django-solomon 0.2.0__py3-none-any.whl → 0.4.0__py3-none-any.whl

django_solomon/backends.py

@@ -6,6 +6,7 @@ from django.http import HttpRequest
 from django.utils.translation import gettext_lazy as _
 
 from django_solomon.models import MagicLink, UserType
+from django_solomon.utilities import get_client_ip
 
 
 class MagicLinkBackend(ModelBackend):
@@ -41,6 +42,21 @@ class MagicLinkBackend(ModelBackend):
                 request.magic_link_error = _("Invalid or expired magic link")
             return None
 
+        # Check if IP validation is enabled
+        if getattr(settings, "SOLOMON_ENFORCE_SAME_IP", False):
+            # Only check IP if we have a request object
+            if request is not None:
+                # Get current IP address
+                current_ip = get_client_ip(request)
+
+                # Compare with stored IP address
+                if magic_link.ip_address and current_ip != magic_link.ip_address:
+                    request.magic_link_error = _("IP address mismatch. Please request a new magic link.")
+                    return None
+            else:
+                # If IP validation is enabled but we don't have a request object, we can't validate the IP
+                return None
+
         # Mark the magic link as used
         magic_link.use()
 

django_solomon/migrations/0002_magiclink_ip_address.py

@@ -0,0 +1,18 @@
+# Generated by Django 5.2 on 2025-04-20 14:59
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('django_solomon', '0001_initial'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='magiclink',
+            name='ip_address',
+            field=models.GenericIPAddressField(blank=True, null=True, verbose_name='IP Address'),
+        ),
+    ]

django_solomon/migrations/0003_add_unique_constraint_auth_user_email.py

@@ -0,0 +1,43 @@
+from django.db import migrations, models
+from django.db.models.functions import Lower
+
+
+# Copyright (c) 2023 Carlton Gibson
+# This migration is taken from the fantastic project `django-unique-user-email` created by Carlton Gibson.
+# https://github.com/carltongibson/django-unique-user-email/
+
+
+class CustomAddConstraint(migrations.AddConstraint):
+    """
+    Override app_label to target auth.User
+    """
+
+    def state_forwards(self, app_label, state):
+        state.add_constraint("auth", self.model_name_lower, self.constraint)
+
+    def database_forwards(self, app_label, schema_editor, from_state, to_state):
+        model = to_state.apps.get_model("auth", self.model_name)
+        if self.allow_migrate_model(schema_editor.connection.alias, model):
+            schema_editor.add_constraint(model, self.constraint)
+
+    def database_backwards(self, app_label, schema_editor, from_state, to_state):
+        model = to_state.apps.get_model("auth", self.model_name)
+        if self.allow_migrate_model(schema_editor.connection.alias, model):
+            schema_editor.remove_constraint(model, self.constraint)
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("django_solomon", "0002_magiclink_ip_address"),
+        ("auth", "0012_alter_user_first_name_max_length"),
+    ]
+
+    operations = [
+        CustomAddConstraint(
+            model_name="user",
+            constraint=models.UniqueConstraint(
+                Lower("email"),
+                name="unique_user_email"
+            ),
+        ),
+    ]

django_solomon/models.py

@@ -42,7 +42,7 @@ class MagicLinkManager(models.Manager["MagicLink"]):
     criteria like token, usage status, and expiration date.
     """
 
-    def create_for_user(self, user: UserType) -> "MagicLink":
+    def create_for_user(self, user: UserType, ip_address: str = None) -> "MagicLink":
         """
         Creates a new magic link for a given user. If the setting SOLOMON_ONLY_ONE_LINK_ALLOWED
         is enabled, marks existing links for the user as used before creating a new one.
@@ -55,7 +55,7 @@ class MagicLinkManager(models.Manager["MagicLink"]):
         """
         if getattr(settings, "SOLOMON_ONLY_ONE_LINK_ALLOWED", True):
             self.filter(user=user).update(used=True)
-        return self.create(user=user)
+        return self.create(user=user, ip_address=ip_address)
 
     def get_valid_link(self, token: str) -> "MagicLink":
         """
@@ -90,6 +90,7 @@ class MagicLink(models.Model):
     created_at = models.DateTimeField(_("Created at"), auto_now_add=True)
     expires_at = models.DateTimeField(_("Expires at"))
     used = models.BooleanField(_("Used"), default=False)
+    ip_address = models.GenericIPAddressField(_("IP Address"), null=True, blank=True)
 
     objects = MagicLinkManager()
 

django_solomon/utilities.py

@@ -1,5 +1,8 @@
+import ipaddress
 import logging
+import socket
 
+from django.conf import settings
 from django.contrib.auth import get_user_model
 from django.contrib.auth.hashers import make_password
 
@@ -79,3 +82,69 @@ def create_user_from_email(email: str) -> UserType:
             user_kwargs[email_field] = email
 
     return user_model.objects.create_user(**user_kwargs)
+
+
+def get_ip_from_hostname(hostname: str) -> str | None:
+    try:
+        addr_info = socket.getaddrinfo(hostname, None)
+        if addr_info:
+            return addr_info[0][4][0]
+        return None
+    except socket.gaierror:
+        return None
+
+
+def anonymize_ip(ip_str: str) -> str:
+    """
+    Anonymize an IP address by removing the last octet for IPv4 or
+    the last 80 bits (last 5 segments) for IPv6.
+
+    Args:
+        ip_str: The IP address to anonymize.
+
+    Returns:
+        The anonymized IP address.
+    """
+    try:
+        ip = ipaddress.ip_address(ip_str)
+
+        if isinstance(ip, ipaddress.IPv4Address):
+            # For IPv4, zero out the last octet
+            # Convert to integer, mask with 0xFFFFFF00 to zero last octet, convert back
+            masked_ip = ipaddress.IPv4Address(int(ip) & 0xFFFFFF00)
+            return str(masked_ip)
+        elif isinstance(ip, ipaddress.IPv6Address):
+            # For IPv6, zero out the last 80 bits (last 5 segments)
+            # Convert to integer, mask with ~(2^80-1) to zero last 80 bits, convert back
+            masked_ip = ipaddress.IPv6Address(int(ip) & ~((1 << 80) - 1))
+            return str(masked_ip)
+        return ip_str
+    except ValueError:
+        # If it's not a valid IP address, return as is
+        return ip_str
+
+
+def get_client_ip(request) -> str:
+    # Check X-Forwarded-For header first
+    x_forwarded_for = request.headers.get("x-forwarded-for")
+    if x_forwarded_for:
+        ip = x_forwarded_for.split(",")[0].strip()
+    else:
+        ip = request.META.get("REMOTE_ADDR")
+
+    # Check if the value is a valid IP address
+    try:
+        ipaddress.ip_address(ip)
+        # Anonymize IP if the setting is enabled (default is True)
+        if getattr(settings, "SOLOMON_ANONYMIZE_IP", True):
+            return anonymize_ip(ip)
+        return ip
+    except ValueError:
+        # Not a valid IP, try to resolve as hostname
+        resolved_ip = get_ip_from_hostname(ip)
+        if resolved_ip:
+            # Anonymize the resolved IP if the setting is enabled
+            if getattr(settings, "SOLOMON_ANONYMIZE_IP", True):
+                return anonymize_ip(resolved_ip)
+            return resolved_ip
+        return ip

django_solomon/views.py

@@ -19,7 +19,7 @@ from django_solomon.config import (
 )
 from django_solomon.forms import MagicLinkForm
 from django_solomon.models import BlacklistedEmail, MagicLink
-from django_solomon.utilities import get_user_by_email, create_user_from_email
+from django_solomon.utilities import get_user_by_email, create_user_from_email, get_client_ip
 
 logger = logging.getLogger(__name__)
 User = get_user_model()
@@ -58,7 +58,12 @@ def send_magic_link(request: HttpRequest) -> HttpResponse:
 
             # Send magic link if user exists
             if user:
-                magic_link = MagicLink.objects.create_for_user(user)
+                # Get the user's IP address
+                ip_address = get_client_ip(request)
+
+                # Create magic link with IP address
+                magic_link = MagicLink.objects.create(user=user, ip_address=ip_address)
+
                 link_url = request.build_absolute_uri(
                     reverse(
                         "django_solomon:validate_magic_link",

{django_solomon-0.2.0.dist-info → django_solomon-0.4.0.dist-info}/METADATA

@@ -1,10 +1,11 @@
 Metadata-Version: 2.4
 Name: django-solomon
-Version: 0.2.0
+Version: 0.4.0
 Summary: A Django app for passwordless authentication using magic links.
 Project-URL: Home, https://django-solomon.rtfd.io/
 Project-URL: Documentation, https://django-solomon.rtfd.io/
 Project-URL: Repository, https://codeberg.org/oliverandrich/django-solomon
+Project-URL: Issue Tracker, https://codeberg.org/oliverandrich/django-solomon/issues
 Author-email: Oliver Andrich <oliver@andrich.me>
 License: MIT License
         
@@ -52,11 +53,10 @@ Description-Content-Type: text/markdown
 # django-solomon
 
 [![PyPI version](https://img.shields.io/pypi/v/django-solomon.svg)](https://pypi.org/project/django-solomon/)
+![PyPI - License](https://img.shields.io/pypi/l/django-solomon)
 [![Python versions](https://img.shields.io/pypi/pyversions/django-solomon.svg)](https://pypi.org/project/django-solomon/)
 [![Django versions](https://img.shields.io/pypi/djversions/django-solomon.svg)](https://pypi.org/project/django-solomon/)
 [![Documentation Status](https://readthedocs.org/projects/django-solomon/badge/?version=latest)](https://django-solomon.rtfd.io/en/latest/?badge=latest)
-[![Downloads](https://static.pepy.tech/badge/django-solomon)](https://pepy.tech/project/django-solomon)
-[![Downloads / Month](https://pepy.tech/badge/django-solomon/month)](https://pepy.tech/project/django-solomon)
 [![Ruff](https://img.shields.io/endpoint?url=https://raw.githubusercontent.com/astral-sh/ruff/main/assets/badge/v2.json)](https://github.com/astral-sh/ruff)
 [![uv](https://img.shields.io/endpoint?url=https://raw.githubusercontent.com/astral-sh/uv/main/assets/badge/v0.json)](https://github.com/astral-sh/uv)
 
@@ -68,8 +68,11 @@ A Django app for passwordless authentication using magic links.
 - Configurable link expiration time
 - Blacklist functionality to block specific email addresses
 - Support for auto-creating users when they request a magic link
+- IP address tracking and validation for enhanced security
+- Privacy-focused IP anonymization
 - Customizable templates for emails and pages
 - Compatible with Django's authentication system
+- Enforces unique email addresses for users (case-insensitive)
 
 ## Installation
 
@@ -134,19 +137,21 @@ DEFAULT_FROM_EMAIL = 'your-email@example.com'
 
 django-solomon provides several settings that you can customize in your Django settings file:
 
-| Setting                               | Default                                         | Description                                                                            |
-|---------------------------------------|-------------------------------------------------|----------------------------------------------------------------------------------------|
-| `SOLOMON_LINK_EXPIRATION`             | `300`                                           | The expiration time for magic links in seconds                                         |
-| `SOLOMON_ONLY_ONE_LINK_ALLOWED`       | `True`                                          | If enabled, only one active magic link is allowed per user                             |
-| `SOLOMON_CREATE_USER_IF_NOT_FOUND`    | `False`                                         | If enabled, creates a new user when a magic link is requested for a non-existent email |
-| `SOLOMON_LOGIN_REDIRECT_URL`          | `settings.LOGIN_REDIRECT_URL`                   | The URL to redirect to after successful authentication                                 |
-| `SOLOMON_ALLOW_ADMIN_LOGIN`           | `True`                                          | If enabled, allows superusers to log in using magic links                              |
-| `SOLOMON_ALLOW_STAFF_LOGIN`           | `True`                                          | If enabled, allows staff users to log in using magic links                             |
-| `SOLOMON_MAIL_TEXT_TEMPLATE`          | `"django_solomon/email/magic_link.txt"`         | The template to use for plain text magic link emails                                   |
-| `SOLOMON_MAIL_MJML_TEMPLATE`          | `"django_solomon/email/magic_link.mjml"`        | The template to use for HTML magic link emails (MJML format)                           |
-| `SOLOMON_LOGIN_FORM_TEMPLATE`         | `"django_solomon/base/login_form.html"`         | The template to use for the login form page                                            |
-| `SOLOMON_INVALID_MAGIC_LINK_TEMPLATE` | `"django_solomon/base/invalid_magic_link.html"` | The template to use for the invalid magic link page                                    |
-| `SOLOMON_MAGIC_LINK_SENT_TEMPLATE`    | `"django_solomon/base/magic_link_sent.html"`    | The template to use for the magic link sent confirmation page                          |
+| Setting                               | Default                                         | Description                                                                             |
+|---------------------------------------|-------------------------------------------------|-----------------------------------------------------------------------------------------|
+| `SOLOMON_LINK_EXPIRATION`             | `300`                                           | The expiration time for magic links in seconds                                          |
+| `SOLOMON_ONLY_ONE_LINK_ALLOWED`       | `True`                                          | If enabled, only one active magic link is allowed per user                              |
+| `SOLOMON_CREATE_USER_IF_NOT_FOUND`    | `False`                                         | If enabled, creates a new user when a magic link is requested for a non-existent email  |
+| `SOLOMON_LOGIN_REDIRECT_URL`          | `settings.LOGIN_REDIRECT_URL`                   | The URL to redirect to after successful authentication                                  |
+| `SOLOMON_ALLOW_ADMIN_LOGIN`           | `True`                                          | If enabled, allows superusers to log in using magic links                               |
+| `SOLOMON_ALLOW_STAFF_LOGIN`           | `True`                                          | If enabled, allows staff users to log in using magic links                              |
+| `SOLOMON_MAIL_TEXT_TEMPLATE`          | `"django_solomon/email/magic_link.txt"`         | The template to use for plain text magic link emails                                    |
+| `SOLOMON_MAIL_MJML_TEMPLATE`          | `"django_solomon/email/magic_link.mjml"`        | The template to use for HTML magic link emails (MJML format)                            |
+| `SOLOMON_LOGIN_FORM_TEMPLATE`         | `"django_solomon/base/login_form.html"`         | The template to use for the login form page                                             |
+| `SOLOMON_INVALID_MAGIC_LINK_TEMPLATE` | `"django_solomon/base/invalid_magic_link.html"` | The template to use for the invalid magic link page                                     |
+| `SOLOMON_MAGIC_LINK_SENT_TEMPLATE`    | `"django_solomon/base/magic_link_sent.html"`    | The template to use for the magic link sent confirmation page                           |
+| `SOLOMON_ENFORCE_SAME_IP`             | `False`                                         | If enabled, validates that magic links are used from the same IP they were created from |
+| `SOLOMON_ANONYMIZE_IP`                | `True`                                          | If enabled, anonymizes IP addresses before storing them (removes last octet for IPv4)   |
 
 ## Usage
 
@@ -183,10 +188,15 @@ You can also use django-solomon programmatically in your views:
 ```python
 from django.contrib.auth import authenticate, login
 from django_solomon.models import MagicLink
+from django_solomon.utilities import get_client_ip
 
 # Create a magic link for a user
 magic_link = MagicLink.objects.create_for_user(user)
 
+# Create a magic link with IP address tracking
+ip_address = get_client_ip(request)
+magic_link = MagicLink.objects.create_for_user(user, ip_address=ip_address)
+
 # Authenticate a user with a token
 user = authenticate(request=request, token=token)
 if user:
@@ -195,11 +205,13 @@ if user:
 
 ## Documentation
 
-For more detailed information, tutorials, and advanced usage examples, please visit the [official documentation](https://django-solomon.rtfd.io/).
+For more detailed information, tutorials, and advanced usage examples, please visit
+the [official documentation](https://django-solomon.rtfd.io/).
 
 ## License
 
-This software is licensed under [MIT license](https://codeberg.org/oliverandrich/django-solomon/src/branch/main/LICENSE).
+This software is licensed
+under [MIT license](https://codeberg.org/oliverandrich/django-solomon/src/branch/main/LICENSE).
 
 ## Contributing
 

{django_solomon-0.2.0.dist-info → django_solomon-0.4.0.dist-info}/RECORD

@@ -1,26 +1,28 @@
 django_solomon/__init__.py,sha256=4GdjeQVyChzdc7pZ1jrpknjcnu9Do_0nSh42UZNICKo,80
 django_solomon/admin.py,sha256=hwesCOQgUDDHPh5qq97AObfSyMgIOKsdzoa69naMPx4,1428
 django_solomon/apps.py,sha256=glfjdSSzrxuwJ2FrzuF2C4oFNqikMqhSHHmca2qq5Vg,159
-django_solomon/backends.py,sha256=A_TTNaduRmZOZF-R0C1yhs9QpXejBCRCz7wDcp_BupY,2403
+django_solomon/backends.py,sha256=3RN4dsCehg5urp9sfASERFda1VR9nislNvHrxUc7rXM,3171
 django_solomon/config.py,sha256=JEl3cY0BnfC9ja0ZVeLmfIwUStbUAO6vRhGZrrig5Yw,787
 django_solomon/forms.py,sha256=ymDsZ-KWyJfo12vGbZCxIhIvVket93xYR4MgDif4fh0,312
-django_solomon/models.py,sha256=NRsN-F7Vnfx-l5cJgjAJqPhbhRIeIctcRh4GeuysUZA,4771
+django_solomon/models.py,sha256=G-74LDemMJMVOXN94tSz7E9XwspCNkzmHbhEP3Kl80U,4904
 django_solomon/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 django_solomon/urls.py,sha256=tT-I-p6dA2rD1IvH3pAcJRkPXYW0oYmYWXZAoiLJzGY,471
-django_solomon/utilities.py,sha256=Xna8jlr6E5YYxKx7Pz_xD6LwIm3ZfZGdyYfJpIoOD-g,2275
-django_solomon/views.py,sha256=qPwpSXhKyLg9zXJVmzC4SJqpTwqVFLbwQdq9qWy2Im0,5553
+django_solomon/utilities.py,sha256=I6LiBwAwZaa8h-iH_6RLP9fkJkK9mEb_24LPzLLuwFA,4559
+django_solomon/views.py,sha256=gqsj1SVd2bbQvla3xpZYVHYCUxhu3fr_5I-LY-Tvm2g,5737
 django_solomon/locale/de/LC_MESSAGES/django.po,sha256=6lo72lsDV1bKBVowiRsQoaVKH5Mbkf34z78sG1LEYq4,747
 django_solomon/locale/en/LC_MESSAGES/django.po,sha256=6MjGCWQn-1AjOnP_gXtLa0Oad4qfNAn5tXdhnw_wEcg,732
 django_solomon/management/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 django_solomon/management/commands/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 django_solomon/migrations/0001_initial.py,sha256=i-UhR1KQ4p7WmbDg9xUQfMmDo8yYdIigvHNsefLHJEc,1981
+django_solomon/migrations/0002_magiclink_ip_address.py,sha256=hs3MISYV7IHEqF-vELCmFtzhhvK8GEHkZu8RMc4X1YU,432
+django_solomon/migrations/0003_add_unique_constraint_auth_user_email.py,sha256=9-etXYGGm72G5bmeSdQNpxfQsVl2fTPLyt2sP-CK0G0,1529
 django_solomon/migrations/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 django_solomon/templates/django_solomon/base/invalid_magic_link.html,sha256=3U4T2n4uvPvktiOOHYVyNmk0aXFfE4DPrURE1DinWKk,554
 django_solomon/templates/django_solomon/base/login_form.html,sha256=VYGnrno3c36W9f04XdRqJpjsDfOy0sq5D_cLayPz8Q0,546
 django_solomon/templates/django_solomon/base/magic_link_sent.html,sha256=GIMxnw3E98TXVkVQkMRTHmX5mz0xUsvgXVj25gO2HPQ,461
 django_solomon/templates/django_solomon/email/magic_link.mjml,sha256=OnfVGm2yFrOmoQ1syo6-Duq_Qraf3Tv0Vy5oidvt55g,1427
 django_solomon/templates/django_solomon/email/magic_link.txt,sha256=yl01eie3U2HkFEJvB1Qlm8Z6FPuop5yubDXFY5V507Q,502
-django_solomon-0.2.0.dist-info/METADATA,sha256=4kHgMkW0gBRFooZSa4IJPImHNsnP9mavcaLuzGEdlSA,9730
-django_solomon-0.2.0.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
-django_solomon-0.2.0.dist-info/licenses/LICENSE,sha256=tbfFOFdH5mHIfmNGo6KGOC3U8f-hTCLfetcr8A89WwI,1071
-django_solomon-0.2.0.dist-info/RECORD,,
+django_solomon-0.4.0.dist-info/METADATA,sha256=Hi9StTi9V1wK7U1HEeYG1PJiycawWMkrbzQHCns8EX0,10409
+django_solomon-0.4.0.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
+django_solomon-0.4.0.dist-info/licenses/LICENSE,sha256=tbfFOFdH5mHIfmNGo6KGOC3U8f-hTCLfetcr8A89WwI,1071
+django_solomon-0.4.0.dist-info/RECORD,,