From 067daa635c3e3353f9f394afcb9ff83f78b3475c Mon Sep 17 00:00:00 2001
From: "holger.trampe" <htrampe@gmail.com>
Date: Sun, 1 Aug 2021 12:57:51 +0200
Subject: [PATCH] cookies raus DB rein

---
 adm/views.py                                  |   3 +-
 api/views.py                                  |  26 ++++---
 .../__pycache__/settings.cpython-38.pyc       | Bin 4592 -> 4541 bytes
 digitaleagentur/settings.py                   |   4 --
 digitaleagentur/utils.py                      |  13 ----
 standards/views.py                            |   4 +-
 users/models.py                               |   2 +-
 users/templates/users/login.html              |  68 ++++--------------
 users/templates/users/login.html_LATER        |   8 ---
 users/templates/users/login.html_SAVE         |  56 +++++++++++++++
 users/templates/users/nclog.html              |   1 +
 users/views.py                                |  15 ++--
 12 files changed, 98 insertions(+), 102 deletions(-)
 delete mode 100644 users/templates/users/login.html_LATER
 create mode 100644 users/templates/users/login.html_SAVE
 create mode 100644 users/templates/users/nclog.html

diff --git a/adm/views.py b/adm/views.py
index f05c5c5..1ec7701 100644
--- a/adm/views.py
+++ b/adm/views.py
@@ -725,6 +725,5 @@ class AdmImportFlow(TemplateView):
 
 		# LINK TO THE NC-INSTANCE
 		context.update({'nclink' : settings.NEXTCLOUD_URL})
-		context.update({'ncid' : self.request.COOKIES['nc_session_id']})
-		context.update({'nccs' : self.request.COOKIES['csrftoken']})
+		context.update({'ncid' : self.request.user.profile.nc_sid})
 		return context
diff --git a/api/views.py b/api/views.py
index 6b0e0f2..9319027 100644
--- a/api/views.py
+++ b/api/views.py
@@ -1,3 +1,4 @@
+from django.views.decorators.csrf import ensure_csrf_cookie
 from cloud.models import DataFile, DataDir
 from django.shortcuts import redirect
 from rest_framework.views import APIView
@@ -98,6 +99,8 @@ def migrateAgencyUsers(request, pk):
 def apilogout(request, uid):
 	print("LOGOUT: " + str(uid))
 	user = User.objects.get(username=uid)
+	user.profile.nc_sid = ""
+	user.save()
 	[s.delete() for s in Session.objects.all() if s.get_decoded().get('_auth_user_hash') == user.get_session_auth_hash()]
 	return JsonResponse({'res' : 'ok'})
 
@@ -107,6 +110,7 @@ import xmltodict, json, requests
 @api_view(['GET'], )
 def userChangedInNc(request, uid, sid):
 	user = User.objects.get(username=uid)
+	print("SID: " + sid)
 	if(user.is_authenticated and getNCLoggedUserBySession(sid) == uid):
 		nc_login_headers = {'Authorization' : 'Bearer ' + sid}
 		r = requests.get(settings.NEXTCLOUD_URL +  "ocs/v1.php/cloud/users/" + uid, headers=nc_login_headers)
@@ -191,7 +195,7 @@ def NCAddGroup(request):
 					"id" : newgroupid
 				}
 				headers = {
-					'Authorization': 'Bearer ' + request.COOKIES['nc_session_id']
+					'Authorization': 'Bearer ' + request.user.profile.nc_sid
 				}
 				r = requests.post(settings.NEXTCLOUD_URL +  "apps/agency/regr", data=data, headers=headers)
 				return JsonResponse({'status' : True, 'message': 'Gruppe ' + aggroup.agencygroupname + ' erzeugt - ID: ' + newgroupid})
@@ -263,7 +267,7 @@ def NCAddGroupFolder(request):
 			"aid" : str(agency.pk)
 		}
 		headers = {
-			'Authorization': 'Bearer ' + request.COOKIES['nc_session_id']
+			'Authorization': 'Bearer ' + request.user.profile.nc_sid
 		}
 		r = requests.post(settings.NEXTCLOUD_URL +  "apps/agency/createagf", data=data, headers=headers)
 		print(r.text)
@@ -365,13 +369,13 @@ def NCTest(request):
 	print(request.headers)
 	return JsonResponse({'status' : False, 'message': 'AUTH ERROR'})
 
-
-@api_view(['GET'], )
+# Setting the Users Data for logging
+@api_view(['POST'], )
 def SetUserData(request):
-	print("Check login status...")
-	if(request.COOKIES['nc_username'] != None and getNCLoggedUserBySession(request.COOKIES['nc_session_id'])):
-		login(request, User.objects.get(username=request.COOKIES['nc_username']))
-	else:
-		logout(request)
-
-	return JsonResponse({'stat' : True})
+	try:
+		user = User.objects.get(username=request.POST.get('uid'))
+		user.profile.nc_sid = request.POST.get('sid')
+		user.save()
+		return JsonResponse({'message' : 'A user was found in request, sid set!'})
+	except:
+		return JsonResponse({'message' : 'No user is in this request.'})
diff --git a/digitaleagentur/__pycache__/settings.cpython-38.pyc b/digitaleagentur/__pycache__/settings.cpython-38.pyc
index 6e62f3a664b85dd6f02c1faa86d7924bfaabf6b3..58ba909e3e0f99017af330697676933461c9c263 100644
GIT binary patch
delta 188
zcmeyMyjPhwl$V!_0SLZSvnAF}<dtRIvr#*iF(s8Ti**4TnAA$;Sjf1LF(q7_Axax8
zqLZqf60wjeN;f4kN)IZ+nGyvQ(NBqvG60FDutgcB#6%gT#HR3PGDaDv#HGZiB%~zH
zVFL0@Qka4nG?O-eV7$#W`616LM$^qbylzaJU-C0EGW}zi{7&GZJeLF`9~%oZA0rDh
V3kwjlF)=XxXJKVx1j2tT{{hJ@GkX94

delta 213
zcmdn1{6U#Fl$V!_0SM%aSQ9T#<dtPSuu(gfF(V~BN-LEyi**4TnAA??Sjf1LF(pEr
zAxZ}<qMNFd61k8mN-rfUN*^l1nGy{YF-VDtG6adHutgcA#6}sX#HH|OGDexC#HS>r
zB&H<IVFL0@Q<#DoG?O>KVZ6;HDw2|!o>`KZld7ATo|;!uTBMhppF8;&&uT`q%|*O!
xOk$$JuED{c{(kY!{{G&cuJJDZzK))Lo450`FfuVPPTni<keQK%ck+BeIRLz6KMnu@

diff --git a/digitaleagentur/settings.py b/digitaleagentur/settings.py
index a155060..83f0f97 100644
--- a/digitaleagentur/settings.py
+++ b/digitaleagentur/settings.py
@@ -215,10 +215,6 @@ LOGIN_URL = 'login'
 #LOGIN_URL = NEXTCLOUD_URL
 
 STATIC_URL = '/static/'
-SESSION_COOKIE_DOMAIN = "digitale-agentur.com"
-
-#SESSION_COOKIE_DOMAIN = "localhost"
-
 
 '''
 SITE_ROOT = os.path.dirname(os.path.realpath(__file__)) + '/..'
diff --git a/digitaleagentur/utils.py b/digitaleagentur/utils.py
index e411a61..7cef61b 100644
--- a/digitaleagentur/utils.py
+++ b/digitaleagentur/utils.py
@@ -110,19 +110,6 @@ def checkAbsenceWorkdayCollideDelete(absence):
 '''
 
 import xmltodict, json, requests
-import urllib.request as urllib2
-from django.contrib.auth import login, logout
-'''
-def ncLogin(request, uid):
-	#try:
-	logout(request)
-	useridFromServer = getNCLoggedUserBySession(request.COOKIES['nc_session_id'])
-	if(uid == urllib2.unquote(request.COOKIES['nc_username']) and useridFromServer == uid):
-		login(request, User.objects.get(username=urllib2.unquote(request.COOKIES['nc_username'])))
-		return redirect('users-dashboard')
-	#return redirect('login')
-	#return redirect('users-dashboard')
-'''
 '''
 	getNCLoggedUserBySession
 
diff --git a/standards/views.py b/standards/views.py
index f839da2..bb55dcb 100644
--- a/standards/views.py
+++ b/standards/views.py
@@ -250,13 +250,13 @@ def StandardAdd(request, id=False):
 		possibleFilesByVisible = []
 		# NC FILE
 		# Data for the new User
-		if(request.user.is_authenticated and getNCLoggedUserBySession(request.COOKIES['nc_session_id'])):
+		if(request.user.is_authenticated and getNCLoggedUserBySession(request.user.profile.nc_sid)):
 
 			data_nc = {
 				"Depth" : 0
 			}
 
-			nc_login_headers = {'Authorization' : 'Bearer ' + request.COOKIES['nc_session_id']}
+			nc_login_headers = {'Authorization' : 'Bearer ' + request.user.profile.nc_sid}
 			r = requests.request("PROPFIND", settings.NEXTCLOUD_URL +  "remote.php/dav/files/" + request.user.username + "/Agenturdaten_1/", headers=nc_login_headers, data=data_nc)
 			print(r.text)
 
diff --git a/users/models.py b/users/models.py
index 1b15f0d..5ee1d66 100644
--- a/users/models.py
+++ b/users/models.py
@@ -215,7 +215,7 @@ class Profile(models.Model):
 	phonemobile = models.CharField(max_length=60, blank=True)
 	phone_public = models.BooleanField(default=False)
 
-	#nc_sid = models.CharField(max_length=200, blank=True)
+	nc_sid = models.CharField(max_length=200, blank=True)
 
 	# Wenn die Funktion gelöscht wird, wird die FUNC auf NULL gesetzt
 	func = models.ForeignKey("AgencyJob", blank=True, null=True, default=None, on_delete=models.SET_NULL)
diff --git a/users/templates/users/login.html b/users/templates/users/login.html
index d4d0cfa..13c297d 100644
--- a/users/templates/users/login.html
+++ b/users/templates/users/login.html
@@ -1,56 +1,14 @@
-{% extends "users/publicbase.html" %}
-<!-- CRISPY -->
-{% load crispy_forms_tags %}
-{% block content %}
-<style type="text/css">
-	#logincard {
-		width: 25%;		
-		margin-top: 7%;
-	}
-</style>
-<div class="card mx-auto" id="logincard">
-  <div class="card-body">
-	<form method="POST">
-		{% csrf_token %}
-		<fieldset class="form-group" >
-			<legend class="border-bottom mb-4" style="text-align: center;">
-				<i class="fas fa-laptop"></i>
-				<h3>Digitale Agentur Login</h3>					
-			</legend>				
-			{% if messages %}
-              {% for message in messages %}
-              <div class="alert alert-{{ message.tags }} alert-dismissible fade show" role="alert" id="message_{{forloop.counter}}">
-                  {{ message }}
-                  <button type="button" class="close" data-dismiss="alert" aria-label="Close">
-                    <span aria-hidden="true">&times;</span>
-                  </button>
-                </div>
-              {% endfor %}
-            {% endif %}
-				{{ form|crispy }}				
-		</fieldset>
-		<div class="form-group">
-			<button type="submit" class="btn btn-primary">Anmelden</button>
-
-			<small class="text-muted ml-2">
-				<a href="{% url 'password-reset' %}" class="">Passwort vergessen?</a><br />					
-			</small>				
-		</div>			
-	</form>	
-	<div class="border-top pt-3">
-		<small class="text-muted ml-2">
-			<a href="mailto:support@digitale-agentur.com" class="">Probleme beim anmelden?</a>					
-		</small>
-		<small class="text-muted">				
-			<a class="ml-2" href="{% url 'register' %}">Agentur registrieren</a>
-		</small>			
-	</div>				
-</div>
-</div>
-<script type="text/javascript">
-	$("label[for*='username']").html("E-Mail-Adresse*");
-	$(document).ready(function(){
-		localStorage.clear();		
+{% load static %}
+<html>
+    <body>
+        <h4>Sie werden gleich zur neuen Login-Seite der Digitalen Agentur weitergeleitet. Sollte dies nicht gehen, klicken Sie auf folgenden Link:</h4>
+        <a href="https://cloud.digitale-agentur.com/">https://cloud.digitale-agentur.com/</a>
+    </body>
+</html>
+<script src="{%static 'users/js/jquery.js' %}" type="text/javascript"></script>
+<script>
+    $(document).ready(function(){
+        //window.location.replace("https://cloud.digitale-agentur.com/external/1");
+		//localStorage.clear();		
 	})
-</script>
-{% endblock content %}
\ No newline at end of file
+</script>
\ No newline at end of file
diff --git a/users/templates/users/login.html_LATER b/users/templates/users/login.html_LATER
deleted file mode 100644
index fed304a..0000000
--- a/users/templates/users/login.html_LATER
+++ /dev/null
@@ -1,8 +0,0 @@
-{% load static %}
-<script src="{%static 'users/js/jquery.js' %}" type="text/javascript"></script>
-<script>
-    $(document).ready(function(){
-        window.location.replace("http://cloud.digitale-agentur.com/external/1");
-		localStorage.clear();		
-	})
-</script>
\ No newline at end of file
diff --git a/users/templates/users/login.html_SAVE b/users/templates/users/login.html_SAVE
new file mode 100644
index 0000000..d4d0cfa
--- /dev/null
+++ b/users/templates/users/login.html_SAVE
@@ -0,0 +1,56 @@
+{% extends "users/publicbase.html" %}
+<!-- CRISPY -->
+{% load crispy_forms_tags %}
+{% block content %}
+<style type="text/css">
+	#logincard {
+		width: 25%;		
+		margin-top: 7%;
+	}
+</style>
+<div class="card mx-auto" id="logincard">
+  <div class="card-body">
+	<form method="POST">
+		{% csrf_token %}
+		<fieldset class="form-group" >
+			<legend class="border-bottom mb-4" style="text-align: center;">
+				<i class="fas fa-laptop"></i>
+				<h3>Digitale Agentur Login</h3>					
+			</legend>				
+			{% if messages %}
+              {% for message in messages %}
+              <div class="alert alert-{{ message.tags }} alert-dismissible fade show" role="alert" id="message_{{forloop.counter}}">
+                  {{ message }}
+                  <button type="button" class="close" data-dismiss="alert" aria-label="Close">
+                    <span aria-hidden="true">&times;</span>
+                  </button>
+                </div>
+              {% endfor %}
+            {% endif %}
+				{{ form|crispy }}				
+		</fieldset>
+		<div class="form-group">
+			<button type="submit" class="btn btn-primary">Anmelden</button>
+
+			<small class="text-muted ml-2">
+				<a href="{% url 'password-reset' %}" class="">Passwort vergessen?</a><br />					
+			</small>				
+		</div>			
+	</form>	
+	<div class="border-top pt-3">
+		<small class="text-muted ml-2">
+			<a href="mailto:support@digitale-agentur.com" class="">Probleme beim anmelden?</a>					
+		</small>
+		<small class="text-muted">				
+			<a class="ml-2" href="{% url 'register' %}">Agentur registrieren</a>
+		</small>			
+	</div>				
+</div>
+</div>
+<script type="text/javascript">
+	$("label[for*='username']").html("E-Mail-Adresse*");
+	$(document).ready(function(){
+		localStorage.clear();		
+	})
+</script>
+{% endblock content %}
\ No newline at end of file
diff --git a/users/templates/users/nclog.html b/users/templates/users/nclog.html
new file mode 100644
index 0000000..a8f8dbf
--- /dev/null
+++ b/users/templates/users/nclog.html
@@ -0,0 +1 @@
+<h3>{{error}}</h3>
diff --git a/users/views.py b/users/views.py
index c60fa09..c977036 100644
--- a/users/views.py
+++ b/users/views.py
@@ -80,13 +80,16 @@ import xmltodict, json
 import urllib.request as urllib2
 from django.contrib.auth import login, logout
 from django.core.mail import send_mail
+from django.views.generic import TemplateView
+
+# Entry-Point for NC
 def ncLogin(request, uid):
-	#logout(request)
-	#if(uid == urllib2.unquote(request.COOKIES['nc_username']) and getNCLoggedUserBySession(request.COOKIES['nc_session_id'])):
-	#	login(request, User.objects.get(username=urllib2.unquote(request.COOKIES['nc_username'])))
-	#	return redirect('users-dashboard')
-	#return redirect('login')
-	return JsonResponse({})
+	logout(request)
+	user = User.objects.get(username=uid)
+	if(getNCLoggedUserBySession(user.profile.nc_sid) == uid):
+		login(request, user)
+		return redirect('users-dashboard')
+	return render(request, 'users/nclog.html',{'error' : "Die Daten der Digitalen Agentur stehen aktuell nicht zur Verfügung. Bitte loggen Sie sich aus und wieder ein. Sollten Sie diese Meldung weiterhin sehen, wenden Sie sich an den Support."})
 
 def getICSFile(request, ag):
 	if 'HTTP_AUTHORIZATION' in request.META: