agree crate

This commit is contained in:
H.T. Kruitbosch 2018-05-04 16:34:35 +02:00
parent 300b971650
commit 37dde44830
5 changed files with 54 additions and 3 deletions

View File

@ -1 +1,3 @@
__version__ = '0.1.31'
__version__ = '0.1.33'
import django.contrib.auth.models

View File

@ -4,3 +4,7 @@ from django import forms
class RequestGDPRDelete(forms.Form):
email = forms.EmailField(widget=forms.EmailInput)
class GDPRAgreeCreate(forms.Form):
data = forms.TextField(widget=forms.HiddenInput)

View File

@ -69,6 +69,8 @@ AUTHENTICATION_BACKENDS = [
SAML_ROUTE = 'sso/saml/'
SAML_REDIRECT = '/'
SAML_REDIRECT_CREATED = '/gdpr-just-created/'
SAML_USERS_MAP = []
SAML_PROVIDERS = []

View File

@ -17,6 +17,19 @@
<h1>GDPR</h1>
<p>Privacyverklaring</p>
<br/>
{% if created %}
<p>
U logt voor de eerste keer in en we willen uw persoonsgegevens opslaan. Gaat u daarvoor toestemming?
Als u geen toestemming wilt geven, kunt u deze pagina sluiten.
</p>
<form action="{% url 'gdpr-create-agree' %}" method="post" accept-charset="utf-8" >
{% csrf_token %}
{% bootstrap_form form %}
<button class="btn btn-default" type="submit">Toestemming geven</button>
</form>
<br/>
{% endif %}
<a href="{% url 'gdpr-request-delete' %}">Verzoek tot verwijderen persoonsgegevens</a>
{% if show_agree_button %}
<br/>

View File

@ -1,8 +1,11 @@
import json
import hashlib
from django.contrib.auth.decorators import login_required
from django.contrib.auth.models import User
from django.shortcuts import render
from rugwebsite.forms import RequestGDPRDelete
from rugwebsite.forms import RequestGDPRDelete, GDPRAgreeCreate
from rugwebsite.models import PendingGDPRAgree, GDPRAgreed, PendingGDPRDelete
from django.utils.crypto import get_random_string
@ -30,6 +33,33 @@ def gdpr_ask_agreement(request):
return render(request, 'rugwebsite/gdpr.html', {'show_agree_button': False, 'shownav': True})
@login_required
def gdpr_create_agree(request):
if request.method == 'POST':
form = GDPRAgreeCreate(request.POST)
assert form.is_valid()
data = form.cleaned_data['data']
sha256 = hashlib.sha256()
sha256.update(data.encode('utf-8'))
assert request.user.username[64:] == sha256.hexdigest(), "Persoonsgegevens have been tinkered with"
request.user.username, request.user.first_name, request.user.last_name, request.user.email = json.loads(data)
return render(request, 'rugwebsite/gdpr_agree_success.html', {'shownav': True})
else:
data = json.dumps([request.user.username, request.user.first_name, request.user.last_name, request.user.email])
sha256 = hashlib.sha256()
sha256.update(data.encode('utf-8'))
request.user.username = get_random_string(length=64) + sha256.hexdigest()
request.user.first_name = ''
request.user.last_name = ''
request.user.email = ''
request.user.save()
form = GDPRAgreeCreate()
return render(request, 'rugwebsite/gdpr.html', {'created': True, 'shownav': True, 'data': json.dumps(data),
'form': form})
def gdpr_request_delete(request):
if request.method == 'POST':
form = RequestGDPRDelete(request.POST)
@ -77,4 +107,4 @@ def gdpr_agree(request, email, token):
else:
result['token_not_found'] = True
return render(request, 'rugwebsite/gdpr_agree_success.html', result, {'shownav': True})
return render(request, 'rugwebsite/gdpr_agree_success.html', result)