['data']
sha256 = hashlib.sha256()
sha256.update(data.encode('utf-8'))
assert request.user.username[64:] == sha256.hexdigest(), "Persoonsgegevens have been tinkered with"
request.user.username, request.user.first_name, request.user.last_name, request.user.email = json.loads(data)
return render(request, 'rugwebsite/gdpr_agree_success.html', {'shownav': True})
else:
data = json.dumps([request.user.username, request.user.first_name, request.user.last_name, request.user.email])
sha256 = hashlib.sha256()
sha256.update(data.encode('utf-8'))
request.user.username = get_random_string(length=64) + sha256.hexdigest()
request.user.first_name = ''
request.user.last_name = ''
request.user.email = ''
request.user.save()
form = GDPRAgreeCreate()
return render(request, 'rugwebsite/gdpr.html', {'created': True, 'shownav': True, 'data': json.dumps(data),
'form': form})
def gdpr_request_delete(request): def gdpr_request_delete(request):
if request.method == 'POST': if request.method == 'POST':
form = RequestGDPRDelete(request.POST) form = RequestGDPRDelete(request.POST)
@ -77,4 +107,4 @@ def gdpr_agree(request, email, token):
else: else:
result['token_not_found'] = True result['token_not_found'] = True
return render(request, 'rugwebsite/gdpr_agree_success.html', result, {'shownav': True}) return render(request, 'rugwebsite/gdpr_agree_success.html', result)