Commit b433071a authored by David Seaward's avatar David Seaward

define user_identity as a function

* uses new SITE_DOMAIN value
* replace WOO1_EMAIL_SUFFIX with SITE_DOMAIN
* use user_identity when generating ovpn certificates
parent e95998d9
......@@ -24,7 +24,6 @@ WOO_WP_API = True
WOO_VERSION = wc/v1
WOO_PRODUCT_LIST = 123,124
WOO1_FIELD_LIST = Existing username,Username
WOO1_EMAIL_SUFFIX = @example.com
OVPN_HOSTNAME = ssh.example.com
OVPN_PORT = 22
OVPN_USERNAME = username
......
......@@ -57,6 +57,11 @@ class User(AbstractUser):
ldap_person = self.get_ldap()
ldap_person.change_password(raw_password)
def get_identity(self):
# FIXME: this doesn't belong in ldapregister
# associated with https://code.puri.sm/purist/account_web/issues/25
return self.get_username() + "@" + settings.SITE_DOMAIN
def save(self, force_insert=False, force_update=False, using=None, update_fields=None):
# save django user
......
......@@ -77,11 +77,11 @@ def parse_woo1(json_entry, product_id):
if meta_item["key"] in settings.WOO1_FIELD_LIST: # for example, "Existing username,"
account = meta_item["value"]
if account.count("@") == 0:
account += settings.WOO1_EMAIL_SUFFIX # for example, "@example.com"
elif account.count("@") > 1:
if account.count("@") == 0: # nodomain
account += "@" + settings.SITE_DOMAIN # corrected to nodomain@example.com
elif account.count("@") > 1: # bad@user@example.com
raise Exception("Invalid username: " + account)
elif not account.endswith(settings.WOO1_EMAIL_SUFFIX):
elif not account.endswith(settings.SITE_DOMAIN): # user@unrecognised.com
raise Exception("Bad username suffix: " + account)
external_key = str(order_id) + ":" + str(item_id)
......@@ -116,10 +116,11 @@ def is_existing_credit(credit):
def update_limit_woo1(ssh, credit):
# validate credit
if credit.account_name is None or not str.endswith(credit.account_name, settings.WOO1_EMAIL_SUFFIX):
suffix = "@" + settings.SITE_DOMAIN
if credit.account_name is None or not str.endswith(credit.account_name, suffix):
raise Exception("Invalid account name: " + str(credit.account_name))
else:
suffix_len = 0 - len(settings.WOO1_EMAIL_SUFFIX)
suffix_len = 0 - len(suffix)
username = credit.account_name[:suffix_len]
# get external references (implicit validation that they exist)
......@@ -148,9 +149,7 @@ def update_limit_woo1(ssh, credit):
user.email = credit.additional_data
user.save()
else:
raise Exception("No email address for credit.")
# FIXME: should not simply activate an inactive service
logger.warn("No email address for credit " + credit.parser + " " + credit.external_key)
credit_days = int(external_bundle.time_credit * credit.quantity)
credit_timedelta = timezone.timedelta(days=credit_days)
......@@ -166,14 +165,14 @@ def activate(ssh, limit, credit_timedelta):
limit.is_active = True
if limit.service == "TUNNEL":
openvpn_exec(ssh, "./create_new_ovpn_config --generate %s" % (limit.user.email,))
openvpn_exec(ssh, "./create_new_ovpn_config --generate %s" % (limit.user.get_identity(),))
limit.save()
def deactivate(ssh, limit):
if limit.service == "TUNNEL":
openvpn_exec(ssh, "./create_new_ovpn_config --revoke %s" % (limit.user.email,))
openvpn_exec(ssh, "./create_new_ovpn_config --revoke %s" % (limit.user.get_identity(),))
limit.is_active = False
limit.save()
......
......@@ -23,8 +23,7 @@ def userlimit(request):
@login_required
def ovpn_userfile(request):
username = request.user.get_username()
identity = username + "@" + settings.SITE_DOMAIN
filepath = settings.OVPN_FILEPATH.replace("{IDENTITY}", identity)
user_identity = request.user.get_identity()
filepath = settings.OVPN_FILEPATH.replace("{USER_IDENTITY}", user_identity)
return FileResponse(open(filepath, 'rb'))
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment