regluit/libraryauth/backends.py

'''
to make a backend named <backend> you need to...
1. make a class <backend>
2. with a function authenticate(self, request, library)
    returns true if can request.user can be authenticated to the library,
    and attaches a credential property to the library object
    returns fals if otherwise.
3. with a class authenticator
    with a process((self, authenticator, success_url, deny_url) method
    which is expected to return a response
4. make a libraryauth/<backend>_join.html template (authenticator will be in its context)
   to insert a link or form for a user to join the library
5. if you need to show the user a form, define a model form class form with init method
    __init__(self, request, library, *args, **kwargs)
    and model LibraryUser
6. define an admin form to let the library configure its authentication
7. add new auth choice to Library.backend choices and the admin as desired

'''
import logging
from django.db.models import Q
from django import forms
from django.http import HttpResponseRedirect
from django.shortcuts import render

from .models import Block, IP, LibraryUser, CardPattern, EmailPattern


logger = logging.getLogger(__name__)

class ip:
    def authenticate(self, request, library):
        try:
            ip = IP(request.META['REMOTE_ADDR'])
            blocks = Block.objects.filter(Q(lower=ip) | Q(lower__lte=ip, upper__gte=ip))
            for block in blocks:
                if block.library == library:
                    logger.info('%s authenticated for %s from %s'%(request.user, library, ip))
                    library.credential = ip
                    return True
            return False
        except KeyError:
            return False

    class authenticator():
        def process(self, caller, success_url, deny_url):
            return HttpResponseRedirect(deny_url)

    form = None

    class admin_form(forms.ModelForm):
        class Meta:
            model = Block
            exclude = ("library",)

class cardnum:
    def authenticate(self, request, library):
        return False

    class authenticator():
        def process(self, caller, success_url, deny_url):
            if caller.form and caller.request.method == 'POST' and caller.form.is_valid():
                library = caller.form.cleaned_data['library']
                library.credential = caller.form.cleaned_data['credential']
                logger.info('%s authenticated for %s from %s' % (
                    caller.request.user,
                    caller.library,
                    caller.form.cleaned_data.get('number'),
                ))
                library.add_user(caller.form.cleaned_data['user'])
                return HttpResponseRedirect(success_url)
            return render(caller.request, 'libraryauth/library.html', {
                'library':caller.library,
                'authenticator':caller,
            })

    class admin_form(forms.ModelForm):
        class Meta:
            model = CardPattern
            exclude = ("library",)

    class form(forms.ModelForm):
        credential = forms.RegexField(
            label="Enter Your Library Card Number",
            max_length=20,
            regex=r'^\d+$',
            required=True,
            help_text="(digits only)",
            error_messages={'invalid': "digits only!",}
        )
        def __init__(self, request, library, *args, **kwargs):
            if request.method == "POST":
                data = request.POST
                super(cardnum.form, self).__init__(data=data)
            else:
                initial = {'user':request.user, 'library':library}
                super(cardnum.form, self).__init__(initial=initial)

        def clean(self):
            library = self.cleaned_data.get('library', None)
            credential = self.cleaned_data.get('credential', '')
            for card_pattern in library.cardnum_auths.all():
                if card_pattern.is_valid(credential):
                    return self.cleaned_data
            raise forms.ValidationError("the library card number must be VALID.")

        class Meta:
            model = LibraryUser
            widgets = {'library': forms.HiddenInput, 'user': forms.HiddenInput}
            exclude = ()
class email:
    def authenticate(self, request, library):
        if request.user.is_anonymous:
            return False
        email = request.user.email
        for email_pattern in library.email_auths.all():
            if email_pattern.is_valid(email):
                logger.info('%s authenticated for %s from %s'%(request.user, library, email))
                library.credential = email
                return True
        return False

    class authenticator():
        def process(self, caller, success_url, deny_url):
            return HttpResponseRedirect(deny_url)
    form = None
    class admin_form(forms.ModelForm):
        class Meta:
            model = EmailPattern
            exclude = ("library",)
LibraryUser replaces LibraryCard, used for all backends, has datestamp 2013-10-10 19:56:40 +00:00			`'''`
			`to make a backend named <backend> you need to...`
refactor backends into classes 2013-12-02 04:58:58 +00:00			`1. make a class <backend>`
			`2. with a function authenticate(self, request, library)`
delint 2018-07-26 17:59:58 +00:00			`returns true if can request.user can be authenticated to the library,`
			`and attaches a credential property to the library object`
LibraryUser replaces LibraryCard, used for all backends, has datestamp 2013-10-10 19:56:40 +00:00			`returns fals if otherwise.`
refactor backends into classes 2013-12-02 04:58:58 +00:00			`3. with a class authenticator`
delint 2018-07-26 17:59:58 +00:00			`with a process((self, authenticator, success_url, deny_url) method`
			`which is expected to return a response`
			`4. make a libraryauth/<backend>_join.html template (authenticator will be in its context)`
			`to insert a link or form for a user to join the library`
			`5. if you need to show the user a form, define a model form class form with init method`
			`__init__(self, request, library, args, *kwargs)`
LibraryUser replaces LibraryCard, used for all backends, has datestamp 2013-10-10 19:56:40 +00:00			`and model LibraryUser`
refactor backends into classes 2013-12-02 04:58:58 +00:00			`6. define an admin form to let the library configure its authentication`
			`7. add new auth choice to Library.backend choices and the admin as desired`
LibraryUser replaces LibraryCard, used for all backends, has datestamp 2013-10-10 19:56:40 +00:00
			`'''`
Implemented IP authentication libraries get associated with a library_block table (IP ranges) moved superlogin here IP stuff mostly copied from https://github.com/benliles/django-ipauth/blob/master/ipauth/models.py The model is that you need to be in an allowed IP range to "join" a library. Once you've joined, you can use your login from anywhere. to use that library. Asign IP ranges in admin 2013-10-08 19:37:22 +00:00			`import logging`
			`from django.db.models import Q`
card number authentication! create libraries and administer them in admin. card patterns mimc ezproxy format http://www.oclc.org/support/services/ezproxy/documentation/usr/number.en .html after you join a library, it appears in your explore bar 2013-10-10 06:41:50 +00:00			`from django import forms`
Implemented IP authentication libraries get associated with a library_block table (IP ranges) moved superlogin here IP stuff mostly copied from https://github.com/benliles/django-ipauth/blob/master/ipauth/models.py The model is that you need to be in an allowed IP range to "join" a library. Once you've joined, you can use your login from anywhere. to use that library. Asign IP ranges in admin 2013-10-08 19:37:22 +00:00			`from django.http import HttpResponseRedirect`
			`from django.shortcuts import render`
libraries, phase 1. admin can create a library connected to a user other users can "join" the library 2013-10-02 16:02:08 +00:00
can now create and admin user validation 2013-11-30 20:40:45 +00:00			`from .models import Block, IP, LibraryUser, CardPattern, EmailPattern`
delint 2018-07-26 17:59:58 +00:00
Implemented IP authentication libraries get associated with a library_block table (IP ranges) moved superlogin here IP stuff mostly copied from https://github.com/benliles/django-ipauth/blob/master/ipauth/models.py The model is that you need to be in an allowed IP range to "join" a library. Once you've joined, you can use your login from anywhere. to use that library. Asign IP ranges in admin 2013-10-08 19:37:22 +00:00
			`logger = logging.getLogger(__name__)`

refactor backends into classes 2013-12-02 04:58:58 +00:00			`class ip:`
delint 2018-07-26 17:59:58 +00:00			`def authenticate(self, request, library):`
refactor backends into classes 2013-12-02 04:58:58 +00:00			`try:`
			`ip = IP(request.META['REMOTE_ADDR'])`
			`blocks = Block.objects.filter(Q(lower=ip) \| Q(lower__lte=ip, upper__gte=ip))`
			`for block in blocks:`
delint 2018-07-26 17:59:58 +00:00			`if block.library == library:`
refactor backends into classes 2013-12-02 04:58:58 +00:00			`logger.info('%s authenticated for %s from %s'%(request.user, library, ip))`
delint 2018-07-26 17:59:58 +00:00			`library.credential = ip`
refactor backends into classes 2013-12-02 04:58:58 +00:00			`return True`
			`return False`
			`except KeyError:`
			`return False`
delint 2018-07-26 17:59:58 +00:00
refactor backends into classes 2013-12-02 04:58:58 +00:00			`class authenticator():`
fix problem created by refactor 2013-12-02 23:19:11 +00:00			`def process(self, caller, success_url, deny_url):`
refactor backends into classes 2013-12-02 04:58:58 +00:00			`return HttpResponseRedirect(deny_url)`
delint 2018-07-26 17:59:58 +00:00
refactor backends into classes 2013-12-02 04:58:58 +00:00			`form = None`
delint 2018-07-26 17:59:58 +00:00
refactor backends into classes 2013-12-02 04:58:58 +00:00			`class admin_form(forms.ModelForm):`
			`class Meta:`
			`model = Block`
patch form exclude syntax 2016-04-08 00:39:23 +00:00			`exclude = ("library",)`
Implemented IP authentication libraries get associated with a library_block table (IP ranges) moved superlogin here IP stuff mostly copied from https://github.com/benliles/django-ipauth/blob/master/ipauth/models.py The model is that you need to be in an allowed IP range to "join" a library. Once you've joined, you can use your login from anywhere. to use that library. Asign IP ranges in admin 2013-10-08 19:37:22 +00:00
delint 2018-07-26 17:59:58 +00:00			`class cardnum:`
			`def authenticate(self, request, library):`
refactor backends into classes 2013-12-02 04:58:58 +00:00			`return False`

			`class authenticator():`
fix problem created by refactor 2013-12-02 23:19:11 +00:00			`def process(self, caller, success_url, deny_url):`
delint 2018-07-26 17:59:58 +00:00			`if caller.form and caller.request.method == 'POST' and caller.form.is_valid():`
fix problem created by refactor 2013-12-02 23:19:11 +00:00			`library = caller.form.cleaned_data['library']`
			`library.credential = caller.form.cleaned_data['credential']`
delint 2018-07-26 17:59:58 +00:00			`logger.info('%s authenticated for %s from %s' % (`
			`caller.request.user,`
			`caller.library,`
			`caller.form.cleaned_data.get('number'),`
			`))`
fix problem created by refactor 2013-12-02 23:19:11 +00:00			`library.add_user(caller.form.cleaned_data['user'])`
refactor backends into classes 2013-12-02 04:58:58 +00:00			`return HttpResponseRedirect(success_url)`
delint 2018-07-26 17:59:58 +00:00			`return render(caller.request, 'libraryauth/library.html', {`
			`'library':caller.library,`
			`'authenticator':caller,`
			`})`
card number authentication! create libraries and administer them in admin. card patterns mimc ezproxy format http://www.oclc.org/support/services/ezproxy/documentation/usr/number.en .html after you join a library, it appears in your explore bar 2013-10-10 06:41:50 +00:00
refactor backends into classes 2013-12-02 04:58:58 +00:00			`class admin_form(forms.ModelForm):`
			`class Meta:`
			`model = CardPattern`
patch form exclude syntax 2016-04-08 00:39:23 +00:00			`exclude = ("library",)`
delint 2018-07-26 17:59:58 +00:00
refactor backends into classes 2013-12-02 04:58:58 +00:00			`class form(forms.ModelForm):`
			`credential = forms.RegexField(`
delint 2018-07-26 17:59:58 +00:00			`label="Enter Your Library Card Number",`
			`max_length=20,`
			`regex=r'^\d+$',`
			`required=True,`
			`help_text="(digits only)",`
			`error_messages={'invalid': "digits only!",}`
			`)`
refactor backends into classes 2013-12-02 04:58:58 +00:00			`def __init__(self, request, library, args, *kwargs):`
delint 2018-07-26 17:59:58 +00:00			`if request.method == "POST":`
			`data = request.POST`
refactor backends into classes 2013-12-02 04:58:58 +00:00			`super(cardnum.form, self).__init__(data=data)`
			`else:`
delint 2018-07-26 17:59:58 +00:00			`initial = {'user':request.user, 'library':library}`
refactor backends into classes 2013-12-02 04:58:58 +00:00			`super(cardnum.form, self).__init__(initial=initial)`
delint 2018-07-26 17:59:58 +00:00
refactor backends into classes 2013-12-02 04:58:58 +00:00			`def clean(self):`
			`library = self.cleaned_data.get('library', None)`
			`credential = self.cleaned_data.get('credential', '')`
			`for card_pattern in library.cardnum_auths.all():`
			`if card_pattern.is_valid(credential):`
			`return self.cleaned_data`
			`raise forms.ValidationError("the library card number must be VALID.")`
delint 2018-07-26 17:59:58 +00:00
refactor backends into classes 2013-12-02 04:58:58 +00:00			`class Meta:`
			`model = LibraryUser`
delint 2018-07-26 17:59:58 +00:00			`widgets = {'library': forms.HiddenInput, 'user': forms.HiddenInput}`
model forms need at least exclude 2016-07-21 19:52:07 +00:00			`exclude = ()`
delint 2018-07-26 17:59:58 +00:00			`class email:`
			`def authenticate(self, request, library):`
is_anonymous and is_authenticated are properties 2018-07-24 02:17:05 +00:00			`if request.user.is_anonymous:`
refactor backends into classes 2013-12-02 04:58:58 +00:00			`return False`
			`email = request.user.email`
			`for email_pattern in library.email_auths.all():`
			`if email_pattern.is_valid(email):`
			`logger.info('%s authenticated for %s from %s'%(request.user, library, email))`
delint 2018-07-26 17:59:58 +00:00			`library.credential = email`
refactor backends into classes 2013-12-02 04:58:58 +00:00			`return True`
add email authentication 2013-10-11 02:31:31 +00:00			`return False`
delint 2018-07-26 17:59:58 +00:00
refactor backends into classes 2013-12-02 04:58:58 +00:00			`class authenticator():`
fix problem created by refactor 2013-12-02 23:19:11 +00:00			`def process(self, caller, success_url, deny_url):`
refactor backends into classes 2013-12-02 04:58:58 +00:00			`return HttpResponseRedirect(deny_url)`
			`form = None`
			`class admin_form(forms.ModelForm):`
			`class Meta:`
			`model = EmailPattern`
patch form exclude syntax 2016-04-08 00:39:23 +00:00			`exclude = ("library",)`