diff --git a/seminar/forms.py b/seminar/forms.py index 830203a2..f05b18e2 100644 --- a/seminar/forms.py +++ b/seminar/forms.py @@ -1,9 +1,12 @@ from django import forms from dal import autocomplete +from django.core.exceptions import ObjectDoesNotExist +from django.contrib.auth.models import User -from .models import Skola, Resitel +from .models import Skola, Resitel, Osoba from datetime import date +import logging class LoginForm(forms.Form): username = forms.CharField(label='Přihlašovací jméno', @@ -71,8 +74,37 @@ class PrihlaskaForm(forms.Form): zasilat = forms.ChoiceField(label='Kam zasílat čísla a řešení',choices = Resitel.ZASILAT_CHOICES, required=True) gdpr = forms.BooleanField(label='Souhlasím se zpracováním osobních údajů', required=True) spam = forms.BooleanField(label='Souhlasím se zasíláním materiálů od MFF UK', required=False) + + def clean_username(self): + err_logger = logging.getLogger('seminar.prihlaska.problem') + username = self.cleaned_data.get('username') + try: + User.objects.get(username=username) + msg = "Username {} exists".format(username) + err_logger.info(msg) + raise forms.ValidationError('Přihlašovací jméno je již použito') + + except ObjectDoesNotExist: + pass + + def clean_email(self): + err_logger = logging.getLogger('seminar.prihlaska.problem') + email = self.cleaned_data.get('email') + try: + Osoba.objects.get(email=email) + msg = "Email {} exists".format(email) + err_logger.info(msg) + raise forms.ValidationError('Email je již použit') + + except ObjectDoesNotExist: + pass + + def clean(self): super().clean() + + err_logger = logging.getLogger('seminar.prihlaska.problem') + data = self.cleaned_data if data.get('password') != data.get('password_check'): self.add_error('password_check',forms.ValidationError('Hesla se neshodují')) @@ -87,6 +119,3 @@ class PrihlaskaForm(forms.Form): self.add_error('skola_nazev',forms.ValidationError('Je nutné vyplnit název školy')) elif data.get('skola_adresa')=='': self.add_error('skola_adresa',forms.ValidationError('Je nutné vyplnit adresu školy')) -from seminar.models import Resitel - - diff --git a/seminar/views.py b/seminar/views.py index 1b540197..a320307e 100644 --- a/seminar/views.py +++ b/seminar/views.py @@ -10,6 +10,7 @@ from django.http import Http404,HttpResponseBadRequest,HttpResponseRedirect from django.db.models import Q from django.views.decorators.csrf import ensure_csrf_cookie from django.contrib.auth import authenticate, login, get_user_model, logout +from django.contrib.auth.models import User from django.contrib.auth.mixins import LoginRequiredMixin from django.db import transaction from dal import autocomplete @@ -1025,83 +1026,75 @@ def logoutView(request): return render(request, 'seminar/login.html', {'form': form}) +def prihlaska_log_gdpr_safe(logger, gdpr_logger, msg, form_data): + msg = "{}, form_hash:{}".format(msg,hash(form_data)) + logger.warn(msg) + gdpr_logger.warn(msg+", form:{}".format(form_data)) + + def prihlaskaView(request): - logger = logging.getLogger('seminar.prihlaska') + generic_logger = logging.getLogger('seminar.prihlaska') + err_logger = logging.getLogger('seminar.prihlaska.problem') + form_logger = logging.getLogger('seminar.prihlaska.form') if request.method == 'POST': form = PrihlaskaForm(request.POST) # TODO vyresit, co se bude v jakych situacich zobrazovat if form.is_valid(): - print("Form valid") - try: - # mame jiz email v databazi? - o = Osoba.objects.get(email=form.cleaned_data['email']) - print("Email existuje: {}".format(form.cleaned_data)) - # TODO seřvat a nepustit dál - return HttpResponseRedirect('/thanks/') - except ObjectDoesNotExist: - pass - - User = get_user_model() - try: - u = User.objects.get(username=form.cleaned_data['username']) - print("Username existuje: {}".format(form.cleaned_data)) - # TODO seřvat a nepustit dál - return HttpResponseRedirect('/thanks/') - - except ObjectDoesNotExist: - pass + generic_logger.info("Form valid") + fcd = form.cleaned_data + form_hash = hash(fcd) + form_logger.info(fcd,form_hash=form_hash) with transaction.atomic(): u = User.objects.create_user( - username=form.cleaned_data['username'], - password=form.cleaned_data['password'], - email = form.cleaned_data['email']) + username=fcd['username'], + password=fcd['password'], + email = fcd['email']) u.save() o = Osoba( - jmeno = form.cleaned_data['jmeno'], - prijmeni = form.cleaned_data['prijmeni'], - pohlavi_muz = form.cleaned_data['pohlavi_muz'], - email = form.cleaned_data['email'], - telefon = form.cleaned_data.get('telefon',''), - datum_narozeni = form.cleaned_data.get('datum_narozeni',None), + jmeno = fcd['jmeno'], + prijmeni = fcd['prijmeni'], + pohlavi_muz = fcd['pohlavi_muz'], + email = fcd['email'], + telefon = fcd.get('telefon',''), + datum_narozeni = fcd.get('datum_narozeni',None), datum_souhlasu_udaje = date.today(), datum_registrace = date.today(), - ulice = form.cleaned_data.get('ulice',''), - mesto = form.cleaned_data.get('mesto',''), - psc = form.cleaned_data.get('psc',''), - poznamka = str(form.cleaned_data) + ulice = fcd.get('ulice',''), + mesto = fcd.get('mesto',''), + psc = fcd.get('psc',''), + poznamka = str(fcd) ) - if form.cleaned_data.get('spam',False): + if fcd.get('spam',False): o.datum_souhlasu_zasilani = date.today() - if form.cleaned_data.get('stat','') in ('CZ','SK'): - o.stat = form.cleaned_data['stat'] + if fcd.get('stat','') in ('CZ','SK'): + o.stat = fcd['stat'] else: - pass - #TODO jak budeme resit jine staty? + # Unknown country - log it + msg = "Unknown country {}".format(fcd['stat_text']) + err_logger.warn(msg,form_hash=form_hash) o.save() o.user = u o.save() r = Resitel( - rok_maturity = form.cleaned_data['rok_maturity'], - zasilat = form.cleaned_data['zasilat'] + rok_maturity = fcd['rok_maturity'], + zasilat = fcd['zasilat'] ) r.save() r.osoba = o - if form.cleaned_data.get('skola'): - r.skola = form.cleaned_data['skola'] + if fcd.get('skola'): + r.skola = fcd['skola'] else: - pass - #TODO doplnit skolu, kdyz neni v seznamu + # Unknown school - log it + msg = "Unknown school {}, {}".format(fcd['skola_nazev'],fcd['skola_adresa']) + err_logger.warn(msg,form_hash=form_hash) r.save() - # TODO logovat jednotlive validni formulare do souboru - print(form.cleaned_data) - logger.info(form.cleaned_data) return HttpResponseRedirect('/thanks/') # if a GET (or any other method) we'll create a blank form