From 909d2324801d5668cdd95e3625277c6a458f692b Mon Sep 17 00:00:00 2001 From: Herbert Kruitbosch Date: Fri, 4 May 2018 16:48:19 +0200 Subject: [PATCH] agree create 3 --- rugwebsite/views.py | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/rugwebsite/views.py b/rugwebsite/views.py index cb8bb29..7a146c4 100644 --- a/rugwebsite/views.py +++ b/rugwebsite/views.py @@ -41,23 +41,21 @@ def gdpr_create_agree(request): data = form.cleaned_data['data'] sha256 = hashlib.sha256() sha256.update(data.encode('utf-8')) - assert request.user.username[64:] == sha256.hexdigest(), "Persoonsgegevens have been tinkered with" + assert request.session.get('samlPersoonsgegevensHash', None) == sha256.hexdigest(), "Persoonsgegevens have been tinkered with" + request.user = User() request.user.username, request.user.first_name, request.user.last_name, request.user.email = json.loads(data) + request.user.is_active = True + request.user.save() return render(request, 'rugwebsite/gdpr_agree_success.html', {'shownav': True}) else: data = json.dumps([request.user.username, request.user.first_name, request.user.last_name, request.user.email]) sha256 = hashlib.sha256() - sha256.update(data.encode('utf-8')) - request.user.username = get_random_string(length=64) + sha256.hexdigest() - request.user.first_name = '' - request.user.last_name = '' - request.user.email = '' - request.user.save() + request.session['samlPersoonsgegevensHash'] = sha256.hexdigest() + request.user.delete() - form = GDPRAgreeCreate() - return render(request, 'rugwebsite/gdpr.html', {'created': True, 'shownav': True, 'data': json.dumps(data), - 'form': form}) + form = GDPRAgreeCreate(defaults={'data': data}) + return render(request, 'rugwebsite/gdpr.html', {'created': True, 'shownav': True, 'form': form}) def gdpr_request_delete(request):