import json import hashlib from django.contrib.auth.decorators import login_required from django.contrib.auth.models import User from django.shortcuts import render from rugwebsite.forms import RequestGDPRDelete, GDPRAgreeCreate from rugwebsite.models import PendingGDPRAgree, GDPRAgreed, PendingGDPRDelete from django.utils.crypto import get_random_string def home(request): return render(request, 'rugwebsite/home.html', {'shownav': True}) def gdpr(request): return render(request, 'rugwebsite/gdpr.html', {'show_agree_button': False, 'shownav': True}) @login_required def gdpr_ask_agreement(request): if not request.user.is_superuser: raise PermissionError() for user in User.objects.filter(username__in=('p207263', 'p233780', 'p253591', 'p269380'), is_active=True).all(): token = get_random_string(length=32) pending = PendingGDPRAgree(user=user, token=token) pending.save() pending.email() return render(request, 'rugwebsite/gdpr.html', {'show_agree_button': False, 'shownav': True}) def gdpr_create_agree(request): if request.method == 'POST': form = GDPRAgreeCreate(request.POST) assert form.is_valid() data = form.cleaned_data['data'] sha256 = hashlib.sha256() sha256.update(data.encode('utf-8')) assert request.session.get('samlPersoonsgegevensHash', None) == sha256.hexdigest(), "Persoonsgegevens have been tinkered with" request.user = User() request.user.username, request.user.first_name, request.user.last_name, request.user.email = json.loads(data) request.user.is_active = True request.user.save() return render(request, 'rugwebsite/gdpr_agree_success.html', {'shownav': True}) else: assert request.user.is_authenticated(), "User should be authenticated." data = json.dumps([request.user.username, request.user.first_name, request.user.last_name, request.user.email]) sha256 = hashlib.sha256() sha256.update(data.encode('utf-8')) request.user.delete() request.session['samlPersoonsgegevensHash'] = sha256.hexdigest() form = GDPRAgreeCreate(initial={'data': data}) return render(request, 'rugwebsite/gdpr.html', {'created': True, 'shownav': True, 'form': form}) def gdpr_request_delete(request): if request.method == 'POST': form = RequestGDPRDelete(request.POST) if form.is_valid(): users = list(User.objects.filter(email=form.cleaned_data['email']).all()) for user in users: token = get_random_string(length=32) pending = PendingGDPRDelete(user=user, token=token) pending.save() pending.email() return render(request, 'rugwebsite/gdpr_request_delete_successful.html', {'shownav': True, 'found': len(users) > 0}) else: form = RequestGDPRDelete() return render(request, 'rugwebsite/gdpr_request_delete.html', {'form': form, 'shownav': True}) def gdpr_delete(request, email, token): pending = list(PendingGDPRDelete.objects.filter(user__email=email, token=token).all()) if len(pending) > 0: for pending in pending: pending.forget(request) return render(request, 'rugwebsite/gdpr_delete.html', {'deleted': True, 'shownav': True}) return render(request, 'rugwebsite/gdpr_delete.html', {'deleted': False, 'shownav': True}) def gdpr_agree(request, email, token): if 'agree' not in request.GET: return render(request, 'rugwebsite/gdpr.html', {'show_agree_button': True, 'shownav': True, 'email': email, 'token': token}) result = { 'already_agreed': GDPRAgreed.objects.filter(user__email=email).exists(), 'show_agree_buttom': False, 'shownav': True } if not result['already_agreed']: pending = list(PendingGDPRAgree.objects.filter(token=token, user__email=email).all()) if len(pending) == 1: pending[0].agree() else: if GDPRAgreed.objects.filter(user__email=email).exists(): result['already_agreed'] = True else: result['token_not_found'] = True return render(request, 'rugwebsite/gdpr_agree_success.html', result)