import json import hashlib from django.contrib.auth import login from django.contrib.auth.decorators import login_required from django.contrib.auth.models import User from django.shortcuts import render, redirect from django.utils.module_loading import import_string from django_saml2_pro_auth.auth import Backend from rugwebsite.forms import RequestGDPRDelete, GDPRAgreeCreate from rugwebsite.models import PendingGDPRAgree, GDPRAgreed, PendingGDPRDelete from django.utils.crypto import get_random_string def home(request): return render(request, 'rugwebsite/home.html', {'shownav': True}) def gdpr(request): return render(request, 'rugwebsite/gdpr.html', {'show_agree_button': False, 'shownav': True}) @login_required def gdpr_ask_agreement(request): if not request.user.is_superuser: raise PermissionError() for user in User.objects.filter( is_active=True).all(): if PendingGDPRAgree.objects.filter(user=user).exists() or GDPRAgreed.objects.filter(user=user).exists() \ or user.email is None or user.email == '': continue token = get_random_string(length=32) pending = PendingGDPRAgree(user=user, token=token) pending.save() pending.email() return render(request, 'rugwebsite/gdpr.html', {'show_agree_button': False, 'shownav': True}) def gdpr_create_agree(request): if request.method == 'POST': form = GDPRAgreeCreate(request.POST) assert form.is_valid() data = form.cleaned_data['data'] sha256 = hashlib.sha256() sha256.update(data.encode('utf-8')) assert request.session.get('samlPersoonsgegevensHash', None) == sha256.hexdigest(), "Persoonsgegevens have been tinkered with" user = User() user.username, user.first_name, user.last_name, user.email = json.loads(data) user.is_active = True user.save() login(request, user, backend=request.session.get('samlBackend', 'django_saml2_pro_auth.auth.Backend')) return render(request, 'rugwebsite/gdpr_agree_success.html', {'shownav': True}) else: if request.user.is_authenticated(): data = json.dumps([request.user.username, request.user.first_name, request.user.last_name, request.user.email]) sha256 = hashlib.sha256() sha256.update(data.encode('utf-8')) request.user.delete() request.session['samlPersoonsgegevensHash'] = sha256.hexdigest() form = GDPRAgreeCreate(initial={'data': data}) return render(request, 'rugwebsite/gdpr.html', {'created': True, 'shownav': True, 'form': form}) return redirect('/') def gdpr_request_delete(request): if request.method == 'POST': form = RequestGDPRDelete(request.POST) if form.is_valid(): users = list(User.objects.filter(email=form.cleaned_data['email']).all()) for user in users: token = get_random_string(length=32) pending = PendingGDPRDelete(user=user, token=token) pending.save() pending.email() return render(request, 'rugwebsite/gdpr_request_delete_successful.html', {'shownav': True, 'found': len(users) > 0}) else: form = RequestGDPRDelete() return render(request, 'rugwebsite/gdpr_request_delete.html', {'form': form, 'shownav': True}) def gdpr_delete(request, email, token): pending = list(PendingGDPRDelete.objects.filter(user__email=email, token=token).all()) if len(pending) > 0: for pending in pending: pending.forget(request) return render(request, 'rugwebsite/gdpr_delete.html', {'deleted': True, 'shownav': True}) return render(request, 'rugwebsite/gdpr_delete.html', {'deleted': False, 'shownav': True}) def gdpr_agree(request, email, token): if 'agree' not in request.GET: return render(request, 'rugwebsite/gdpr.html', {'show_agree_button': True, 'shownav': True, 'email': email, 'token': token}) result = { 'already_agreed': GDPRAgreed.objects.filter(user__email=email).exists(), 'show_agree_buttom': False, 'shownav': True } if not result['already_agreed']: pending = list(PendingGDPRAgree.objects.filter(token=token, user__email=email).all()) if len(pending) == 1: pending[0].agree() else: if GDPRAgreed.objects.filter(user__email=email).exists(): result['already_agreed'] = True else: result['token_not_found'] = True return render(request, 'rugwebsite/gdpr_agree_success.html', result)