85 lines
3.1 KiB
Python
85 lines
3.1 KiB
Python
from django.conf import settings
|
|
from django.contrib.auth import logout
|
|
from django.contrib.auth import views as auth_views
|
|
from django.contrib.auth.decorators import login_required
|
|
from django.core.exceptions import ValidationError
|
|
from django.db import IntegrityError
|
|
from django.shortcuts import redirect, render
|
|
|
|
from apps.keys.certificates import issue_certificate_for_key
|
|
from apps.keys.models import SSHKey
|
|
|
|
from .forms import ErasureRequestForm, SSHKeyForm
|
|
from .models import ErasureRequest
|
|
|
|
|
|
@login_required(login_url="/accounts/login/")
|
|
def profile(request):
|
|
erasure_request = (
|
|
ErasureRequest.objects.filter(user=request.user).order_by("-requested_at").first()
|
|
)
|
|
can_add_key = request.user.has_perm("keys.add_sshkey")
|
|
if request.method == "POST":
|
|
form_type = request.POST.get("form_type")
|
|
if form_type == "ssh_key":
|
|
erasure_form = ErasureRequestForm()
|
|
key_form = SSHKeyForm(request.POST)
|
|
if key_form.is_valid():
|
|
if not can_add_key:
|
|
key_form.add_error(None, "You do not have permission to add SSH keys.")
|
|
else:
|
|
name = key_form.cleaned_data["name"].strip()
|
|
public_key = key_form.cleaned_data["public_key"].strip()
|
|
key = SSHKey(user=request.user, name=name)
|
|
try:
|
|
key.set_public_key(public_key)
|
|
key.save()
|
|
issue_certificate_for_key(key, created_by=request.user)
|
|
return redirect("accounts:profile")
|
|
except ValidationError as exc:
|
|
key_form.add_error("public_key", str(exc))
|
|
except IntegrityError:
|
|
key_form.add_error("public_key", "Key already exists.")
|
|
except Exception:
|
|
key_form.add_error(None, "Certificate issuance failed.")
|
|
else:
|
|
key_form = SSHKeyForm()
|
|
erasure_form = ErasureRequestForm(request.POST)
|
|
if erasure_form.is_valid():
|
|
if erasure_request and erasure_request.status == ErasureRequest.Status.PENDING:
|
|
erasure_form.add_error(None, "You already have a pending erasure request.")
|
|
else:
|
|
ErasureRequest.objects.create(
|
|
user=request.user,
|
|
reason=erasure_form.cleaned_data["reason"].strip(),
|
|
)
|
|
return redirect("accounts:profile")
|
|
else:
|
|
erasure_form = ErasureRequestForm()
|
|
key_form = SSHKeyForm()
|
|
|
|
ssh_keys = SSHKey.objects.filter(user=request.user).order_by("-created_at")
|
|
context = {
|
|
"user": request.user,
|
|
"auth_mode": getattr(settings, "KEYWARDEN_AUTH_MODE", "hybrid"),
|
|
"erasure_request": erasure_request,
|
|
"erasure_form": erasure_form,
|
|
"key_form": key_form,
|
|
"ssh_keys": ssh_keys,
|
|
"can_add_key": can_add_key,
|
|
}
|
|
return render(request, "accounts/profile.html", context)
|
|
|
|
|
|
def login_view(request):
|
|
auth_mode = getattr(settings, "KEYWARDEN_AUTH_MODE", "hybrid")
|
|
if auth_mode == "oidc":
|
|
return redirect("/oidc/authenticate/")
|
|
# native or hybrid -> render Django's built-in login view
|
|
return auth_views.LoginView.as_view(template_name="accounts/login.html")(request)
|
|
|
|
|
|
def logout_view(request):
|
|
logout(request)
|
|
return redirect(getattr(settings, "LOGOUT_REDIRECT_URL", "/"))
|