o $ahtG@sdZddlZddlZddlZddlZddlmZddlmZddl m Z ddl m Z ddl mZddlmZeeZd d Zd d Zd dZddZddZd.ddZd/ddZd.ddZddZddZddZd0d!d"Z d1d$d%Z!d0d&d'Z"d(d)Z#d2d*d+Z$d.d,d-Z%dS)3z Authentication Utilities Module This module contains utility functions for authentication and authorization including IP detection, user agent parsing, location detection, and security helpers. Author: Senior Django Developer Date: 2024 N)urlparse)settings)cache)timezone) timedelta)parsecCsZgd}|D]}|j|}|r%d|vr|dd}t|r%|Sq|jddS)a& Get the real IP address of the client from the request. This function handles various proxy configurations and headers to extract the actual client IP address. Args: request: Django HTTP request object Returns: str: Client IP address )ZHTTP_CF_CONNECTING_IPZHTTP_X_FORWARDED_FORZHTTP_X_REAL_IPZHTTP_X_FORWARDEDZHTTP_X_CLUSTER_CLIENT_IPZHTTP_FORWARDED_FORZHTTP_FORWARDED REMOTE_ADDR,rrz 127.0.0.1N)METAgetsplitstrip is_valid_ip)requestZ ip_headersheaderiprOC:\Users\vibe-look\OneDrive\Desktop\Adtlas_V\src\apps\authentification\utils.py get_client_ips rcCsfd}d}gd}|r|dvrdSt||st||r1tjs/|D] }t||r.dSq#dSdS)z Validate if a string is a valid IP address (IPv4 or IPv6). Args: ip (str): IP address string to validate Returns: bool: True if valid IP, False otherwise z[^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$z5^(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}$|^::1$|^::$)^127\.^10\.^172\.(1[6-9]|2[0-9]|3[0-1])\. ^192\.168\. ^169\.254\.^::1$^fe80:)unknownnoneFTN)lowerrematchrDEBUG)rZ ipv4_patternZ ipv6_patternprivate_patternspatternrrrrDs   rc Cs|sdddddddddd Sz>t|}d}|jrd}n|jr!d}n |jr'd}n|jr,d}||jjp2d|jjp7d|jjpddlddl}|j|jddfddt|DS)z Generate a cryptographically secure random token. Args: length (int): Length of the token to generate Returns: str: Secure random token rNz-_rc3s|]}VqdSN)choice).0_alphabetsecretsrr Wsz(generate_secure_token..)r_string ascii_lettersdigitsjoinrange)lengthrarr]rgenerate_secure_tokenHs rgcCddlm}|||S)z Hash a password with salt using Django's password hashing. Args: password (str): Password to hash salt (str): Optional salt (if None, Django will generate one) Returns: str: Hashed password r) make_passwordN)django.contrib.auth.hashersri)passwordsaltrirrrhash_password_with_saltZ rmcCrh)z Verify a password against its hash. Args: password (str): Plain text password hashed_password (str): Hashed password to verify against Returns: bool: True if password matches, False otherwise r)check_passwordN)rjro)rkZhashed_passwordrorrrverify_passwordirnrpc Csxt|dkttd|ttd|ttd|ttd|t| d}t||d<t|d|d <|S) z Check if a password meets strength requirements. Args: password (str): Password to check Returns: dict: Dictionary with strength check results z[A-Z]z[a-z]z\dz[!@#$%^&*(),.?":{}|<>])rfZ uppercaseZ lowercasedigitspecialZ no_commonZ is_strongscoreN)lenboolr searchis_common_passwordallvaluessum)rkchecksrrris_password_strongxs  r~cCshd}||vS)z Check if a password is in the list of common passwords. Args: password (str): Password to check Returns: bool: True if password is common, False otherwise >ZdragonZ123456ZsupermanZshadowadminrkZbaseballZ 123456789ZjordanZmasterZmonkeyZ password123ZmichaelZfootballZprincessZ liverpoolZabc123ZwelcomeZqwertyZletmeinNr)rkZcommon_passwordsrrrrys ry<cCs<t}|j|j||ddd}d|d|d|S)a$ Generate a cache key for rate limiting. Args: identifier (str): Unique identifier (IP, user ID, etc.) action (str): Action being rate limited window_minutes (int): Time window in minutes Returns: str: Cache key for rate limiting r)minutesecond microsecondZ rate_limit_r\N)rnowreplacer timestamp) identifieractionwindow_minutesrZ window_startrrrrate_limit_keys  rr<cCs t|||}t|d}||kS)ar Check if an action is rate limited for a given identifier. Args: identifier (str): Unique identifier (IP, user ID, etc.) action (str): Action being checked max_attempts (int): Maximum attempts allowed window_minutes (int): Time window in minutes Returns: bool: True if rate limited, False otherwise rN)rrr )rr max_attemptsrrIZcurrent_attemptsrrris_rate_limiteds rcCsJt|||}zt|dd}t|||d|WSty$YdSw)a5 Increment the rate limit counter for a given identifier and action. Args: identifier (str): Unique identifier (IP, user ID, etc.) action (str): Action being incremented window_minutes (int): Time window in minutes Returns: int: New attempt count rrtrN)rrr rGr1)rrrrIZ new_countrrrincrement_rate_limits  rcCsvddlm}m}|jjtd}|}||jjtd}|}|t d|d|d||dS) z Clean up expired tokens from the database. This function should be called periodically (e.g., via a cron job) to remove expired tokens and keep the database clean. rt)PasswordResetTokenEmailVerificationToken)expires_at__ltz Cleaned up z# expired password reset tokens and z" expired email verification tokens)Zpassword_reset_tokensZemail_verification_tokensN) modelsrrobjectsfilterrrcountdeleter2info)rrZexpired_reset_tokensZ reset_countZexpired_verification_tokensZverification_countrrrclean_expired_tokenss&rcCsL|t|r |jnd|r|jnd||pid}tdt|dS)a Log security-related events for monitoring and auditing. Args: event_type (str): Type of security event user: User instance (optional) ip_address (str): IP address (optional) details (dict): Additional event details (optional) N) event_typeruser_id user_emailrHdetailszSECURITY_EVENT: ) rr isoformatidemailr2r3rFdumps)ruserrHrZlog_datarrrlog_security_event s    rcs|durgd}t|ts|S|}|D]D\}tfdd|DrOt|trJt|dkrJ|dddt|d|dd|<qd |<qt|tr[t|||<q|S) z Mask sensitive data in dictionaries for logging. Args: data (dict): Data to mask fields_to_mask (list): List of field names to mask Returns: dict: Data with sensitive fields masked N)rktokensecretkeyauthZ credentialsessioncsrfc3s|] }|vVqdSrYr)r[Z sensitiverrrr`9sz&mask_sensitive_data..*z***) isinstancedictcopyitemsanystrrvmask_sensitive_data)rKZfields_to_maskZ masked_datavaluerrrr!s  2  rrY)rX)r)r<r)NNN)&__doc__r rFloggingrD urllib.parser django.confrdjango.core.cacher django.utilsrdatetimerZ user_agentsrr. getLogger__name__r2rrr6rLrCrWrgrmrpr~ryrrrrrrrrrrs:        )+AI  3     "