diff --git a/adm/views.py b/adm/views.py index f05c5c5..1ec7701 100644 --- a/adm/views.py +++ b/adm/views.py @@ -725,6 +725,5 @@ class AdmImportFlow(TemplateView): # LINK TO THE NC-INSTANCE context.update({'nclink' : settings.NEXTCLOUD_URL}) - context.update({'ncid' : self.request.COOKIES['nc_session_id']}) - context.update({'nccs' : self.request.COOKIES['csrftoken']}) + context.update({'ncid' : self.request.user.profile.nc_sid}) return context diff --git a/api/views.py b/api/views.py index 6b0e0f2..9319027 100644 --- a/api/views.py +++ b/api/views.py @@ -1,3 +1,4 @@ +from django.views.decorators.csrf import ensure_csrf_cookie from cloud.models import DataFile, DataDir from django.shortcuts import redirect from rest_framework.views import APIView @@ -98,6 +99,8 @@ def migrateAgencyUsers(request, pk): def apilogout(request, uid): print("LOGOUT: " + str(uid)) user = User.objects.get(username=uid) + user.profile.nc_sid = "" + user.save() [s.delete() for s in Session.objects.all() if s.get_decoded().get('_auth_user_hash') == user.get_session_auth_hash()] return JsonResponse({'res' : 'ok'}) @@ -107,6 +110,7 @@ import xmltodict, json, requests @api_view(['GET'], ) def userChangedInNc(request, uid, sid): user = User.objects.get(username=uid) + print("SID: " + sid) if(user.is_authenticated and getNCLoggedUserBySession(sid) == uid): nc_login_headers = {'Authorization' : 'Bearer ' + sid} r = requests.get(settings.NEXTCLOUD_URL + "ocs/v1.php/cloud/users/" + uid, headers=nc_login_headers) @@ -191,7 +195,7 @@ def NCAddGroup(request): "id" : newgroupid } headers = { - 'Authorization': 'Bearer ' + request.COOKIES['nc_session_id'] + 'Authorization': 'Bearer ' + request.user.profile.nc_sid } r = requests.post(settings.NEXTCLOUD_URL + "apps/agency/regr", data=data, headers=headers) return JsonResponse({'status' : True, 'message': 'Gruppe ' + aggroup.agencygroupname + ' erzeugt - ID: ' + newgroupid}) @@ -263,7 +267,7 @@ def NCAddGroupFolder(request): "aid" : str(agency.pk) } headers = { - 'Authorization': 'Bearer ' + request.COOKIES['nc_session_id'] + 'Authorization': 'Bearer ' + request.user.profile.nc_sid } r = requests.post(settings.NEXTCLOUD_URL + "apps/agency/createagf", data=data, headers=headers) print(r.text) @@ -365,13 +369,13 @@ def NCTest(request): print(request.headers) return JsonResponse({'status' : False, 'message': 'AUTH ERROR'}) - -@api_view(['GET'], ) +# Setting the Users Data for logging +@api_view(['POST'], ) def SetUserData(request): - print("Check login status...") - if(request.COOKIES['nc_username'] != None and getNCLoggedUserBySession(request.COOKIES['nc_session_id'])): - login(request, User.objects.get(username=request.COOKIES['nc_username'])) - else: - logout(request) - - return JsonResponse({'stat' : True}) + try: + user = User.objects.get(username=request.POST.get('uid')) + user.profile.nc_sid = request.POST.get('sid') + user.save() + return JsonResponse({'message' : 'A user was found in request, sid set!'}) + except: + return JsonResponse({'message' : 'No user is in this request.'}) diff --git a/digitaleagentur/__pycache__/settings.cpython-38.pyc b/digitaleagentur/__pycache__/settings.cpython-38.pyc index 6e62f3a..58ba909 100644 Binary files a/digitaleagentur/__pycache__/settings.cpython-38.pyc and b/digitaleagentur/__pycache__/settings.cpython-38.pyc differ diff --git a/digitaleagentur/settings.py b/digitaleagentur/settings.py index a155060..83f0f97 100644 --- a/digitaleagentur/settings.py +++ b/digitaleagentur/settings.py @@ -215,10 +215,6 @@ LOGIN_URL = 'login' #LOGIN_URL = NEXTCLOUD_URL STATIC_URL = '/static/' -SESSION_COOKIE_DOMAIN = "digitale-agentur.com" - -#SESSION_COOKIE_DOMAIN = "localhost" - ''' SITE_ROOT = os.path.dirname(os.path.realpath(__file__)) + '/..' diff --git a/digitaleagentur/utils.py b/digitaleagentur/utils.py index e411a61..7cef61b 100644 --- a/digitaleagentur/utils.py +++ b/digitaleagentur/utils.py @@ -110,19 +110,6 @@ def checkAbsenceWorkdayCollideDelete(absence): ''' import xmltodict, json, requests -import urllib.request as urllib2 -from django.contrib.auth import login, logout -''' -def ncLogin(request, uid): - #try: - logout(request) - useridFromServer = getNCLoggedUserBySession(request.COOKIES['nc_session_id']) - if(uid == urllib2.unquote(request.COOKIES['nc_username']) and useridFromServer == uid): - login(request, User.objects.get(username=urllib2.unquote(request.COOKIES['nc_username']))) - return redirect('users-dashboard') - #return redirect('login') - #return redirect('users-dashboard') -''' ''' getNCLoggedUserBySession diff --git a/standards/views.py b/standards/views.py index f839da2..bb55dcb 100644 --- a/standards/views.py +++ b/standards/views.py @@ -250,13 +250,13 @@ def StandardAdd(request, id=False): possibleFilesByVisible = [] # NC FILE # Data for the new User - if(request.user.is_authenticated and getNCLoggedUserBySession(request.COOKIES['nc_session_id'])): + if(request.user.is_authenticated and getNCLoggedUserBySession(request.user.profile.nc_sid)): data_nc = { "Depth" : 0 } - nc_login_headers = {'Authorization' : 'Bearer ' + request.COOKIES['nc_session_id']} + nc_login_headers = {'Authorization' : 'Bearer ' + request.user.profile.nc_sid} r = requests.request("PROPFIND", settings.NEXTCLOUD_URL + "remote.php/dav/files/" + request.user.username + "/Agenturdaten_1/", headers=nc_login_headers, data=data_nc) print(r.text) diff --git a/users/models.py b/users/models.py index 1b15f0d..5ee1d66 100644 --- a/users/models.py +++ b/users/models.py @@ -215,7 +215,7 @@ class Profile(models.Model): phonemobile = models.CharField(max_length=60, blank=True) phone_public = models.BooleanField(default=False) - #nc_sid = models.CharField(max_length=200, blank=True) + nc_sid = models.CharField(max_length=200, blank=True) # Wenn die Funktion gelöscht wird, wird die FUNC auf NULL gesetzt func = models.ForeignKey("AgencyJob", blank=True, null=True, default=None, on_delete=models.SET_NULL) diff --git a/users/templates/users/login.html b/users/templates/users/login.html index d4d0cfa..13c297d 100644 --- a/users/templates/users/login.html +++ b/users/templates/users/login.html @@ -1,56 +1,14 @@ -{% extends "users/publicbase.html" %} - -{% load crispy_forms_tags %} -{% block content %} - -
-
-
- {% csrf_token %} -
- - -

Digitale Agentur Login

- - {% if messages %} - {% for message in messages %} - - {% endfor %} - {% endif %} - {{ form|crispy }} -
-
- - - - Passwort vergessen?
- -
-
-
- - Probleme beim anmelden? - - - Agentur registrieren - -
-
-
- + -{% endblock content %} \ No newline at end of file + \ No newline at end of file diff --git a/users/templates/users/login.html_LATER b/users/templates/users/login.html_LATER deleted file mode 100644 index fed304a..0000000 --- a/users/templates/users/login.html_LATER +++ /dev/null @@ -1,8 +0,0 @@ -{% load static %} - - \ No newline at end of file diff --git a/users/templates/users/login.html_SAVE b/users/templates/users/login.html_SAVE new file mode 100644 index 0000000..d4d0cfa --- /dev/null +++ b/users/templates/users/login.html_SAVE @@ -0,0 +1,56 @@ +{% extends "users/publicbase.html" %} + +{% load crispy_forms_tags %} +{% block content %} + +
+
+
+ {% csrf_token %} +
+ + +

Digitale Agentur Login

+ + {% if messages %} + {% for message in messages %} + + {% endfor %} + {% endif %} + {{ form|crispy }} +
+
+ + + + Passwort vergessen?
+ +
+
+
+ + Probleme beim anmelden? + + + Agentur registrieren + +
+
+
+ +{% endblock content %} \ No newline at end of file diff --git a/users/templates/users/nclog.html b/users/templates/users/nclog.html new file mode 100644 index 0000000..a8f8dbf --- /dev/null +++ b/users/templates/users/nclog.html @@ -0,0 +1 @@ +

{{error}}

diff --git a/users/views.py b/users/views.py index c60fa09..c977036 100644 --- a/users/views.py +++ b/users/views.py @@ -80,13 +80,16 @@ import xmltodict, json import urllib.request as urllib2 from django.contrib.auth import login, logout from django.core.mail import send_mail +from django.views.generic import TemplateView + +# Entry-Point for NC def ncLogin(request, uid): - #logout(request) - #if(uid == urllib2.unquote(request.COOKIES['nc_username']) and getNCLoggedUserBySession(request.COOKIES['nc_session_id'])): - # login(request, User.objects.get(username=urllib2.unquote(request.COOKIES['nc_username']))) - # return redirect('users-dashboard') - #return redirect('login') - return JsonResponse({}) + logout(request) + user = User.objects.get(username=uid) + if(getNCLoggedUserBySession(user.profile.nc_sid) == uid): + login(request, user) + return redirect('users-dashboard') + return render(request, 'users/nclog.html',{'error' : "Die Daten der Digitalen Agentur stehen aktuell nicht zur Verfügung. Bitte loggen Sie sich aus und wieder ein. Sollten Sie diese Meldung weiterhin sehen, wenden Sie sich an den Support."}) def getICSFile(request, ag): if 'HTTP_AUTHORIZATION' in request.META: