authentik/passbook/policies/matcher/models.py

"""user field matcher models"""
import re

from django.db import models
from django.utils.translation import gettext as _
from structlog import get_logger

from passbook.core.models import Policy
from passbook.policies.struct import PolicyRequest, PolicyResult

LOGGER = get_logger()

class FieldMatcherPolicy(Policy):
    """Policy which checks if a field of the User model matches/doesn't match a
    certain pattern"""

    MATCH_STARTSWITH = 'startswith'
    MATCH_ENDSWITH = 'endswith'
    MATCH_CONTAINS = 'contains'
    MATCH_REGEXP = 'regexp'
    MATCH_EXACT = 'exact'

    MATCHES = (
        (MATCH_STARTSWITH, _('Starts with')),
        (MATCH_ENDSWITH, _('Ends with')),
        (MATCH_CONTAINS, _('Contains')),
        (MATCH_REGEXP, _('Regexp')),
        (MATCH_EXACT, _('Exact')),
    )

    USER_FIELDS = (
        ('username', _('Username'),),
        ('name', _('Name'),),
        ('email', _('E-Mail'),),
        ('is_staff', _('Is staff'),),
        ('is_active', _('Is active'),),
        ('data_joined', _('Date joined'),),
    )

    user_field = models.TextField(choices=USER_FIELDS)
    match_action = models.CharField(max_length=50, choices=MATCHES)
    value = models.TextField()

    form = 'passbook.policies.matcher.forms.FieldMatcherPolicyForm'

    def __str__(self):
        description = f"{self.name}, user.{self.user_field} {self.match_action} '{self.value}'"
        if self.name:
            description = f"{self.name}: {description}"
        return description

    def passes(self, request: PolicyRequest) -> PolicyResult:
        """Check if user instance passes this role"""
        if not hasattr(request.user, self.user_field):
            raise ValueError("Field does not exist")
        user_field_value = getattr(request.user, self.user_field, None)
        LOGGER.debug("Checking field", value=user_field_value,
                     action=self.match_action, should_be=self.value)
        passes = False
        if self.match_action == FieldMatcherPolicy.MATCH_STARTSWITH:
            passes = user_field_value.startswith(self.value)
        if self.match_action == FieldMatcherPolicy.MATCH_ENDSWITH:
            passes = user_field_value.endswith(self.value)
        if self.match_action == FieldMatcherPolicy.MATCH_CONTAINS:
            passes = self.value in user_field_value
        if self.match_action == FieldMatcherPolicy.MATCH_REGEXP:
            pattern = re.compile(self.value)
            passes = bool(pattern.match(user_field_value))
        if self.match_action == FieldMatcherPolicy.MATCH_EXACT:
            passes = user_field_value == self.value
        return PolicyResult(passes)

    class Meta:

        verbose_name = _('Field matcher Policy')
        verbose_name_plural = _('Field matcher Policies')
*(minor): small refactor 2019-10-07 14:33:48 +00:00			`"""user field matcher models"""`
			`import re`

			`from django.db import models`
			`from django.utils.translation import gettext as _`
			`from structlog import get_logger`

			`from passbook.core.models import Policy`
			`from passbook.policies.struct import PolicyRequest, PolicyResult`

			`LOGGER = get_logger()`

			`class FieldMatcherPolicy(Policy):`
			`"""Policy which checks if a field of the User model matches/doesn't match a`
			`certain pattern"""`

			`MATCH_STARTSWITH = 'startswith'`
			`MATCH_ENDSWITH = 'endswith'`
			`MATCH_CONTAINS = 'contains'`
			`MATCH_REGEXP = 'regexp'`
			`MATCH_EXACT = 'exact'`

			`MATCHES = (`
			`(MATCH_STARTSWITH, _('Starts with')),`
			`(MATCH_ENDSWITH, _('Ends with')),`
			`(MATCH_CONTAINS, _('Contains')),`
			`(MATCH_REGEXP, _('Regexp')),`
			`(MATCH_EXACT, _('Exact')),`
			`)`

			`USER_FIELDS = (`
			`('username', _('Username'),),`
			`('name', _('Name'),),`
			`('email', _('E-Mail'),),`
			`('is_staff', _('Is staff'),),`
			`('is_active', _('Is active'),),`
			`('data_joined', _('Date joined'),),`
			`)`

			`user_field = models.TextField(choices=USER_FIELDS)`
			`match_action = models.CharField(max_length=50, choices=MATCHES)`
			`value = models.TextField()`

			`form = 'passbook.policies.matcher.forms.FieldMatcherPolicyForm'`

			`def __str__(self):`
			`description = f"{self.name}, user.{self.user_field} {self.match_action} '{self.value}'"`
			`if self.name:`
			`description = f"{self.name}: {description}"`
			`return description`

			`def passes(self, request: PolicyRequest) -> PolicyResult:`
			`"""Check if user instance passes this role"""`
			`if not hasattr(request.user, self.user_field):`
			`raise ValueError("Field does not exist")`
			`user_field_value = getattr(request.user, self.user_field, None)`
			`LOGGER.debug("Checking field", value=user_field_value,`
			`action=self.match_action, should_be=self.value)`
			`passes = False`
			`if self.match_action == FieldMatcherPolicy.MATCH_STARTSWITH:`
			`passes = user_field_value.startswith(self.value)`
			`if self.match_action == FieldMatcherPolicy.MATCH_ENDSWITH:`
			`passes = user_field_value.endswith(self.value)`
			`if self.match_action == FieldMatcherPolicy.MATCH_CONTAINS:`
			`passes = self.value in user_field_value`
			`if self.match_action == FieldMatcherPolicy.MATCH_REGEXP:`
			`pattern = re.compile(self.value)`
			`passes = bool(pattern.match(user_field_value))`
			`if self.match_action == FieldMatcherPolicy.MATCH_EXACT:`
			`passes = user_field_value == self.value`
			`return PolicyResult(passes)`

			`class Meta:`

			`verbose_name = _('Field matcher Policy')`
			`verbose_name_plural = _('Field matcher Policies')`