authentik/passbook/admin/views/users.py

"""passbook User administration"""
from django.contrib import messages
from django.contrib.auth.mixins import LoginRequiredMixin
from django.contrib.auth.mixins import (
    PermissionRequiredMixin as DjangoPermissionRequiredMixin,
)
from django.contrib.messages.views import SuccessMessageMixin
from django.http import HttpRequest, HttpResponse
from django.http.response import HttpResponseRedirect
from django.shortcuts import redirect
from django.urls import reverse, reverse_lazy
from django.utils.http import urlencode
from django.utils.translation import gettext as _
from django.views.generic import DetailView, ListView, UpdateView
from guardian.mixins import (
    PermissionListMixin,
    PermissionRequiredMixin,
    get_anonymous_user,
)

from passbook.admin.forms.users import UserForm
from passbook.admin.views.utils import (
    BackSuccessUrlMixin,
    DeleteMessageView,
    SearchListMixin,
    UserPaginateListMixin,
)
from passbook.core.models import Token, User
from passbook.lib.views import CreateAssignPermView


class UserListView(
    LoginRequiredMixin,
    PermissionListMixin,
    UserPaginateListMixin,
    SearchListMixin,
    ListView,
):
    """Show list of all users"""

    model = User
    permission_required = "passbook_core.view_user"
    ordering = "username"
    template_name = "administration/user/list.html"
    search_fields = ["username", "name", "attributes"]

    def get_queryset(self):
        return super().get_queryset().exclude(pk=get_anonymous_user().pk)


class UserCreateView(
    SuccessMessageMixin,
    BackSuccessUrlMixin,
    LoginRequiredMixin,
    DjangoPermissionRequiredMixin,
    CreateAssignPermView,
):
    """Create user"""

    model = User
    form_class = UserForm
    permission_required = "passbook_core.add_user"

    template_name = "generic/create.html"
    success_url = reverse_lazy("passbook_admin:users")
    success_message = _("Successfully created User")


class UserUpdateView(
    SuccessMessageMixin,
    BackSuccessUrlMixin,
    LoginRequiredMixin,
    PermissionRequiredMixin,
    UpdateView,
):
    """Update user"""

    model = User
    form_class = UserForm
    permission_required = "passbook_core.change_user"

    # By default the object's name is user which is used by other checks
    context_object_name = "object"
    template_name = "generic/update.html"
    success_url = reverse_lazy("passbook_admin:users")
    success_message = _("Successfully updated User")


class UserDeleteView(LoginRequiredMixin, PermissionRequiredMixin, DeleteMessageView):
    """Delete user"""

    model = User
    permission_required = "passbook_core.delete_user"

    # By default the object's name is user which is used by other checks
    context_object_name = "object"
    template_name = "generic/delete.html"
    success_url = reverse_lazy("passbook_admin:users")
    success_message = _("Successfully deleted User")


class UserDisableView(
    LoginRequiredMixin, PermissionRequiredMixin, BackSuccessUrlMixin, DeleteMessageView
):
    """Disable user"""

    object: User

    model = User
    permission_required = "passbook_core.update_user"

    # By default the object's name is user which is used by other checks
    context_object_name = "object"
    template_name = "administration/user/disable.html"
    success_url = reverse_lazy("passbook_admin:users")
    success_message = _("Successfully disabled User")

    def delete(self, request: HttpRequest, *args, **kwargs) -> HttpResponse:
        self.object: User = self.get_object()
        success_url = self.get_success_url()
        self.object.is_active = False
        self.object.save()
        return HttpResponseRedirect(success_url)


class UserEnableView(
    LoginRequiredMixin, PermissionRequiredMixin, BackSuccessUrlMixin, DetailView
):
    """Enable user"""

    object: User

    model = User
    permission_required = "passbook_core.update_user"

    # By default the object's name is user which is used by other checks
    context_object_name = "object"
    success_url = reverse_lazy("passbook_admin:users")
    success_message = _("Successfully enabled User")

    def get(self, request: HttpRequest, *args, **kwargs):
        self.object: User = self.get_object()
        success_url = self.get_success_url()
        self.object.is_active = True
        self.object.save()
        return HttpResponseRedirect(success_url)


class UserPasswordResetView(LoginRequiredMixin, PermissionRequiredMixin, DetailView):
    """Get Password reset link for user"""

    model = User
    permission_required = "passbook_core.reset_user_password"

    def get(self, request: HttpRequest, *args, **kwargs) -> HttpResponse:
        """Create token for user and return link"""
        super().get(request, *args, **kwargs)
        token, __ = Token.objects.get_or_create(
            identifier="password-reset-temp", user=self.object
        )
        querystring = urlencode({"token": token.key})
        link = request.build_absolute_uri(
            reverse("passbook_flows:default-recovery") + f"?{querystring}"
        )
        messages.success(
            request, _("Password reset link: <pre>%(link)s</pre>" % {"link": link})
        )
        return redirect("passbook_admin:users")
admin: add basic user admin 2018-12-14 13:24:04 +00:00			`"""passbook User administration"""`
add Nonce (one-time links), add password reset function (missing e-mail verification), closes #7 2019-02-25 19:46:23 +00:00			`from django.contrib import messages`
admin(major): rewrite all views to use guardian mixins 2019-10-10 11:01:49 +00:00			`from django.contrib.auth.mixins import LoginRequiredMixin`
all: implement black as code formatter 2019-12-31 11:51:16 +00:00			`from django.contrib.auth.mixins import (`
			`PermissionRequiredMixin as DjangoPermissionRequiredMixin,`
			`)`
admin: add basic user admin 2018-12-14 13:24:04 +00:00			`from django.contrib.messages.views import SuccessMessageMixin`
admin: fix Password Recovery function not working 2020-07-01 10:10:12 +00:00			`from django.http import HttpRequest, HttpResponse`
admin: add buttons to disable and enable users 2020-10-11 19:54:00 +00:00			`from django.http.response import HttpResponseRedirect`
admin(major): rewrite all views to use guardian mixins 2019-10-10 11:01:49 +00:00			`from django.shortcuts import redirect`
add Nonce (one-time links), add password reset function (missing e-mail verification), closes #7 2019-02-25 19:46:23 +00:00			`from django.urls import reverse, reverse_lazy`
admin: fix Password Recovery function not working 2020-07-01 10:10:12 +00:00			`from django.utils.http import urlencode`
pytest (#209) 2020-09-11 21:21:11 +00:00			`from django.utils.translation import gettext as _`
admin: remove duplicate code into new base classes 2020-07-01 22:13:33 +00:00			`from django.views.generic import DetailView, ListView, UpdateView`
admin: exclude anonymous user from listing 2020-02-23 14:27:28 +00:00			`from guardian.mixins import (`
			`PermissionListMixin,`
			`PermissionRequiredMixin,`
			`get_anonymous_user,`
			`)`
admin: add basic user admin 2018-12-14 13:24:04 +00:00
use separate Form for Admin user editing (allow is_staff and is_active) 2019-03-02 21:41:14 +00:00			`from passbook.admin.forms.users import UserForm`
admin: add BackSuccessUrlMixin to redirect to correct url after form edit 2020-09-25 23:56:28 +00:00			`from passbook.admin.views.utils import (`
			`BackSuccessUrlMixin,`
			`DeleteMessageView,`
admin: implement search for all views see #253 2020-10-03 17:32:01 +00:00			`SearchListMixin,`
admin: add BackSuccessUrlMixin to redirect to correct url after form edit 2020-09-25 23:56:28 +00:00			`UserPaginateListMixin,`
			`)`
core: rename nonce to token 2020-05-16 14:11:53 +00:00			`from passbook.core.models import Token, User`
admin(major): rewrite all views to use guardian mixins 2019-10-10 11:01:49 +00:00			`from passbook.lib.views import CreateAssignPermView`
admin: add basic user admin 2018-12-14 13:24:04 +00:00

admin: add BackSuccessUrlMixin to redirect to correct url after form edit 2020-09-25 23:56:28 +00:00			`class UserListView(`
admin: implement search for all views see #253 2020-10-03 17:32:01 +00:00			`LoginRequiredMixin,`
			`PermissionListMixin,`
			`UserPaginateListMixin,`
			`SearchListMixin,`
			`ListView,`
admin: add BackSuccessUrlMixin to redirect to correct url after form edit 2020-09-25 23:56:28 +00:00			`):`
admin: add basic user admin 2018-12-14 13:24:04 +00:00			`"""Show list of all users"""`

			`model = User`
all: implement black as code formatter 2019-12-31 11:51:16 +00:00			`permission_required = "passbook_core.view_user"`
			`ordering = "username"`
			`template_name = "administration/user/list.html"`
admin: implement search for all views see #253 2020-10-03 17:32:01 +00:00			`search_fields = ["username", "name", "attributes"]`
admin: add basic user admin 2018-12-14 13:24:04 +00:00
admin: exclude anonymous user from listing 2020-02-23 14:27:28 +00:00			`def get_queryset(self):`
			`return super().get_queryset().exclude(pk=get_anonymous_user().pk)`

admin: add basic user admin 2018-12-14 13:24:04 +00:00
all: implement black as code formatter 2019-12-31 11:51:16 +00:00			`class UserCreateView(`
			`SuccessMessageMixin,`
admin: add BackSuccessUrlMixin to redirect to correct url after form edit 2020-09-25 23:56:28 +00:00			`BackSuccessUrlMixin,`
all: implement black as code formatter 2019-12-31 11:51:16 +00:00			`LoginRequiredMixin,`
			`DjangoPermissionRequiredMixin,`
			`CreateAssignPermView,`
			`):`
admin(minor): add view to create user 2019-10-08 09:27:19 +00:00			`"""Create user"""`

			`model = User`
			`form_class = UserForm`
all: implement black as code formatter 2019-12-31 11:51:16 +00:00			`permission_required = "passbook_core.add_user"`
admin(minor): add view to create user 2019-10-08 09:27:19 +00:00
all: implement black as code formatter 2019-12-31 11:51:16 +00:00			`template_name = "generic/create.html"`
			`success_url = reverse_lazy("passbook_admin:users")`
			`success_message = _("Successfully created User")`
admin(minor): add view to create user 2019-10-08 09:27:19 +00:00

all: implement black as code formatter 2019-12-31 11:51:16 +00:00			`class UserUpdateView(`
admin: add BackSuccessUrlMixin to redirect to correct url after form edit 2020-09-25 23:56:28 +00:00			`SuccessMessageMixin,`
			`BackSuccessUrlMixin,`
			`LoginRequiredMixin,`
			`PermissionRequiredMixin,`
			`UpdateView,`
all: implement black as code formatter 2019-12-31 11:51:16 +00:00			`):`
admin: add basic user admin 2018-12-14 13:24:04 +00:00			`"""Update user"""`

			`model = User`
use separate Form for Admin user editing (allow is_staff and is_active) 2019-03-02 21:41:14 +00:00			`form_class = UserForm`
all: implement black as code formatter 2019-12-31 11:51:16 +00:00			`permission_required = "passbook_core.change_user"`
admin: add basic user admin 2018-12-14 13:24:04 +00:00
ci(minor): reenable prospector 2019-12-05 13:31:44 +00:00			`# By default the object's name is user which is used by other checks`
all: implement black as code formatter 2019-12-31 11:51:16 +00:00			`context_object_name = "object"`
			`template_name = "generic/update.html"`
			`success_url = reverse_lazy("passbook_admin:users")`
			`success_message = _("Successfully updated User")`
admin: add basic user admin 2018-12-14 13:24:04 +00:00

admin: remove duplicate code into new base classes 2020-07-01 22:13:33 +00:00			`class UserDeleteView(LoginRequiredMixin, PermissionRequiredMixin, DeleteMessageView):`
admin: add basic user admin 2018-12-14 13:24:04 +00:00			`"""Delete user"""`

			`model = User`
all: implement black as code formatter 2019-12-31 11:51:16 +00:00			`permission_required = "passbook_core.delete_user"`
admin(major): rewrite all views to use guardian mixins 2019-10-10 11:01:49 +00:00
admin: fix user object being overwritten when deleting a user 2020-02-18 20:35:06 +00:00			`# By default the object's name is user which is used by other checks`
			`context_object_name = "object"`
all: implement black as code formatter 2019-12-31 11:51:16 +00:00			`template_name = "generic/delete.html"`
			`success_url = reverse_lazy("passbook_admin:users")`
			`success_message = _("Successfully deleted User")`
Improve partially broken Delete Views, show success message on deletion 2019-02-26 08:46:44 +00:00
add Nonce (one-time links), add password reset function (missing e-mail verification), closes #7 2019-02-25 19:46:23 +00:00
admin: add buttons to disable and enable users 2020-10-11 19:54:00 +00:00			`class UserDisableView(`
			`LoginRequiredMixin, PermissionRequiredMixin, BackSuccessUrlMixin, DeleteMessageView`
			`):`
			`"""Disable user"""`

			`object: User`

			`model = User`
			`permission_required = "passbook_core.update_user"`

			`# By default the object's name is user which is used by other checks`
			`context_object_name = "object"`
			`template_name = "administration/user/disable.html"`
			`success_url = reverse_lazy("passbook_admin:users")`
			`success_message = _("Successfully disabled User")`

			`def delete(self, request: HttpRequest, args, *kwargs) -> HttpResponse:`
			`self.object: User = self.get_object()`
			`success_url = self.get_success_url()`
			`self.object.is_active = False`
			`self.object.save()`
			`return HttpResponseRedirect(success_url)`


			`class UserEnableView(`
			`LoginRequiredMixin, PermissionRequiredMixin, BackSuccessUrlMixin, DetailView`
			`):`
			`"""Enable user"""`

			`object: User`

			`model = User`
			`permission_required = "passbook_core.update_user"`

			`# By default the object's name is user which is used by other checks`
			`context_object_name = "object"`
			`success_url = reverse_lazy("passbook_admin:users")`
			`success_message = _("Successfully enabled User")`

			`def get(self, request: HttpRequest, args, *kwargs):`
			`self.object: User = self.get_object()`
			`success_url = self.get_success_url()`
			`self.object.is_active = True`
			`self.object.save()`
			`return HttpResponseRedirect(success_url)`


admin(major): rewrite all views to use guardian mixins 2019-10-10 11:01:49 +00:00			`class UserPasswordResetView(LoginRequiredMixin, PermissionRequiredMixin, DetailView):`
add Nonce (one-time links), add password reset function (missing e-mail verification), closes #7 2019-02-25 19:46:23 +00:00			`"""Get Password reset link for user"""`

admin(major): rewrite all views to use guardian mixins 2019-10-10 11:01:49 +00:00			`model = User`
all: implement black as code formatter 2019-12-31 11:51:16 +00:00			`permission_required = "passbook_core.reset_user_password"`
admin(major): rewrite all views to use guardian mixins 2019-10-10 11:01:49 +00:00
admin: fix Password Recovery function not working 2020-07-01 10:10:12 +00:00			`def get(self, request: HttpRequest, args, *kwargs) -> HttpResponse:`
core: rename nonce to token 2020-05-16 14:11:53 +00:00			`"""Create token for user and return link"""`
admin(major): rewrite all views to use guardian mixins 2019-10-10 11:01:49 +00:00			`super().get(request, args, *kwargs)`
admin: fix error when creating password-reset link 2020-11-21 15:23:39 +00:00			`token, __ = Token.objects.get_or_create(`
core: Add Token identifier as sudo-primary key 2020-10-03 21:37:58 +00:00			`identifier="password-reset-temp", user=self.object`
			`)`
core: add key field to token for easier rotation 2020-10-18 12:34:22 +00:00			`querystring = urlencode({"token": token.key})`
all: implement black as code formatter 2019-12-31 11:51:16 +00:00			`link = request.build_absolute_uri(`
admin: fix Password Recovery function not working 2020-07-01 10:10:12 +00:00			`reverse("passbook_flows:default-recovery") + f"?{querystring}"`
all: implement black as code formatter 2019-12-31 11:51:16 +00:00			`)`
			`messages.success(`
			`request, _("Password reset link: <pre>%(link)s</pre>" % {"link": link})`
			`)`
			`return redirect("passbook_admin:users")`