regluit/libraryauth/backends.py

'''
to make a backend named <backend> you need to...
1. make a class <backend>
2. with a function authenticate(self, request, library)
    returns true if can request.user can be authenticated to the library, and attaches a credential property to the library object
    returns fals if otherwise.
3. with a class authenticator
    with a process((self, authenticator, success_url, deny_url) method which is expected to return a response
4. make a libraryauth/<backend>_join.html template (authenticator will be in its context) to insert a link or form for a user to join the library
5. if you need to show the user a form, define a model form class form with init method  __init__(self, request, library, *args, **kwargs)
    and model LibraryUser
6. define an admin form to let the library configure its authentication
7. add new auth choice to Library.backend choices and the admin as desired

'''
import logging
from django.db.models import Q
from django import forms
from django.http import HttpResponseRedirect
from django.shortcuts import render

from .models import Block, IP, LibraryUser, CardPattern, EmailPattern
                    

logger = logging.getLogger(__name__)

class ip:
    def authenticate(self,request, library):
        try:
            ip = IP(request.META['REMOTE_ADDR'])
            blocks = Block.objects.filter(Q(lower=ip) | Q(lower__lte=ip, upper__gte=ip))
            for block in blocks:
                if block.library==library:
                    logger.info('%s authenticated for %s from %s'%(request.user, library, ip))
                    library.credential=ip
                    return True
            return False
        except KeyError:
            return False
     
    class authenticator():
        def process(self, caller, success_url, deny_url):
            return HttpResponseRedirect(deny_url)
    
    form = None
    
    class admin_form(forms.ModelForm):
        class Meta:
            model = Block
            exclude = ("library",)

class cardnum:   
    def authenticate(self,request, library):
        return False

    class authenticator():
        def process(self, caller, success_url, deny_url):
            if caller.form and caller.request.method=='POST' and caller.form.is_valid():
                library = caller.form.cleaned_data['library']
                library.credential = caller.form.cleaned_data['credential']
                logger.info('%s authenticated for %s from %s'%(caller.request.user, caller.library, caller.form.cleaned_data.get('number')))
                library.add_user(caller.form.cleaned_data['user'])
                return HttpResponseRedirect(success_url)
            else:
                return render(caller.request, 'libraryauth/library.html', {
                        'library':caller.library,
                        'authenticator':caller,
                        })

    class admin_form(forms.ModelForm):
        class Meta:
            model = CardPattern
            exclude = ("library",)
    
    class form(forms.ModelForm):
        credential = forms.RegexField(
                label="Enter Your Library Card Number", 
                max_length=20, 
                regex=r'^\d+$',
                required = True,
                help_text = "(digits only)",
                error_messages = {'invalid': "digits only!",}
            )
        def __init__(self, request, library, *args, **kwargs):
            if request.method=="POST":
                data=request.POST
                super(cardnum.form, self).__init__(data=data)
            else:
                initial={'user':request.user, 'library':library}
                super(cardnum.form, self).__init__(initial=initial)
    
        def clean(self):
            library = self.cleaned_data.get('library', None)
            credential = self.cleaned_data.get('credential', '')
            for card_pattern in library.cardnum_auths.all():
                if card_pattern.is_valid(credential):
                    return self.cleaned_data
            raise forms.ValidationError("the library card number must be VALID.")
        
        class Meta:
            model = LibraryUser
            widgets = { 'library': forms.HiddenInput, 'user': forms.HiddenInput }
            exclude = ()
class email:  
    def authenticate(self,request, library):
        if request.user.is_anonymous():
            return False
        email = request.user.email
        for email_pattern in library.email_auths.all():
            if email_pattern.is_valid(email):
                logger.info('%s authenticated for %s from %s'%(request.user, library, email))
                library.credential=email
                return True
        return False
     
    class authenticator():
        def process(self, caller, success_url, deny_url):
            return HttpResponseRedirect(deny_url)
    form = None
    class admin_form(forms.ModelForm):
        class Meta:
            model = EmailPattern
            exclude = ("library",)
LibraryUser replaces LibraryCard, used for all backends, has datestamp 2013-10-10 19:56:40 +00:00			`'''`
			`to make a backend named <backend> you need to...`
refactor backends into classes 2013-12-02 04:58:58 +00:00			`1. make a class <backend>`
			`2. with a function authenticate(self, request, library)`
LibraryUser replaces LibraryCard, used for all backends, has datestamp 2013-10-10 19:56:40 +00:00			`returns true if can request.user can be authenticated to the library, and attaches a credential property to the library object`
			`returns fals if otherwise.`
refactor backends into classes 2013-12-02 04:58:58 +00:00			`3. with a class authenticator`
LibraryUser replaces LibraryCard, used for all backends, has datestamp 2013-10-10 19:56:40 +00:00			`with a process((self, authenticator, success_url, deny_url) method which is expected to return a response`
refactor backends into classes 2013-12-02 04:58:58 +00:00			`4. make a libraryauth/<backend>_join.html template (authenticator will be in its context) to insert a link or form for a user to join the library`
			`5. if you need to show the user a form, define a model form class form with init method __init__(self, request, library, args, *kwargs)`
LibraryUser replaces LibraryCard, used for all backends, has datestamp 2013-10-10 19:56:40 +00:00			`and model LibraryUser`
refactor backends into classes 2013-12-02 04:58:58 +00:00			`6. define an admin form to let the library configure its authentication`
			`7. add new auth choice to Library.backend choices and the admin as desired`
LibraryUser replaces LibraryCard, used for all backends, has datestamp 2013-10-10 19:56:40 +00:00
			`'''`
Implemented IP authentication libraries get associated with a library_block table (IP ranges) moved superlogin here IP stuff mostly copied from https://github.com/benliles/django-ipauth/blob/master/ipauth/models.py The model is that you need to be in an allowed IP range to "join" a library. Once you've joined, you can use your login from anywhere. to use that library. Asign IP ranges in admin 2013-10-08 19:37:22 +00:00			`import logging`
			`from django.db.models import Q`
card number authentication! create libraries and administer them in admin. card patterns mimc ezproxy format http://www.oclc.org/support/services/ezproxy/documentation/usr/number.en .html after you join a library, it appears in your explore bar 2013-10-10 06:41:50 +00:00			`from django import forms`
Implemented IP authentication libraries get associated with a library_block table (IP ranges) moved superlogin here IP stuff mostly copied from https://github.com/benliles/django-ipauth/blob/master/ipauth/models.py The model is that you need to be in an allowed IP range to "join" a library. Once you've joined, you can use your login from anywhere. to use that library. Asign IP ranges in admin 2013-10-08 19:37:22 +00:00			`from django.http import HttpResponseRedirect`
			`from django.shortcuts import render`
libraries, phase 1. admin can create a library connected to a user other users can "join" the library 2013-10-02 16:02:08 +00:00
can now create and admin user validation 2013-11-30 20:40:45 +00:00			`from .models import Block, IP, LibraryUser, CardPattern, EmailPattern`

Implemented IP authentication libraries get associated with a library_block table (IP ranges) moved superlogin here IP stuff mostly copied from https://github.com/benliles/django-ipauth/blob/master/ipauth/models.py The model is that you need to be in an allowed IP range to "join" a library. Once you've joined, you can use your login from anywhere. to use that library. Asign IP ranges in admin 2013-10-08 19:37:22 +00:00
			`logger = logging.getLogger(__name__)`

refactor backends into classes 2013-12-02 04:58:58 +00:00			`class ip:`
			`def authenticate(self,request, library):`
			`try:`
			`ip = IP(request.META['REMOTE_ADDR'])`
			`blocks = Block.objects.filter(Q(lower=ip) \| Q(lower__lte=ip, upper__gte=ip))`
			`for block in blocks:`
			`if block.library==library:`
			`logger.info('%s authenticated for %s from %s'%(request.user, library, ip))`
			`library.credential=ip`
			`return True`
			`return False`
			`except KeyError:`
			`return False`
Implemented IP authentication libraries get associated with a library_block table (IP ranges) moved superlogin here IP stuff mostly copied from https://github.com/benliles/django-ipauth/blob/master/ipauth/models.py The model is that you need to be in an allowed IP range to "join" a library. Once you've joined, you can use your login from anywhere. to use that library. Asign IP ranges in admin 2013-10-08 19:37:22 +00:00
refactor backends into classes 2013-12-02 04:58:58 +00:00			`class authenticator():`
fix problem created by refactor 2013-12-02 23:19:11 +00:00			`def process(self, caller, success_url, deny_url):`
refactor backends into classes 2013-12-02 04:58:58 +00:00			`return HttpResponseRedirect(deny_url)`

			`form = None`
libraries, phase 1. admin can create a library connected to a user other users can "join" the library 2013-10-02 16:02:08 +00:00
refactor backends into classes 2013-12-02 04:58:58 +00:00			`class admin_form(forms.ModelForm):`
			`class Meta:`
			`model = Block`
patch form exclude syntax 2016-04-08 00:39:23 +00:00			`exclude = ("library",)`
Implemented IP authentication libraries get associated with a library_block table (IP ranges) moved superlogin here IP stuff mostly copied from https://github.com/benliles/django-ipauth/blob/master/ipauth/models.py The model is that you need to be in an allowed IP range to "join" a library. Once you've joined, you can use your login from anywhere. to use that library. Asign IP ranges in admin 2013-10-08 19:37:22 +00:00
refactor backends into classes 2013-12-02 04:58:58 +00:00			`class cardnum:`
			`def authenticate(self,request, library):`
			`return False`

			`class authenticator():`
fix problem created by refactor 2013-12-02 23:19:11 +00:00			`def process(self, caller, success_url, deny_url):`
			`if caller.form and caller.request.method=='POST' and caller.form.is_valid():`
			`library = caller.form.cleaned_data['library']`
			`library.credential = caller.form.cleaned_data['credential']`
			`logger.info('%s authenticated for %s from %s'%(caller.request.user, caller.library, caller.form.cleaned_data.get('number')))`
			`library.add_user(caller.form.cleaned_data['user'])`
refactor backends into classes 2013-12-02 04:58:58 +00:00			`return HttpResponseRedirect(success_url)`
			`else:`
fix problem created by refactor 2013-12-02 23:19:11 +00:00			`return render(caller.request, 'libraryauth/library.html', {`
			`'library':caller.library,`
			`'authenticator':caller,`
refactor backends into classes 2013-12-02 04:58:58 +00:00			`})`
card number authentication! create libraries and administer them in admin. card patterns mimc ezproxy format http://www.oclc.org/support/services/ezproxy/documentation/usr/number.en .html after you join a library, it appears in your explore bar 2013-10-10 06:41:50 +00:00
refactor backends into classes 2013-12-02 04:58:58 +00:00			`class admin_form(forms.ModelForm):`
			`class Meta:`
			`model = CardPattern`
patch form exclude syntax 2016-04-08 00:39:23 +00:00			`exclude = ("library",)`
can now create and admin user validation 2013-11-30 20:40:45 +00:00
refactor backends into classes 2013-12-02 04:58:58 +00:00			`class form(forms.ModelForm):`
			`credential = forms.RegexField(`
			`label="Enter Your Library Card Number",`
			`max_length=20,`
			`regex=r'^\d+$',`
			`required = True,`
			`help_text = "(digits only)",`
			`error_messages = {'invalid': "digits only!",}`
			`)`
			`def __init__(self, request, library, args, *kwargs):`
			`if request.method=="POST":`
			`data=request.POST`
			`super(cardnum.form, self).__init__(data=data)`
			`else:`
			`initial={'user':request.user, 'library':library}`
			`super(cardnum.form, self).__init__(initial=initial)`
card number authentication! create libraries and administer them in admin. card patterns mimc ezproxy format http://www.oclc.org/support/services/ezproxy/documentation/usr/number.en .html after you join a library, it appears in your explore bar 2013-10-10 06:41:50 +00:00
refactor backends into classes 2013-12-02 04:58:58 +00:00			`def clean(self):`
			`library = self.cleaned_data.get('library', None)`
			`credential = self.cleaned_data.get('credential', '')`
			`for card_pattern in library.cardnum_auths.all():`
			`if card_pattern.is_valid(credential):`
			`return self.cleaned_data`
			`raise forms.ValidationError("the library card number must be VALID.")`
add email authentication 2013-10-11 02:31:31 +00:00
refactor backends into classes 2013-12-02 04:58:58 +00:00			`class Meta:`
			`model = LibraryUser`
			`widgets = { 'library': forms.HiddenInput, 'user': forms.HiddenInput }`
model forms need at least exclude 2016-07-21 19:52:07 +00:00			`exclude = ()`
refactor backends into classes 2013-12-02 04:58:58 +00:00			`class email:`
			`def authenticate(self,request, library):`
			`if request.user.is_anonymous():`
			`return False`
			`email = request.user.email`
			`for email_pattern in library.email_auths.all():`
			`if email_pattern.is_valid(email):`
			`logger.info('%s authenticated for %s from %s'%(request.user, library, email))`
			`library.credential=email`
			`return True`
add email authentication 2013-10-11 02:31:31 +00:00			`return False`

refactor backends into classes 2013-12-02 04:58:58 +00:00			`class authenticator():`
fix problem created by refactor 2013-12-02 23:19:11 +00:00			`def process(self, caller, success_url, deny_url):`
refactor backends into classes 2013-12-02 04:58:58 +00:00			`return HttpResponseRedirect(deny_url)`
			`form = None`
			`class admin_form(forms.ModelForm):`
			`class Meta:`
			`model = EmailPattern`
patch form exclude syntax 2016-04-08 00:39:23 +00:00			`exclude = ("library",)`