import user_manager and accounts from project wireguard_webadmin

2025-06-20 17:15:39 +02:00 · 2024-03-12 10:49:49 -03:00 · 2024-03-12 10:49:49 -03:00 · c104a12df0
commit c104a12df0
parent 757fa6a1e1
28 changed files with 618 additions and 4 deletions
--- a/accounts/init.py
+++ b/accounts/init.py
--- a/accounts/admin.py
+++ b/accounts/admin.py
@ -0,0 +1,3 @@
+from django.contrib import admin
+
+# Register your models here.
--- a/accounts/apps.py
+++ b/accounts/apps.py
@ -0,0 +1,6 @@
+from django.apps import AppConfig
+
+
+class AccountsConfig(AppConfig):
+    default_auto_field = 'django.db.models.BigAutoField'
+    name = 'accounts'
--- a/accounts/forms.py
+++ b/accounts/forms.py
@ -0,0 +1,41 @@
+from typing import Any
+from django import forms
+from django.core.exceptions import ValidationError
+from django.contrib.auth import authenticate
+
+
+class CreateUserForm(forms.Form):
+    username = forms.CharField(label='Username')
+    password = forms.CharField(label='Password', widget=forms.PasswordInput)
+    password2 = forms.CharField(label='Confirm Password', widget=forms.PasswordInput)  # Adicione este campo para a confirmação da senha
+
+    def clean(self):
+        cleaned_data = super().clean()
+
+        username = cleaned_data.get("username")
+        if username and ' ' in username:
+            self.add_error('username', ValidationError("Username cannot contain spaces."))
+        cleaned_data['username'] = username.lower()
+        password = cleaned_data.get("password")
+        password2 = cleaned_data.get("password2")
+
+        if password and password2 and password != password2:
+            self.add_error('password2', ValidationError("The two password fields didn't match."))
+        return cleaned_data
+
+
+class LoginForm(forms.Form):
+    username = forms.CharField(label='Username')
+    password = forms.CharField(label='Password', widget=forms.PasswordInput)
+
+    def clean(self):
+        cleaned_data = super().clean()
+        username = cleaned_data.get("username")
+        password = cleaned_data.get("password")
+        if username and password:
+            user = authenticate(username=username, password=password)
+            if not user:
+                self.add_error(None, ValidationError("Invalid username or password."))
+        else:
+            self.add_error(None, ValidationError("Both fields are required."))
+        return cleaned_data
--- a/accounts/migrations/init.py
+++ b/accounts/migrations/init.py
--- a/accounts/models.py
+++ b/accounts/models.py
@ -0,0 +1,3 @@
+from django.db import models
+
+# Create your models here.
--- a/accounts/tests.py
+++ b/accounts/tests.py
@ -0,0 +1,3 @@
+from django.test import TestCase
+
+# Create your tests here.
--- a/accounts/views.py
+++ b/accounts/views.py
@ -0,0 +1,42 @@
+from django.shortcuts import render, Http404, redirect
+from django.contrib.auth.models import User
+from django.contrib import auth
+from .forms import CreateUserForm, LoginForm
+from django.http import HttpResponse
+from user_manager.models import UserAcl
+
+
+def view_create_first_user(request):
+    if User.objects.filter().all():
+        raise Http404('Superuser already exists')
+    if request.method == 'POST':
+        form = CreateUserForm(request.POST)
+        if form.is_valid():
+            username = form.cleaned_data['username']
+            password = form.cleaned_data['password']
+            new_user = User.objects.create_superuser(username=username, password=password)
+            UserAcl.objects.create(user=new_user, user_level=50)
+            return render(request, 'accounts/superuser_created.html')
+    else:
+        form = CreateUserForm()
+    return render(request, 'accounts/create_first_user.html', {'form': form})
+
+
+def view_login(request):
+    if not User.objects.filter().all():
+        return redirect('/accounts/create_first_user/')
+    if request.method == 'POST':
+        form = LoginForm(request.POST)
+        if form.is_valid():
+            username = form.cleaned_data['username']
+            user = User.objects.get(username=username)
+            auth.login(request, user)
+            return redirect('/')
+    else:
+        form = LoginForm()
+    return render(request, 'accounts/login.html', {'form': form})
+
+
+def view_logout(request):
+    auth.logout(request)
+    return render(request, 'accounts/logout.html')
--- a/dashboard/views.py
+++ b/dashboard/views.py
@ -1,11 +1,14 @@
 from django.shortcuts import render
+from django.contrib.auth.decorators import login_required


+@login_required
 def view_dashboard(request):
    context = {'page_title': 'Welcome to routerfleet'}
    return render(request, 'dashboard/welcome.html', context=context)


+@login_required
 def view_status(request):
    context = {'page_title': 'Welcome to routerfleet'}
    return render(request, 'dashboard/status.html', context=context)
--- a/requirements.txt
+++ b/requirements.txt
@ -1,4 +1,5 @@
 asgiref==3.7.2
+crispy-bootstrap4==2024.1
 crispy-bootstrap5==2024.2
 Django==5.0.3
 django-crispy-forms==2.1
--- a/routerfleet/settings.py
+++ b/routerfleet/settings.py
@ -37,7 +37,9 @@ INSTALLED_APPS = [
    'django.contrib.sessions',
    'django.contrib.messages',
    'django.contrib.staticfiles',
-    'crispy_forms'
+    'crispy_forms',
+    'crispy_bootstrap4',
+    'user_manager'
 ]

 MIDDLEWARE = [
@ -50,6 +52,9 @@ MIDDLEWARE = [
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
 ]

+CRISPY_ALLOWED_TEMPLATE_PACKS = "bootstrap4"
+CRISPY_TEMPLATE_PACK = "bootstrap4"
+
 ROOT_URLCONF = 'routerfleet.urls'

 TEMPLATES = [
--- a/routerfleet/urls.py
+++ b/routerfleet/urls.py
@ -1,10 +1,17 @@
 from django.contrib import admin
 from django.urls import path
 from dashboard.views import view_dashboard, view_status
+from user_manager.views import view_manage_user, view_user_list
+from accounts.views import view_login, view_logout, view_create_first_user


 urlpatterns = [
    path('admin/', admin.site.urls),
    path('', view_dashboard, name='dashboard'),
-    path('status/', view_status, name='status')
+    path('status/', view_status, name='status'),
+    path('user/list/', view_user_list, name='user_list'),
+    path('user/manage/', view_manage_user, name='manage_user'),
+    path('accounts/create_first_user/', view_create_first_user, name='create_first_user'),
+    path('accounts/login/', view_login, name='login'),
+    path('accounts/logout/', view_logout, name='logout'),
 ]
--- a/templates/accounts/create_first_user.html
+++ b/templates/accounts/create_first_user.html
@ -0,0 +1,71 @@
+{% extends "base_login.html" %}
+
+{% block content %}
+
+<div class="register-box">
+    <div class="register-logo">
+      <a href="/"><b>routerfleet</b></a>
+    </div>
+  
+    <div class="card">
+      <div class="card-body register-card-body">
+        <p class="login-box-msg">Create new administrator</p>
+  
+        <form action="/accounts/create_first_user/" method="post">
+            {% csrf_token %}
+            <div class="input-group mb-3">
+              <input type="text" class="form-control" placeholder="username" name="username"> 
+              <div class="input-group-append">
+                <div class="input-group-text">
+                  <span class="fas fa-user"></span>
+                </div>
+              </div>
+            </div>
+            
+            <div class="input-group mb-3">
+              <input type="password" class="form-control" placeholder="Password" name="password"> 
+              <div class="input-group-append">
+                <div class="input-group-text">
+                  <span class="fas fa-lock"></span>
+                </div>
+              </div>
+            </div>
+            <div class="input-group mb-3">
+              <input type="password" class="form-control" placeholder="Retype password" name="password2"> 
+              <div class="input-group-append">
+                <div class="input-group-text">
+                  <span class="fas fa-lock"></span>
+                </div>
+              </div>
+            </div>
+            
+            
+            <div class="row">
+              <div class="col-8">
+              </div>
+              <div class="col-4">
+                <button type="submit" class="btn btn-primary btn-block">Register</button>
+              </div>
+            </div>
+          </form>
+          
+  
+        
+      </div>
+      <!-- /.form-box -->
+    </div><!-- /.card -->
+  </div>
+  <!-- /.register-box -->
+
+
+<script>
+  document.querySelector('input[name="username"]').addEventListener('input', function() {
+    this.value = this.value.toLowerCase().replace(/\s/g, '');
+  });
+</script>
+
+
+
+
+  {% endblock %}
+``` 
--- a/templates/accounts/login.html
+++ b/templates/accounts/login.html
@ -0,0 +1,62 @@
+{% extends "base_login.html" %}
+
+{% block content %}
+
+<div class="register-box">
+    <div class="register-logo">
+      <a href="/"><b>routerfleet</b></a>
+    </div>
+  
+    <div class="card">
+      <div class="card-body register-card-body">
+        <form action="/accounts/login/" method="post">
+            {% csrf_token %}
+            <div class="input-group mb-3">
+              <input type="text" class="form-control" placeholder="username" name="username"> 
+              <div class="input-group-append">
+                <div class="input-group-text">
+                  <span class="fas fa-user"></span>
+                </div>
+              </div>
+            </div>
+            
+            <div class="input-group mb-3">
+              <input type="password" class="form-control" placeholder="Password" name="password"> 
+              <div class="input-group-append">
+                <div class="input-group-text">
+                  <span class="fas fa-lock"></span>
+                </div>
+              </div>
+            </div>
+            
+            
+            
+            <div class="row">
+              <div class="col-8">
+              </div>
+              <div class="col-4">
+                <button type="submit" class="btn btn-primary btn-block">Login</button>
+              </div>
+            </div>
+          </form>
+          
+  
+        
+      </div>
+      <!-- /.form-box -->
+    </div><!-- /.card -->
+  </div>
+  <!-- /.register-box -->
+
+
+<script>
+  document.querySelector('input[name="username"]').addEventListener('input', function() {
+    this.value = this.value.toLowerCase().replace(/\s/g, '');
+  });
+</script>
+
+
+
+
+  {% endblock %}
+``` 
--- a/templates/accounts/logout.html
+++ b/templates/accounts/logout.html
@ -0,0 +1,35 @@
+{% extends "base_login.html" %}
+
+{% block content %}
+
+<div class="register-box">
+    <div class="register-logo">
+      <a href="/"><b>routerfleet</b></a>
+    </div>
+  
+    <div class="card">
+      <div class="card-body register-card-body">
+        <p class="login-box-msg">You have been successfully logged out.</p>
+  
+        
+          
+          
+          <div class="row">
+            
+            <div class="col-12">
+              <a href="/accounts/login/" class="btn btn-primary btn-block">Login again</a>
+            </div>
+          </div>
+  
+        
+      </div>
+      <!-- /.form-box -->
+    </div><!-- /.card -->
+  </div>
+  <!-- /.register-box -->
+
+
+
+
+  {% endblock %}
+``` 
--- a/templates/accounts/superuser_created.html
+++ b/templates/accounts/superuser_created.html
@ -0,0 +1,32 @@
+{% extends "base_login.html" %}
+
+{% block content %}
+
+<div class="register-box">
+    <div class="register-logo">
+      <a href="/"><b>routerfleet</b></a>
+    </div>
+  
+    <div class="card">
+      <div class="card-body register-card-body">
+        <p class="login-box-msg">Superuser created!</p>
+          
+          <div class="row">
+            
+            <div class="col-12">
+              <a href="/accounts/login/" class="btn btn-primary btn-block">Proceed to login</a>
+            </div>
+          </div>
+  
+        
+      </div>
+      <!-- /.form-box -->
+    </div><!-- /.card -->
+  </div>
+  <!-- /.register-box -->
+
+
+
+
+
+  {% endblock %}
--- a/templates/base.html
+++ b/templates/base.html
@ -3,7 +3,7 @@
 <head>
  <meta charset="utf-8">
  <meta name="viewport" content="width=device-width, initial-scale=1">
-  <title>{% if page_title %}{{page_title}} | {% endif %}routerfleet</title>
+  <title>{% if page_title %}{{ page_title }} | {% endif %}routerfleet</title>

  <!-- Google Font: Source Sans Pro -->
  <link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,400i,700&display=fallback">
@ -93,8 +93,15 @@
                    </a>
                </li>

+                <li class="nav-item">
+                    <a href="/user/list/" class="nav-link {% if '/user/' in request.path %}active{% endif %}">
+                      <i class="fas fa-users nav-icon"></i>
+                      <p>
+                        User Manager
+                      </p>
+                    </a>
+                </li>

-          
        </ul>
      </nav>
      <!-- /.sidebar-menu -->
--- a/templates/user_manager/list.html
+++ b/templates/user_manager/list.html
@ -0,0 +1,27 @@
+{% extends "base.html" %}
+
+{% block content %}
+<table class="table table-striped">
+    <thead>
+        <tr>
+            <th>Username</th>
+            <th>User Level</th>
+            <th></th>
+        </tr>
+    </thead>
+    <tbody>
+        {% for user_acl in user_acl_list %}
+        <tr>
+            <td>{{ user_acl.user.username }}</td>
+            <td>{{ user_acl.get_user_level_display }}</td>
+            <td style="width: 1%; white-space: nowrap;">
+                <a href="/user/manage/?uuid={{ user_acl.uuid }}" ><i class="far fa-edit"></i></a>
+            </td>
+        </tr>
+        {% endfor %}
+    </tbody>
+    </table>
+
+    <a href="/user/manage/" class="btn btn-primary">Add User</a>
+
+{% endblock %}
--- a/templates/user_manager/manage_user.html
+++ b/templates/user_manager/manage_user.html
@ -0,0 +1,92 @@
+{% extends "base.html" %}
+
+{% block content %}
+<div class="container mt-3">
+    <div class="card card-primary card-outline">
+        <div class="card-header">
+            <h3 class="card-title">{{ form.instance.pk|yesno:"Edit User,Create New User" }}</h3>
+        </div>
+        <div class="card-body">
+<div class="row">
+    <div class="col-md-4">
+        <form method="post">
+        {% csrf_token %}
+
+            <!-- Username -->
+            <div class="form-group">
+                <label for="{{ form.username.id_for_label }}">Username</label>
+                <input type="text" class="form-control" id="{{ form.username.id_for_label }}" name="{{ form.username.html_name }}" placeholder="Enter Username" value="{{ form.username.value|default_if_none:'' }}" {% if form.instance.pk %}readonly{% endif %}>
+            </div>
+            <!-- Password -->
+            <div class="form-group">
+                <label for="{{ form.password1.id_for_label }}">Password</label>
+                <input type="password" class="form-control" id="{{ form.password1.id_for_label }}" name="{{ form.password1.html_name }}" placeholder="Password">
+            </div>
+            
+            <!-- Retype Password -->
+            <div class="form-group">
+                <label for="{{ form.password2.id_for_label }}">Retype Password</label>
+                <input type="password" class="form-control" id="{{ form.password2.id_for_label }}" name="{{ form.password2.html_name }}" placeholder="Retype Password">
+            </div>           
+            <!-- User Level -->
+            <div class="form-group">
+                <label for="{{ form.user_level.id_for_label }}">{{ form.user_level.label }}</label>
+                <select class="form-control" id="{{ form.user_level.id_for_label }}" name="{{ form.user_level.html_name }}">
+                    {% for value, display in form.user_level.field.choices %}
+                        <option value="{{ value }}" {% if form.user_level.value|stringformat:"s" == value|stringformat:"s" %}selected{% endif %}>{{ display }}</option>
+                    {% endfor %}
+                </select>
+            </div>
+
+            <div>
+                <button type="submit" class="btn btn-primary">Submit</button>
+                <a href="/user/list/" class="btn btn-outline-secondary">Back</a>
+                {% if user_acl %}<a href='javascript:void(0)' class='btn btn-outline-danger' data-command='delete' onclick='openCommandDialog(this)'>Delete User</a>{% endif %}
+    
+            </div>
+        </form>
+    </div>
+        
+    
+    <div class="col-md-8">
+        
+        <h5>Debugging Analyst</h5>
+        <p>Access to basic system information and logs for troubleshooting. No access to modify settings or view sensitive data such as peer keys.</p>
+
+        <h5>View Only User</h5>
+        <p>Full view access, including peer keys and configuration files. Cannot modify any settings or configurations.</p>
+
+        <h5>Peer Manager</h5>
+        <p>Permissions to add, edit, and remove peers and IP addresses. Does not include access to modify WireGuard instance configurations or higher-level settings.</p>
+
+        <h5>Manager</h5>
+        <p>Authority to add, edit, and remove configurations of WireGuard instances.</p>
+
+        <h5>Administrator</h5>
+        <p>Full access across the system. Can view and modify all settings, configurations and manage users. </p>
+
+    </div>
+
+
+</div>
+        
+    </div>
+    </div>
+</div>
+{% endblock %}
+
+
+{% block custom_page_scripts %}
+
+<script>
+    function openCommandDialog(element) {
+        var command = element.getAttribute('data-command');
+        var confirmation = prompt("Please type '{{ user_acl.user.username }}' to remove this user.");
+        if (confirmation) {
+            var url = "?uuid={{ user_acl.uuid }}&action=delete&confirmation=" + encodeURIComponent(confirmation);
+            window.location.href = url;
+        }
+    }
+</script>
+
+{% endblock %}
--- a/user_manager/init.py
+++ b/user_manager/init.py
--- a/user_manager/admin.py
+++ b/user_manager/admin.py
@ -0,0 +1,3 @@
+from django.contrib import admin
+
+# Register your models here.
--- a/user_manager/apps.py
+++ b/user_manager/apps.py
@ -0,0 +1,6 @@
+from django.apps import AppConfig
+
+
+class UserManagerConfig(AppConfig):
+    default_auto_field = 'django.db.models.BigAutoField'
+    name = 'user_manager'
--- a/user_manager/forms.py
+++ b/user_manager/forms.py
@ -0,0 +1,45 @@
+from django import forms
+from django.contrib.auth.forms import UserCreationForm
+from django.contrib.auth.models import User
+from .models import UserAcl
+from django.core.exceptions import ValidationError
+
+
+class UserAclForm(UserCreationForm):
+    user_level = forms.ChoiceField(choices=UserAcl.user_level.field.choices, required=True, label="User Level")
+
+    class Meta(UserCreationForm.Meta):
+        model = User
+        fields = UserCreationForm.Meta.fields + ('user_level',)
+
+    def __init__(self, *args, **kwargs):
+        self.user_id = kwargs.pop('user_id', None)
+        super().__init__(*args, **kwargs)
+        if self.instance and self.instance.pk:
+            self.fields['password1'].required = False
+            self.fields['password2'].required = False
+            self.fields['username'].widget.attrs['readonly'] = True
+
+    def clean_username(self):
+        username = self.cleaned_data.get('username')
+        if User.objects.filter(username=username).exclude(pk=self.user_id).exists():
+            raise ValidationError("A user with that username already exists.")
+        return username
+
+    def save(self, commit=True):
+        user = super().save(commit=False)
+        new_password = self.cleaned_data.get("password1")
+
+        if new_password:
+            user.set_password(new_password)
+            user.save()
+        else:
+            if not user.id:
+                user.save()
+
+        if commit:
+            user_acl, created = UserAcl.objects.update_or_create(
+                user=user,
+                defaults={'user_level': self.cleaned_data.get('user_level')}
+            )
+        return user
--- a/user_manager/migrations/0001_initial.py
+++ b/user_manager/migrations/0001_initial.py
@ -0,0 +1,28 @@
+# Generated by Django 5.0.3 on 2024-03-12 13:05
+
+import django.db.models.deletion
+import uuid
+from django.conf import settings
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    initial = True
+
+    dependencies = [
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='UserAcl',
+            fields=[
+                ('user_level', models.PositiveIntegerField(choices=[(10, 'Debugging Analyst'), (20, 'View Only User'), (30, 'Peer Manager'), (40, 'Manager'), (50, 'Administrator')], default=0)),
+                ('created', models.DateTimeField(auto_now_add=True)),
+                ('updated', models.DateTimeField(auto_now=True)),
+                ('uuid', models.UUIDField(default=uuid.uuid4, editable=False, primary_key=True, serialize=False)),
+                ('user', models.OneToOneField(on_delete=django.db.models.deletion.CASCADE, to=settings.AUTH_USER_MODEL)),
+            ],
+        ),
+    ]
--- a/user_manager/migrations/init.py
+++ b/user_manager/migrations/init.py
--- a/user_manager/models.py
+++ b/user_manager/models.py
@ -0,0 +1,21 @@
+from django.db import models
+from django.contrib.auth.models import User
+import uuid
+
+
+class UserAcl(models.Model):
+    user = models.OneToOneField(User, on_delete=models.CASCADE)
+    user_level = models.PositiveIntegerField(default=0, choices=(
+        (10, 'Debugging Analyst'),
+        (20, 'View Only User'),
+        (30, 'Peer Manager'),
+        (40, 'Manager'),
+        (50, 'Administrator'),
+    ))
+
+    created = models.DateTimeField(auto_now_add=True)
+    updated = models.DateTimeField(auto_now=True)
+    uuid = models.UUIDField(primary_key=True, editable=False, default=uuid.uuid4)
+
+    def __str__(self):
+        return self.user.username
--- a/user_manager/tests.py
+++ b/user_manager/tests.py
@ -0,0 +1,3 @@
+from django.test import TestCase
+
+# Create your tests here.
--- a/user_manager/views.py
+++ b/user_manager/views.py
@ -0,0 +1,68 @@
+from django.contrib.auth.decorators import login_required
+from django.shortcuts import render, redirect, get_object_or_404
+from user_manager.models import UserAcl
+from .forms import UserAclForm
+from django.contrib.auth.models import User
+from django.contrib import messages
+from django.contrib.sessions.models import Session
+
+
+@login_required
+def view_user_list(request):
+    if not UserAcl.objects.filter(user=request.user).filter(user_level__gte=50).exists():
+        return render(request, 'access_denied.html', {'page_title': 'Access Denied'})
+    page_title = 'User Manager'
+    user_acl_list = UserAcl.objects.all().order_by('user__username')
+    context = {'page_title': page_title, 'user_acl_list': user_acl_list}
+    return render(request, 'user_manager/list.html', context)
+
+
+@login_required
+def view_manage_user(request):
+    if not UserAcl.objects.filter(user=request.user).filter(user_level__gte=50).exists():
+        return render(request, 'access_denied.html', {'page_title': 'Access Denied'})
+    user_acl = None
+    user = None
+    if 'uuid' in request.GET:
+        user_acl = get_object_or_404(UserAcl, uuid=request.GET['uuid'])
+        user = user_acl.user
+        form = UserAclForm(instance=user, initial={'user_level': user_acl.user_level}, user_id=user.id)
+        page_title = 'Edit User ' + user.username
+        if request.GET.get('action') == 'delete':
+            username = user.username
+            if request.GET.get('confirmation') == username:
+                user.delete()
+                messages.success(request, 'User deleted|The user ' + username + ' has been deleted.')
+                return redirect('/user/list/')
+
+            return redirect('/user/list/')
+    else:
+        form = UserAclForm()
+        page_title = 'Add User'
+
+    if request.method == 'POST':
+        if user_acl:
+            form = UserAclForm(request.POST, instance=user, user_id=user.id)
+        else:
+            form = UserAclForm(request.POST)
+
+        if form.is_valid():
+            form.save()
+            if form.cleaned_data.get('password1'):
+                user_disconnected = False
+                if user:
+                    for session in Session.objects.all():
+                        if str(user.id) == session.get_decoded().get('_auth_user_id'):
+                            session.delete()
+                            if not user_disconnected:
+                                messages.warning(request,
+                                                 'User Disconnected|The user ' + user.username + ' has been disconnected.')
+                                user_disconnected = True
+            if user_acl:
+                messages.success(request,
+                                 'User updated|The user ' + form.cleaned_data['username'] + ' has been updated.')
+            else:
+                messages.success(request, 'User added|The user ' + form.cleaned_data['username'] + ' has been added.')
+            return redirect('/user/list/')
+
+    return render(request, 'user_manager/manage_user.html', {'form': form, 'page_title': page_title, 'user_acl': user_acl})