django-sqrl-2/sqrl/backends.py

45 lines
1.5 KiB
Python
Raw Normal View History

2019-09-02 04:56:45 -05:00
# -*- coding: utf-8 -*-
from django.contrib.auth.backends import ModelBackend
from .models import SQRLIdentity
class SQRLModelBackend(ModelBackend):
"""
Custom SQRL Authentication backend which honors ``only_sqrl`` when enabled.
SQRL, by its spec, allows users to send ``only_sqrl`` flag to the server
which indicates to the server that it should only use SQRL
for authentication and disable all other methods of authentication.
This custom authentication backend implements that requirement.
It honors the ``only_sqrl`` spec and does not allow to authenticate
a user when following conditions are all ``True``:
* user successfully validated credentials using traditional auth method
* user has SQRL identity associated with their account
* :attr:`.models.SQRLIdentity.in_only_sqrl` is ``True``
"""
def authenticate(self, *args, **kwargs):
"""
Same as Django's ``ModelBackend.authenticate`` except
this method honors ``only_sqrl`` SQRL spec.
"""
user = super(SQRLModelBackend, self).authenticate(*args, **kwargs)
if user is None:
return
try:
sqrl_identity = user.sqrl_identity
except SQRLIdentity.DoesNotExist:
return user
else:
if sqrl_identity.is_only_sqrl and sqrl_identity.is_enabled:
return
return user
SQRL_MODEL_BACKEND = '{}.{}'.format(SQRLModelBackend.__module__, SQRLModelBackend.__name__)