From e08907887ace69269eba5dd5ae544cf963a6f3c1 Mon Sep 17 00:00:00 2001
From: Aisha Saeed <aisha.saeed@aalto.fi>
Date: Tue, 10 Jul 2018 17:52:34 +0300
Subject: [PATCH] Added admin panel to add/remove superusers. Removed superuser
 option from sign up page.

---
 README.md                                     |   3 +-
 omi_security/security_node/form.py            |  42 +++-
 .../security_node/templates/base.html         |   3 +
 .../security_node/templates/signup.html       |   4 +-
 .../templates/superusers_panel.html           | 184 ++++++++++++++++++
 omi_security/security_node/urls.py            |   4 +-
 omi_security/security_node/views.py           |  37 +++-
 7 files changed, 271 insertions(+), 6 deletions(-)
 create mode 100644 omi_security/security_node/templates/superusers_panel.html

diff --git a/README.md b/README.md
index 48d42a8..1775085 100644
--- a/README.md
+++ b/README.md
@@ -71,7 +71,8 @@ Initial dependencies
 
 1. Install python and pip: `sudo apt-get install python3 python3-pip`
 2. Install other dependencies: `sudo apt-get install libsasl2-dev python-dev libldap2-dev libssl-dev python-ldap django-auth-ldap`
-1. Install python library: `pip3 install -r requirements.txt`
+3. Install python library: `pip3 install -r requirements.txt`
+4. To create admin: `python3 manage.py createsuperuser`
 
 
 To configure NGINX as proxy, use the following method
diff --git a/omi_security/security_node/form.py b/omi_security/security_node/form.py
index a21bf3a..71c353c 100644
--- a/omi_security/security_node/form.py
+++ b/omi_security/security_node/form.py
@@ -12,8 +12,8 @@ class UserForm(forms.ModelForm):
     email = forms.EmailField(label='Email', max_length=64, widget=forms.TextInput(attrs={'placeholder': 'Email'}))
     password = forms.CharField(min_length=6, max_length=32, label='Password', widget=forms.PasswordInput)
     password1 = forms.CharField(min_length=6, max_length=32, label='Password confirmation', widget=forms.PasswordInput)
-    is_superuser = forms.BooleanField(label='Superuser', required=False)
-    superuser_secret = forms.CharField(label='superuser secret', max_length=64, required=False, widget=forms.TextInput(attrs={'placeholder': 'superuser secret'}))
+    #is_superuser = forms.BooleanField(label='Superuser', required=False)
+    #superuser_secret = forms.CharField(label='superuser secret', max_length=64, required=False, widget=forms.TextInput(attrs={'placeholder': 'superuser secret'}))
     class Meta:
         fields = ['first_name', 'last_name', 'username', 'email', 'password', 'password1', 'is_superuser']
         model=User
@@ -25,6 +25,7 @@ def clean(self):
             raise forms.ValidationError(
                 "Password and Confirm Password does not match"
             )
+        """
         if cleaned_data.get("is_superuser"):
             cleaned_data = super(UserForm, self).clean()
             superuser_secret =  cleaned_data.get("superuser_secret")
@@ -33,6 +34,7 @@ def clean(self):
                 raise forms.ValidationError(
                     "Please enter valid superuser secret or uncheck the superuser checkbox"
                 )
+                """
     def clean_email(self):
         email = self.cleaned_data.get('email')
         username = self.cleaned_data.get('username')
@@ -55,3 +57,39 @@ class Meta:
         model = Group
 
 
+class SuperuserForm(forms.ModelForm):
+    first_name = forms.CharField(label='First Name', max_length=64,widget=forms.TextInput(attrs={'placeholder': 'First name'}))
+    last_name = forms.CharField(label='Last Name', max_length=64,widget=forms.TextInput(attrs={'placeholder': 'Last Name'}))
+    username = forms.CharField(min_length=6, label='Username', max_length=32, widget=forms.TextInput(attrs={'placeholder': 'Username'}))
+    email = forms.EmailField(label='Email', max_length=64, widget=forms.TextInput(attrs={'placeholder': 'Email'}))
+    password = forms.CharField(min_length=6, max_length=32, label='Password', widget=forms.PasswordInput)
+    password1 = forms.CharField(min_length=6, max_length=32, label='Password confirmation', widget=forms.PasswordInput)
+    is_superuser = forms.BooleanField(label='Superuser', required=False)
+
+    class Meta:
+        fields = ['first_name', 'last_name', 'username', 'email', 'password', 'password1', 'is_superuser']
+        model = User
+
+    def clean(self):
+        cleaned_data = super(SuperuserForm, self).clean()
+        password = cleaned_data.get("password")
+        password1 = cleaned_data.get("password1")
+        if password != password1:
+            raise forms.ValidationError(
+                "Password and Confirm Password does not match"
+            )
+
+    def clean_email(self):
+        email = self.cleaned_data.get('email')
+        username = self.cleaned_data.get('username')
+        if email and User.objects.filter(email=email).exclude(username=username).exists():
+            raise forms.ValidationError(u'Email addresses must be unique.')
+        return email
+
+    def save(self, commit=True):
+        # Save the provided password in hashed format
+        user = super(SuperuserForm, self).save(commit=False)
+        user.set_password(self.cleaned_data["password"])
+        if commit:
+            user.save()
+        return user
\ No newline at end of file
diff --git a/omi_security/security_node/templates/base.html b/omi_security/security_node/templates/base.html
index 4ce8040..d31e38b 100644
--- a/omi_security/security_node/templates/base.html
+++ b/omi_security/security_node/templates/base.html
@@ -22,7 +22,10 @@ <h1 class="title">OMI Security Module</h1>
     <div class="topnav" id="myTopnav">
             <a href="{% url 'home' %}">Home</a>
         {% if user.is_authenticated %}
+            {% if user.is_superuser %}
             <a href="{% url 'authmodule' %}">Authorization Module</a>
+            <a href="{% url 'superusers_panel' %}">Admin Panel</a>
+            {% endif %}
             <a href="{% url 'about' %}">About</a>
             <a href="{% url 'logout' %}">Log out {{request.user}}</a>
         {% else %}
diff --git a/omi_security/security_node/templates/signup.html b/omi_security/security_node/templates/signup.html
index b0bfaba..cfdd3f7 100644
--- a/omi_security/security_node/templates/signup.html
+++ b/omi_security/security_node/templates/signup.html
@@ -63,7 +63,7 @@ <h3 class="omb_authTitle"><a href="{% url 'login' %}">Login</a> or Sign Up</h3>
 					</div>
                     <span class="help-block">{{form.errors.password1}}</span>
 
-
+<!--
                   	<div class="input-group">
 						<span class="input-group-addon"><i class="fa fa-address-card-o"></i> Check if Superuser</span>
                         <input autofocus="" class="form-control" id="id_is_superuser" name="is_superuser" type="checkbox" onclick="myFunction()" {% if form.is_superuser.value %} value="{{form.is_superuser.value}}" {% endif %} />
@@ -88,7 +88,9 @@ <h3 class="omb_authTitle"><a href="{% url 'login' %}">Login</a> or Sign Up</h3>
                     }
 
                     </script>
+
                     <span class="help-block">{{form.non_field_errors.0}}</span>
+                    -->
 
 					<button class="btn btn-lg btn-primary btn-block" type="submit">Sign Up</button>
 				</form>
diff --git a/omi_security/security_node/templates/superusers_panel.html b/omi_security/security_node/templates/superusers_panel.html
new file mode 100644
index 0000000..615b1e3
--- /dev/null
+++ b/omi_security/security_node/templates/superusers_panel.html
@@ -0,0 +1,184 @@
+{% extends 'base.html' %}
+
+{% block content %}
+
+
+
+<div class="container">
+
+
+    <div class="omb_login">
+    	        <h2 class="omb_authTitle">Admin Panel</h2>
+                <h3 align="center"><font color="orange">To Add New Superuser</font></h3>
+		<div class="row omb_row-sm-offset-3 omb_socialButtons">
+
+		</div>
+
+		<div class="row omb_row-sm-offset-3 omb_loginOr">
+			<div class="col-xs-12 col-sm-6">
+				<hr class="omb_hrOr">
+			</div>
+		</div>
+
+		<div class="row omb_row-sm-offset-3">
+			<div class="col-xs-12 col-sm-6">
+			    <form class="omb_loginForm" action="" autocomplete="off" method="POST">
+                      {% csrf_token %}
+					<div class="input-group">
+						<span class="input-group-addon"><i class="fa fa-address-book"></i></span>
+                        <input autofocus="" class="form-control" id="id_first_name" maxlength="64" name="first_name" placeholder="First name" type="text" {% if form.first_name.value %} value="{{form.first_name.value}}" {% endif %} required />
+					</div>
+					<span class="help-block">{{form.errors.first_name}}</span>
+
+
+                    <div class="input-group">
+						<span class="input-group-addon"><i class="fa fa fa-address-book-o"></i></span>
+                        <input autofocus="" class="form-control" id="id_last_name" maxlength="64" name="last_name" placeholder="Last Name" type="text" {% if form.last_name.value %} value="{{form.last_name.value}}" {% endif %} required />
+					</div>
+					<span class="help-block">{{form.errors.last_name}}</span>
+
+
+                  	<div class="input-group">
+						<span class="input-group-addon"><i class="fa fa-user-circle-o"></i></span>
+                        <input autofocus="" class="form-control" id="id_username" maxlength="32" minlength="6" name="username" placeholder="Username" type="text" {% if form.username.value %} value="{{form.username.value}}" {% endif %} required />
+					</div>
+					<span class="help-block">{{form.errors.username}}</span>
+
+
+                  	<div class="input-group">
+						<span class="input-group-addon"><i class="fa fa-user"></i></span>
+                        <input autofocus="" class="form-control" id="id_email" maxlength="64" name="email" placeholder="Email" type="text" {% if form.email.value %} value="{{form.email.value}}" {% endif %} required />
+					</div>
+					<span class="help-block">{{form.errors.email}}</span>
+
+
+					<div class="input-group">
+						<span class="input-group-addon"><i class="fa fa-lock"></i></span>
+                      <input class="form-control" id="id_password" maxlength="32" minlength="6" name="password" type="password" placeholder="Password"  required />
+					</div>
+                    <span class="help-block">{{form.errors.password}}</span>
+
+
+                    <div class="input-group">
+						<span class="input-group-addon"><i class="fa fa-lock"></i></span>
+                        <input class="form-control" id="id_password1" maxlength="32" minlength="6" name="password1" type="password" placeholder="Confirm Password" required />
+					</div>
+                    <span class="help-block">{{form.errors.password1}}</span>
+
+
+                  	<div class="input-group">
+						<span class="input-group-addon"><i class="fa fa-address-card-o"></i> Check if Superuser</span>
+                        <input autofocus="" class="form-control" id="id_is_superuser" name="is_superuser" type="checkbox"  {% if form.is_superuser.value %} value="{{form.is_superuser.value}}" {% endif %} />
+					</div>
+
+                    <span class="help-block">{{form.non_field_errors.0}}</span>
+
+					<button class="btn btn-lg btn-primary btn-block" type="submit">Sign Up Superuser</button>
+				</form>
+			</div>
+    	</div>
+
+		<div class="row omb_row-sm-offset-3">
+			<div class="col-xs-12 col-sm-3">
+				<label class="checkbox">
+
+				</label>
+			</div>
+		</div>
+	</div>
+
+<h3 align="center" style="margin-top:50px;"><font color="orange">To Modify Existing User Roles</font></h3>
+<table border="1" align="center">
+    <tr>
+        <th>First Name</th>
+        <th>Last Name</th>
+        <th>Email</th>
+        <th>Username</th>
+        <th>Is_superuser</th>
+        <th>Change Status</th>
+    </tr>
+
+    {% for user in list_users %}
+    <tr>
+        <td>{{ user.first_name }}</td>
+        <td>{{ user.last_name }}</td>
+        <td>{{ user.email }}</td>
+        <td>{{ user.username }}</td>
+        <td>{{ user.is_superuser }}</td>
+        {% if user.is_superuser %}
+            <td><form method="post" action="/userRole/{{user.id}}/">
+                 {% csrf_token %}
+                <input type="hidden" name="user_superuser" value="superuser">
+                <input type="submit" value="Downgrade to normal user"></form></td>
+
+        {% else %}
+             <td><form method="post" action="/userRole/{{user.id}}/">
+                  {% csrf_token %}
+                 <input type="hidden" name="user_superuser" value="normaluser">
+                 <input type="submit" value="Upgrade to super user"></form></td>
+
+        {% endif %}
+    </tr>
+    {% endfor %}
+</table>
+
+
+
+</div>
+
+
+
+
+{% endblock %}
+
+
+<!--
+<table>
+
+    <tr>
+        <th>Username</th>
+        <th>is_superuser</th>
+        <th>Enable/disable Superuser</th>
+    </tr>
+
+    <tbody>
+    {% for user in list_users %}
+    <tr>
+        <td>{{ user.username }}</td>
+        {% if user.is_superuser %}
+        <td>$ {{ user.is_superuser }}</td>
+        {% else %}
+        <td></td>
+        {% endif %}
+        <td><a href="url:userRole" user.id>Modify User</a></td>
+    </tr>
+    {% endfor %}
+    </tbody>
+              </table>
+
+-->
+
+
+
+
+
+
+<h2>Sign up</h2>
+<form action="#" method="post">
+    {% csrf_token %}
+    {{ form }}
+    <input type="submit" value="Sign Up" />
+</form>
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/omi_security/security_node/urls.py b/omi_security/security_node/urls.py
index 0b607c2..a9bff96 100644
--- a/omi_security/security_node/urls.py
+++ b/omi_security/security_node/urls.py
@@ -1,4 +1,4 @@
-from django.urls import path
+from django.urls import path, re_path
 
 from . import views
 
@@ -11,6 +11,8 @@
     path(r'omi_authquery', views.omi_authquery, name='omi_authquery'),
     path(r'about', views.about, name='about'),
     path(r'create_oauth_token', views.create_oauth_token, name='create_oauth_token'),
+    path(r'superusers_panel', views.superusers_panel, name='superusers_panel'),
+    re_path(r'^userRole/(?P<user_id>[0-9]+)/$', views.userRole, name='userRole'),
 
 
 ]
diff --git a/omi_security/security_node/views.py b/omi_security/security_node/views.py
index 85b7719..3d96348 100644
--- a/omi_security/security_node/views.py
+++ b/omi_security/security_node/views.py
@@ -4,7 +4,7 @@
 from django.http import HttpResponse, JsonResponse
 from security_node.models import Group, User_Group_Relation, Rule
 from django.contrib.auth.models import User
-from security_node.form import UserForm, GroupForm
+from security_node.form import UserForm, GroupForm, SuperuserForm
 from django.contrib.auth.decorators import login_required
 from django.contrib.auth import authenticate
 from django.contrib.auth import login as auth_login
@@ -173,6 +173,41 @@ def omi_authquery(request):
     #{'allow': [<paths>], 'deny': [<paths>], 'isAdmin': true|false}
 
 
+@login_required
+@csrf_protect
+def superusers_panel(request):
+
+    if not token_validator(request):
+        return redirect('logout')
+
+    if request.user.is_superuser:
+        if request.method == 'POST':
+            form = SuperuserForm(request.POST)
+            if form.is_valid():
+                form.save()
+                return redirect('home')
+        else:
+            form = SuperuserForm()
+        users = User.objects.all()
+        return render(request, 'superusers_panel.html', {'form': form, "list_users": users})
+    else:
+        return redirect('home')
+
+
+@login_required
+@csrf_protect
+def userRole(request, user_id):
+
+    if not token_validator(request):
+        return redirect('logout')
+
+    user = User.objects.get(id=user_id)
+    modify_user = request.POST.get('user_superuser')
+    user.is_superuser = False if modify_user == "superuser" else True
+    user.save()
+    return redirect('superusers_panel')
+
+