django-solomon 0.2.0__tar.gz → 0.4.0__tar.gz

{django_solomon-0.2.0 → django_solomon-0.4.0}/CHANGELOG.md

@@ -5,6 +5,26 @@ All notable changes to django-solomon will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [0.4.0] - Unreleased
+
+### Added
+
+- Unique constraint on auth.User email field (case-insensitive)
+
+## [0.3.0] - 2025-04-20
+
+### Added
+
+- IP address tracking for magic links
+- IP validation to enhance security (optional via `SOLOMON_ENFORCE_SAME_IP` setting)
+- Privacy-focused IP anonymization (enabled by default via `SOLOMON_ANONYMIZE_IP` setting)
+- New utility functions for IP handling and anonymization
+
+### Security
+
+- Option to validate magic links are used from the same IP address they were created from
+- IP anonymization to protect user privacy (removes last octet for IPv4, last 80 bits for IPv6)
+
 ## [0.2.0] - 2025-04-19
 
 ### Added

{django_solomon-0.2.0 → django_solomon-0.4.0}/PKG-INFO

@@ -1,10 +1,11 @@
 Metadata-Version: 2.4
 Name: django-solomon
-Version: 0.2.0
+Version: 0.4.0
 Summary: A Django app for passwordless authentication using magic links.
 Project-URL: Home, https://django-solomon.rtfd.io/
 Project-URL: Documentation, https://django-solomon.rtfd.io/
 Project-URL: Repository, https://codeberg.org/oliverandrich/django-solomon
+Project-URL: Issue Tracker, https://codeberg.org/oliverandrich/django-solomon/issues
 Author-email: Oliver Andrich <oliver@andrich.me>
 License: MIT License
         
@@ -52,11 +53,10 @@ Description-Content-Type: text/markdown
 # django-solomon
 
 [![PyPI version](https://img.shields.io/pypi/v/django-solomon.svg)](https://pypi.org/project/django-solomon/)
+![PyPI - License](https://img.shields.io/pypi/l/django-solomon)
 [![Python versions](https://img.shields.io/pypi/pyversions/django-solomon.svg)](https://pypi.org/project/django-solomon/)
 [![Django versions](https://img.shields.io/pypi/djversions/django-solomon.svg)](https://pypi.org/project/django-solomon/)
 [![Documentation Status](https://readthedocs.org/projects/django-solomon/badge/?version=latest)](https://django-solomon.rtfd.io/en/latest/?badge=latest)
-[![Downloads](https://static.pepy.tech/badge/django-solomon)](https://pepy.tech/project/django-solomon)
-[![Downloads / Month](https://pepy.tech/badge/django-solomon/month)](https://pepy.tech/project/django-solomon)
 [![Ruff](https://img.shields.io/endpoint?url=https://raw.githubusercontent.com/astral-sh/ruff/main/assets/badge/v2.json)](https://github.com/astral-sh/ruff)
 [![uv](https://img.shields.io/endpoint?url=https://raw.githubusercontent.com/astral-sh/uv/main/assets/badge/v0.json)](https://github.com/astral-sh/uv)
 
@@ -68,8 +68,11 @@ A Django app for passwordless authentication using magic links.
 - Configurable link expiration time
 - Blacklist functionality to block specific email addresses
 - Support for auto-creating users when they request a magic link
+- IP address tracking and validation for enhanced security
+- Privacy-focused IP anonymization
 - Customizable templates for emails and pages
 - Compatible with Django's authentication system
+- Enforces unique email addresses for users (case-insensitive)
 
 ## Installation
 
@@ -134,19 +137,21 @@ DEFAULT_FROM_EMAIL = 'your-email@example.com'
 
 django-solomon provides several settings that you can customize in your Django settings file:
 
-| Setting                               | Default                                         | Description                                                                            |
-|---------------------------------------|-------------------------------------------------|----------------------------------------------------------------------------------------|
-| `SOLOMON_LINK_EXPIRATION`             | `300`                                           | The expiration time for magic links in seconds                                         |
-| `SOLOMON_ONLY_ONE_LINK_ALLOWED`       | `True`                                          | If enabled, only one active magic link is allowed per user                             |
-| `SOLOMON_CREATE_USER_IF_NOT_FOUND`    | `False`                                         | If enabled, creates a new user when a magic link is requested for a non-existent email |
-| `SOLOMON_LOGIN_REDIRECT_URL`          | `settings.LOGIN_REDIRECT_URL`                   | The URL to redirect to after successful authentication                                 |
-| `SOLOMON_ALLOW_ADMIN_LOGIN`           | `True`                                          | If enabled, allows superusers to log in using magic links                              |
-| `SOLOMON_ALLOW_STAFF_LOGIN`           | `True`                                          | If enabled, allows staff users to log in using magic links                             |
-| `SOLOMON_MAIL_TEXT_TEMPLATE`          | `"django_solomon/email/magic_link.txt"`         | The template to use for plain text magic link emails                                   |
-| `SOLOMON_MAIL_MJML_TEMPLATE`          | `"django_solomon/email/magic_link.mjml"`        | The template to use for HTML magic link emails (MJML format)                           |
-| `SOLOMON_LOGIN_FORM_TEMPLATE`         | `"django_solomon/base/login_form.html"`         | The template to use for the login form page                                            |
-| `SOLOMON_INVALID_MAGIC_LINK_TEMPLATE` | `"django_solomon/base/invalid_magic_link.html"` | The template to use for the invalid magic link page                                    |
-| `SOLOMON_MAGIC_LINK_SENT_TEMPLATE`    | `"django_solomon/base/magic_link_sent.html"`    | The template to use for the magic link sent confirmation page                          |
+| Setting                               | Default                                         | Description                                                                             |
+|---------------------------------------|-------------------------------------------------|-----------------------------------------------------------------------------------------|
+| `SOLOMON_LINK_EXPIRATION`             | `300`                                           | The expiration time for magic links in seconds                                          |
+| `SOLOMON_ONLY_ONE_LINK_ALLOWED`       | `True`                                          | If enabled, only one active magic link is allowed per user                              |
+| `SOLOMON_CREATE_USER_IF_NOT_FOUND`    | `False`                                         | If enabled, creates a new user when a magic link is requested for a non-existent email  |
+| `SOLOMON_LOGIN_REDIRECT_URL`          | `settings.LOGIN_REDIRECT_URL`                   | The URL to redirect to after successful authentication                                  |
+| `SOLOMON_ALLOW_ADMIN_LOGIN`           | `True`                                          | If enabled, allows superusers to log in using magic links                               |
+| `SOLOMON_ALLOW_STAFF_LOGIN`           | `True`                                          | If enabled, allows staff users to log in using magic links                              |
+| `SOLOMON_MAIL_TEXT_TEMPLATE`          | `"django_solomon/email/magic_link.txt"`         | The template to use for plain text magic link emails                                    |
+| `SOLOMON_MAIL_MJML_TEMPLATE`          | `"django_solomon/email/magic_link.mjml"`        | The template to use for HTML magic link emails (MJML format)                            |
+| `SOLOMON_LOGIN_FORM_TEMPLATE`         | `"django_solomon/base/login_form.html"`         | The template to use for the login form page                                             |
+| `SOLOMON_INVALID_MAGIC_LINK_TEMPLATE` | `"django_solomon/base/invalid_magic_link.html"` | The template to use for the invalid magic link page                                     |
+| `SOLOMON_MAGIC_LINK_SENT_TEMPLATE`    | `"django_solomon/base/magic_link_sent.html"`    | The template to use for the magic link sent confirmation page                           |
+| `SOLOMON_ENFORCE_SAME_IP`             | `False`                                         | If enabled, validates that magic links are used from the same IP they were created from |
+| `SOLOMON_ANONYMIZE_IP`                | `True`                                          | If enabled, anonymizes IP addresses before storing them (removes last octet for IPv4)   |
 
 ## Usage
 
@@ -183,10 +188,15 @@ You can also use django-solomon programmatically in your views:
 ```python
 from django.contrib.auth import authenticate, login
 from django_solomon.models import MagicLink
+from django_solomon.utilities import get_client_ip
 
 # Create a magic link for a user
 magic_link = MagicLink.objects.create_for_user(user)
 
+# Create a magic link with IP address tracking
+ip_address = get_client_ip(request)
+magic_link = MagicLink.objects.create_for_user(user, ip_address=ip_address)
+
 # Authenticate a user with a token
 user = authenticate(request=request, token=token)
 if user:
@@ -195,11 +205,13 @@ if user:
 
 ## Documentation
 
-For more detailed information, tutorials, and advanced usage examples, please visit the [official documentation](https://django-solomon.rtfd.io/).
+For more detailed information, tutorials, and advanced usage examples, please visit
+the [official documentation](https://django-solomon.rtfd.io/).
 
 ## License
 
-This software is licensed under [MIT license](https://codeberg.org/oliverandrich/django-solomon/src/branch/main/LICENSE).
+This software is licensed
+under [MIT license](https://codeberg.org/oliverandrich/django-solomon/src/branch/main/LICENSE).
 
 ## Contributing
 

{django_solomon-0.2.0 → django_solomon-0.4.0}/README.md

@@ -1,11 +1,10 @@
 # django-solomon
 
 [![PyPI version](https://img.shields.io/pypi/v/django-solomon.svg)](https://pypi.org/project/django-solomon/)
+![PyPI - License](https://img.shields.io/pypi/l/django-solomon)
 [![Python versions](https://img.shields.io/pypi/pyversions/django-solomon.svg)](https://pypi.org/project/django-solomon/)
 [![Django versions](https://img.shields.io/pypi/djversions/django-solomon.svg)](https://pypi.org/project/django-solomon/)
 [![Documentation Status](https://readthedocs.org/projects/django-solomon/badge/?version=latest)](https://django-solomon.rtfd.io/en/latest/?badge=latest)
-[![Downloads](https://static.pepy.tech/badge/django-solomon)](https://pepy.tech/project/django-solomon)
-[![Downloads / Month](https://pepy.tech/badge/django-solomon/month)](https://pepy.tech/project/django-solomon)
 [![Ruff](https://img.shields.io/endpoint?url=https://raw.githubusercontent.com/astral-sh/ruff/main/assets/badge/v2.json)](https://github.com/astral-sh/ruff)
 [![uv](https://img.shields.io/endpoint?url=https://raw.githubusercontent.com/astral-sh/uv/main/assets/badge/v0.json)](https://github.com/astral-sh/uv)
 
@@ -17,8 +16,11 @@ A Django app for passwordless authentication using magic links.
 - Configurable link expiration time
 - Blacklist functionality to block specific email addresses
 - Support for auto-creating users when they request a magic link
+- IP address tracking and validation for enhanced security
+- Privacy-focused IP anonymization
 - Customizable templates for emails and pages
 - Compatible with Django's authentication system
+- Enforces unique email addresses for users (case-insensitive)
 
 ## Installation
 
@@ -83,19 +85,21 @@ DEFAULT_FROM_EMAIL = 'your-email@example.com'
 
 django-solomon provides several settings that you can customize in your Django settings file:
 
-| Setting                               | Default                                         | Description                                                                            |
-|---------------------------------------|-------------------------------------------------|----------------------------------------------------------------------------------------|
-| `SOLOMON_LINK_EXPIRATION`             | `300`                                           | The expiration time for magic links in seconds                                         |
-| `SOLOMON_ONLY_ONE_LINK_ALLOWED`       | `True`                                          | If enabled, only one active magic link is allowed per user                             |
-| `SOLOMON_CREATE_USER_IF_NOT_FOUND`    | `False`                                         | If enabled, creates a new user when a magic link is requested for a non-existent email |
-| `SOLOMON_LOGIN_REDIRECT_URL`          | `settings.LOGIN_REDIRECT_URL`                   | The URL to redirect to after successful authentication                                 |
-| `SOLOMON_ALLOW_ADMIN_LOGIN`           | `True`                                          | If enabled, allows superusers to log in using magic links                              |
-| `SOLOMON_ALLOW_STAFF_LOGIN`           | `True`                                          | If enabled, allows staff users to log in using magic links                             |
-| `SOLOMON_MAIL_TEXT_TEMPLATE`          | `"django_solomon/email/magic_link.txt"`         | The template to use for plain text magic link emails                                   |
-| `SOLOMON_MAIL_MJML_TEMPLATE`          | `"django_solomon/email/magic_link.mjml"`        | The template to use for HTML magic link emails (MJML format)                           |
-| `SOLOMON_LOGIN_FORM_TEMPLATE`         | `"django_solomon/base/login_form.html"`         | The template to use for the login form page                                            |
-| `SOLOMON_INVALID_MAGIC_LINK_TEMPLATE` | `"django_solomon/base/invalid_magic_link.html"` | The template to use for the invalid magic link page                                    |
-| `SOLOMON_MAGIC_LINK_SENT_TEMPLATE`    | `"django_solomon/base/magic_link_sent.html"`    | The template to use for the magic link sent confirmation page                          |
+| Setting                               | Default                                         | Description                                                                             |
+|---------------------------------------|-------------------------------------------------|-----------------------------------------------------------------------------------------|
+| `SOLOMON_LINK_EXPIRATION`             | `300`                                           | The expiration time for magic links in seconds                                          |
+| `SOLOMON_ONLY_ONE_LINK_ALLOWED`       | `True`                                          | If enabled, only one active magic link is allowed per user                              |
+| `SOLOMON_CREATE_USER_IF_NOT_FOUND`    | `False`                                         | If enabled, creates a new user when a magic link is requested for a non-existent email  |
+| `SOLOMON_LOGIN_REDIRECT_URL`          | `settings.LOGIN_REDIRECT_URL`                   | The URL to redirect to after successful authentication                                  |
+| `SOLOMON_ALLOW_ADMIN_LOGIN`           | `True`                                          | If enabled, allows superusers to log in using magic links                               |
+| `SOLOMON_ALLOW_STAFF_LOGIN`           | `True`                                          | If enabled, allows staff users to log in using magic links                              |
+| `SOLOMON_MAIL_TEXT_TEMPLATE`          | `"django_solomon/email/magic_link.txt"`         | The template to use for plain text magic link emails                                    |
+| `SOLOMON_MAIL_MJML_TEMPLATE`          | `"django_solomon/email/magic_link.mjml"`        | The template to use for HTML magic link emails (MJML format)                            |
+| `SOLOMON_LOGIN_FORM_TEMPLATE`         | `"django_solomon/base/login_form.html"`         | The template to use for the login form page                                             |
+| `SOLOMON_INVALID_MAGIC_LINK_TEMPLATE` | `"django_solomon/base/invalid_magic_link.html"` | The template to use for the invalid magic link page                                     |
+| `SOLOMON_MAGIC_LINK_SENT_TEMPLATE`    | `"django_solomon/base/magic_link_sent.html"`    | The template to use for the magic link sent confirmation page                           |
+| `SOLOMON_ENFORCE_SAME_IP`             | `False`                                         | If enabled, validates that magic links are used from the same IP they were created from |
+| `SOLOMON_ANONYMIZE_IP`                | `True`                                          | If enabled, anonymizes IP addresses before storing them (removes last octet for IPv4)   |
 
 ## Usage
 
@@ -132,10 +136,15 @@ You can also use django-solomon programmatically in your views:
 ```python
 from django.contrib.auth import authenticate, login
 from django_solomon.models import MagicLink
+from django_solomon.utilities import get_client_ip
 
 # Create a magic link for a user
 magic_link = MagicLink.objects.create_for_user(user)
 
+# Create a magic link with IP address tracking
+ip_address = get_client_ip(request)
+magic_link = MagicLink.objects.create_for_user(user, ip_address=ip_address)
+
 # Authenticate a user with a token
 user = authenticate(request=request, token=token)
 if user:
@@ -144,11 +153,13 @@ if user:
 
 ## Documentation
 
-For more detailed information, tutorials, and advanced usage examples, please visit the [official documentation](https://django-solomon.rtfd.io/).
+For more detailed information, tutorials, and advanced usage examples, please visit
+the [official documentation](https://django-solomon.rtfd.io/).
 
 ## License
 
-This software is licensed under [MIT license](https://codeberg.org/oliverandrich/django-solomon/src/branch/main/LICENSE).
+This software is licensed
+under [MIT license](https://codeberg.org/oliverandrich/django-solomon/src/branch/main/LICENSE).
 
 ## Contributing
 

{django_solomon-0.2.0 → django_solomon-0.4.0}/docs/settings.md

@@ -81,6 +81,32 @@ If enabled, allows staff users to log in using magic links. If disabled, staff u
 SOLOMON_ALLOW_STAFF_LOGIN = False
 ```
 
+## IP Address Settings
+
+django-solomon can track and validate IP addresses for enhanced security while respecting user privacy.
+
+### SOLOMON_ENFORCE_SAME_IP
+
+**Default:** `False`
+
+If enabled, validates that magic links are used from the same IP address they were created from. This adds an extra layer of security by preventing magic links from being used if intercepted by an attacker on a different network.
+
+```python
+# Enable IP validation for magic links
+SOLOMON_ENFORCE_SAME_IP = True
+```
+
+### SOLOMON_ANONYMIZE_IP
+
+**Default:** `True`
+
+If enabled, anonymizes IP addresses before storing them. For IPv4 addresses, the last octet is removed (e.g., 192.168.1.1 becomes 192.168.1.0). For IPv6 addresses, the last 80 bits (last 5 segments) are removed. This enhances user privacy while still allowing for IP validation.
+
+```python
+# Disable IP anonymization (store full IP addresses)
+SOLOMON_ANONYMIZE_IP = False
+```
+
 ## Template Settings
 
 django-solomon uses several templates for rendering emails and pages. You can customize these templates by providing your own versions.
@@ -178,3 +204,5 @@ Here's a summary of all available settings:
 | `SOLOMON_LOGIN_FORM_TEMPLATE`         | `"django_solomon/base/login_form.html"`         | The template to use for the login form page                                            |
 | `SOLOMON_INVALID_MAGIC_LINK_TEMPLATE` | `"django_solomon/base/invalid_magic_link.html"` | The template to use for the invalid magic link page                                    |
 | `SOLOMON_MAGIC_LINK_SENT_TEMPLATE`    | `"django_solomon/base/magic_link_sent.html"`    | The template to use for the magic link sent confirmation page                          |
+| `SOLOMON_ENFORCE_SAME_IP`             | `False`                                         | If enabled, validates that magic links are used from the same IP they were created from |
+| `SOLOMON_ANONYMIZE_IP`                | `True`                                          | If enabled, anonymizes IP addresses before storing them                                 |

{django_solomon-0.2.0 → django_solomon-0.4.0}/pyproject.toml

@@ -33,6 +33,7 @@ dependencies = [
 Home = "https://django-solomon.rtfd.io/"
 Documentation = "https://django-solomon.rtfd.io/"
 Repository = "https://codeberg.org/oliverandrich/django-solomon"
+"Issue Tracker" = "https://codeberg.org/oliverandrich/django-solomon/issues"
 
 [dependency-groups]
 dev = [

{django_solomon-0.2.0 → django_solomon-0.4.0}/src/django_solomon/backends.py

@@ -6,6 +6,7 @@ from django.http import HttpRequest
 from django.utils.translation import gettext_lazy as _
 
 from django_solomon.models import MagicLink, UserType
+from django_solomon.utilities import get_client_ip
 
 
 class MagicLinkBackend(ModelBackend):
@@ -41,6 +42,21 @@ class MagicLinkBackend(ModelBackend):
                 request.magic_link_error = _("Invalid or expired magic link")
             return None
 
+        # Check if IP validation is enabled
+        if getattr(settings, "SOLOMON_ENFORCE_SAME_IP", False):
+            # Only check IP if we have a request object
+            if request is not None:
+                # Get current IP address
+                current_ip = get_client_ip(request)
+
+                # Compare with stored IP address
+                if magic_link.ip_address and current_ip != magic_link.ip_address:
+                    request.magic_link_error = _("IP address mismatch. Please request a new magic link.")
+                    return None
+            else:
+                # If IP validation is enabled but we don't have a request object, we can't validate the IP
+                return None
+
         # Mark the magic link as used
         magic_link.use()
 

django_solomon-0.4.0/src/django_solomon/migrations/0002_magiclink_ip_address.py

@@ -0,0 +1,18 @@
+# Generated by Django 5.2 on 2025-04-20 14:59
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('django_solomon', '0001_initial'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='magiclink',
+            name='ip_address',
+            field=models.GenericIPAddressField(blank=True, null=True, verbose_name='IP Address'),
+        ),
+    ]

django_solomon-0.4.0/src/django_solomon/migrations/0003_add_unique_constraint_auth_user_email.py

@@ -0,0 +1,43 @@
+from django.db import migrations, models
+from django.db.models.functions import Lower
+
+
+# Copyright (c) 2023 Carlton Gibson
+# This migration is taken from the fantastic project `django-unique-user-email` created by Carlton Gibson.
+# https://github.com/carltongibson/django-unique-user-email/
+
+
+class CustomAddConstraint(migrations.AddConstraint):
+    """
+    Override app_label to target auth.User
+    """
+
+    def state_forwards(self, app_label, state):
+        state.add_constraint("auth", self.model_name_lower, self.constraint)
+
+    def database_forwards(self, app_label, schema_editor, from_state, to_state):
+        model = to_state.apps.get_model("auth", self.model_name)
+        if self.allow_migrate_model(schema_editor.connection.alias, model):
+            schema_editor.add_constraint(model, self.constraint)
+
+    def database_backwards(self, app_label, schema_editor, from_state, to_state):
+        model = to_state.apps.get_model("auth", self.model_name)
+        if self.allow_migrate_model(schema_editor.connection.alias, model):
+            schema_editor.remove_constraint(model, self.constraint)
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("django_solomon", "0002_magiclink_ip_address"),
+        ("auth", "0012_alter_user_first_name_max_length"),
+    ]
+
+    operations = [
+        CustomAddConstraint(
+            model_name="user",
+            constraint=models.UniqueConstraint(
+                Lower("email"),
+                name="unique_user_email"
+            ),
+        ),
+    ]

{django_solomon-0.2.0 → django_solomon-0.4.0}/src/django_solomon/models.py

@@ -42,7 +42,7 @@ class MagicLinkManager(models.Manager["MagicLink"]):
     criteria like token, usage status, and expiration date.
     """
 
-    def create_for_user(self, user: UserType) -> "MagicLink":
+    def create_for_user(self, user: UserType, ip_address: str = None) -> "MagicLink":
         """
         Creates a new magic link for a given user. If the setting SOLOMON_ONLY_ONE_LINK_ALLOWED
         is enabled, marks existing links for the user as used before creating a new one.
@@ -55,7 +55,7 @@ class MagicLinkManager(models.Manager["MagicLink"]):
         """
         if getattr(settings, "SOLOMON_ONLY_ONE_LINK_ALLOWED", True):
             self.filter(user=user).update(used=True)
-        return self.create(user=user)
+        return self.create(user=user, ip_address=ip_address)
 
     def get_valid_link(self, token: str) -> "MagicLink":
         """
@@ -90,6 +90,7 @@ class MagicLink(models.Model):
     created_at = models.DateTimeField(_("Created at"), auto_now_add=True)
     expires_at = models.DateTimeField(_("Expires at"))
     used = models.BooleanField(_("Used"), default=False)
+    ip_address = models.GenericIPAddressField(_("IP Address"), null=True, blank=True)
 
     objects = MagicLinkManager()
 

django_solomon-0.4.0/src/django_solomon/utilities.py

@@ -0,0 +1,150 @@
+import ipaddress
+import logging
+import socket
+
+from django.conf import settings
+from django.contrib.auth import get_user_model
+from django.contrib.auth.hashers import make_password
+
+from django_solomon.models import UserType
+
+logger = logging.getLogger(__name__)
+
+
+def get_user_by_email(email: str) -> UserType | None:
+    """
+    Get a user by email.
+
+    This method supports both the standard User model and custom User models
+    by checking if the email field exists on the model.
+
+    Args:
+        email: The email to look up.
+
+    Returns:
+        The user if found, None otherwise.
+    """
+    user_model = get_user_model()
+
+    # Check if the user model has an email field
+    if hasattr(user_model, "EMAIL_FIELD"):
+        email_field = user_model.EMAIL_FIELD
+    else:
+        email_field = "email"
+
+    # Make sure the email field exists on the model
+    if not hasattr(user_model, email_field):
+        logger.warning(f"User model {user_model.__name__} does not have field {email_field}, falling back to 'email'")
+        email_field = "email"
+
+        # Check if the fallback field exists
+        if not hasattr(user_model, email_field):
+            logger.error(f"User model {user_model.__name__} does not have an email field")
+            return None
+
+    # Query for the user
+    try:
+        query = {email_field: email}
+        return user_model.objects.get(**query)
+    except user_model.DoesNotExist:
+        return None
+    except Exception as e:
+        logger.error(f"Error getting user by email: {e}")
+        return None
+
+
+def create_user_from_email(email: str) -> UserType:
+    """
+    Creates a new user with the given email.
+
+    This function uses the email as both the username and email address
+    for the new user.
+
+    Args:
+        email: The email to use for the new user.
+
+    Returns:
+        The newly created user.
+    """
+    user_model = get_user_model()
+
+    # Create the user with email as username
+    user_kwargs = {
+        "username": email,
+        "email": email,
+        "password": make_password(None),
+    }
+
+    # Check if the user model has an email field
+    if hasattr(user_model, "EMAIL_FIELD"):
+        email_field = user_model.EMAIL_FIELD
+        if email_field != "email":
+            user_kwargs[email_field] = email
+
+    return user_model.objects.create_user(**user_kwargs)
+
+
+def get_ip_from_hostname(hostname: str) -> str | None:
+    try:
+        addr_info = socket.getaddrinfo(hostname, None)
+        if addr_info:
+            return addr_info[0][4][0]
+        return None
+    except socket.gaierror:
+        return None
+
+
+def anonymize_ip(ip_str: str) -> str:
+    """
+    Anonymize an IP address by removing the last octet for IPv4 or
+    the last 80 bits (last 5 segments) for IPv6.
+
+    Args:
+        ip_str: The IP address to anonymize.
+
+    Returns:
+        The anonymized IP address.
+    """
+    try:
+        ip = ipaddress.ip_address(ip_str)
+
+        if isinstance(ip, ipaddress.IPv4Address):
+            # For IPv4, zero out the last octet
+            # Convert to integer, mask with 0xFFFFFF00 to zero last octet, convert back
+            masked_ip = ipaddress.IPv4Address(int(ip) & 0xFFFFFF00)
+            return str(masked_ip)
+        elif isinstance(ip, ipaddress.IPv6Address):
+            # For IPv6, zero out the last 80 bits (last 5 segments)
+            # Convert to integer, mask with ~(2^80-1) to zero last 80 bits, convert back
+            masked_ip = ipaddress.IPv6Address(int(ip) & ~((1 << 80) - 1))
+            return str(masked_ip)
+        return ip_str
+    except ValueError:
+        # If it's not a valid IP address, return as is
+        return ip_str
+
+
+def get_client_ip(request) -> str:
+    # Check X-Forwarded-For header first
+    x_forwarded_for = request.headers.get("x-forwarded-for")
+    if x_forwarded_for:
+        ip = x_forwarded_for.split(",")[0].strip()
+    else:
+        ip = request.META.get("REMOTE_ADDR")
+
+    # Check if the value is a valid IP address
+    try:
+        ipaddress.ip_address(ip)
+        # Anonymize IP if the setting is enabled (default is True)
+        if getattr(settings, "SOLOMON_ANONYMIZE_IP", True):
+            return anonymize_ip(ip)
+        return ip
+    except ValueError:
+        # Not a valid IP, try to resolve as hostname
+        resolved_ip = get_ip_from_hostname(ip)
+        if resolved_ip:
+            # Anonymize the resolved IP if the setting is enabled
+            if getattr(settings, "SOLOMON_ANONYMIZE_IP", True):
+                return anonymize_ip(resolved_ip)
+            return resolved_ip
+        return ip

{django_solomon-0.2.0 → django_solomon-0.4.0}/src/django_solomon/views.py

@@ -19,7 +19,7 @@ from django_solomon.config import (
 )
 from django_solomon.forms import MagicLinkForm
 from django_solomon.models import BlacklistedEmail, MagicLink
-from django_solomon.utilities import get_user_by_email, create_user_from_email
+from django_solomon.utilities import get_user_by_email, create_user_from_email, get_client_ip
 
 logger = logging.getLogger(__name__)
 User = get_user_model()
@@ -58,7 +58,12 @@ def send_magic_link(request: HttpRequest) -> HttpResponse:
 
             # Send magic link if user exists
             if user:
-                magic_link = MagicLink.objects.create_for_user(user)
+                # Get the user's IP address
+                ip_address = get_client_ip(request)
+
+                # Create magic link with IP address
+                magic_link = MagicLink.objects.create(user=user, ip_address=ip_address)
+
                 link_url = request.build_absolute_uri(
                     reverse(
                         "django_solomon:validate_magic_link",

{django_solomon-0.2.0 → django_solomon-0.4.0}/tests/test_backends.py

@@ -1,7 +1,9 @@
+from unittest.mock import patch
+
 import pytest
+from django.contrib.auth import get_user_model
 from django.http import HttpRequest
 from django.test import override_settings
-from django.contrib.auth import get_user_model
 
 from django_solomon.backends import MagicLinkBackend
 from django_solomon.models import MagicLink
@@ -9,6 +11,12 @@ from django_solomon.models import MagicLink
 User = get_user_model()
 
 
+@pytest.fixture
+def magic_link_with_ip(user):
+    """Create and return a magic link with IP address for testing."""
+    return MagicLink.objects.create_for_user(user, ip_address="192.168.1.1")
+
+
 @pytest.mark.django_db
 class TestMagicLinkBackend:
     """Tests for the MagicLinkBackend class."""
@@ -165,3 +173,52 @@ class TestMagicLinkBackend:
         authenticated_user = self.backend.authenticate(token=magic_link.token, request=None)
         assert authenticated_user is None
         # No error should be set since there's no request object
+
+    @override_settings(SOLOMON_ENFORCE_SAME_IP=True)
+    def test_authenticate_ip_match(self, magic_link_with_ip):
+        """Test authentication with IP validation enabled and matching IP addresses."""
+        # Mock the get_client_ip function to return the same IP as in the magic link
+        with patch("django_solomon.backends.get_client_ip", return_value="192.168.1.1"):
+            # Try to authenticate
+            authenticated_user = self.backend.authenticate(request=self.request, token=magic_link_with_ip.token)
+            assert authenticated_user == magic_link_with_ip.user
+
+    @override_settings(SOLOMON_ENFORCE_SAME_IP=True)
+    def test_authenticate_ip_mismatch(self, magic_link_with_ip):
+        """Test authentication with IP validation enabled and mismatched IP addresses."""
+        # Mock the get_client_ip function to return a different IP
+        with patch("django_solomon.backends.get_client_ip", return_value="10.0.0.1"):
+            # Try to authenticate
+            authenticated_user = self.backend.authenticate(request=self.request, token=magic_link_with_ip.token)
+            assert authenticated_user is None
+            assert hasattr(self.request, "magic_link_error")
+            assert self.request.magic_link_error
+
+    @override_settings(SOLOMON_ENFORCE_SAME_IP=False)
+    def test_authenticate_ip_validation_disabled(self, magic_link_with_ip):
+        """Test authentication with IP validation disabled."""
+        # Mock the get_client_ip function to return a different IP
+        with patch("django_solomon.backends.get_client_ip", return_value="10.0.0.1"):
+            # Try to authenticate - should work despite IP mismatch because validation is disabled
+            authenticated_user = self.backend.authenticate(request=self.request, token=magic_link_with_ip.token)
+            assert authenticated_user == magic_link_with_ip.user
+
+    @override_settings(SOLOMON_ENFORCE_SAME_IP=True)
+    def test_authenticate_ip_validation_no_stored_ip(self, magic_link):
+        """Test authentication with IP validation enabled but no stored IP in the magic link."""
+        # Magic link has no IP address stored
+        assert magic_link.ip_address is None
+
+        # Mock the get_client_ip function to return any IP
+        with patch("django_solomon.backends.get_client_ip", return_value="10.0.0.1"):
+            # Try to authenticate - should work because there's no IP to compare against
+            authenticated_user = self.backend.authenticate(request=self.request, token=magic_link.token)
+            assert authenticated_user == magic_link.user
+
+    @override_settings(SOLOMON_ENFORCE_SAME_IP=True)
+    def test_authenticate_ip_validation_no_request(self, magic_link_with_ip):
+        """Test authentication with IP validation enabled but no request object."""
+        # Try to authenticate without a request object
+        authenticated_user = self.backend.authenticate(token=magic_link_with_ip.token, request=None)
+        # Should fail because there's no request to get the IP from
+        assert authenticated_user is None

{django_solomon-0.2.0 → django_solomon-0.4.0}/tests/test_models.py

@@ -1,8 +1,10 @@
+from datetime import timedelta
+
 import pytest
+from django.contrib.auth import get_user_model
 from django.db import IntegrityError
-from django.utils import timezone
 from django.test import override_settings
-from datetime import timedelta
+from django.utils import timezone
 
 from django_solomon.models import BlacklistedEmail, MagicLink
 
@@ -214,3 +216,48 @@ class TestMagicLink:
         link.refresh_from_db()
         assert link.token == "custom-token"
         assert abs((link.expires_at - expiration).total_seconds()) < 1  # Allow for small time differences
+
+
+@pytest.mark.django_db
+class TestUserEmailUniqueConstraint:
+    """Tests for the unique constraint on auth.User email field."""
+
+    def test_user_email_unique_constraint(self, user):
+        """Test that the email field on auth.User has a unique constraint."""
+        User = get_user_model()
+
+        # The user fixture already creates a user with email "test@example.com"
+        # Attempting to create another user with the same email should raise an IntegrityError
+        with pytest.raises(IntegrityError):
+            User.objects.create_user(
+                username="another_user",
+                email="test@example.com",  # Same email as the fixture user
+                password="password456",
+            )
+
+    def test_user_email_unique_constraint_case_insensitive(self, user):
+        """Test that the email uniqueness is case-insensitive."""
+        User = get_user_model()
+
+        # The user fixture already creates a user with email "test@example.com"
+        # Attempting to create another user with the same email in different case should fail
+        # because the constraint is case-insensitive
+        with pytest.raises(IntegrityError):
+            User.objects.create_user(
+                username="another_user",
+                email="TEST@example.com",  # Same email as the fixture user but with different case
+                password="password456",
+            )
+
+    def test_different_emails_allowed(self, user):
+        """Test that users with different emails can be created."""
+        User = get_user_model()
+
+        # Create a user with a different email
+        new_user = User.objects.create_user(
+            username="another_user", email="different@example.com", password="password456"
+        )
+
+        # Verify the user was created
+        assert new_user.pk is not None
+        assert new_user.email == "different@example.com"

{django_solomon-0.2.0 → django_solomon-0.4.0}/tests/test_utilities.py

@@ -1,9 +1,18 @@
+import socket
 from unittest.mock import patch, MagicMock
 
 import pytest
 from django.contrib.auth import get_user_model
+from django.http import HttpRequest
+from django.test import override_settings
 
-from django_solomon.utilities import get_user_by_email, create_user_from_email
+from django_solomon.utilities import (
+    get_user_by_email,
+    create_user_from_email,
+    get_ip_from_hostname,
+    get_client_ip,
+    anonymize_ip,
+)
 
 
 @pytest.mark.django_db
@@ -337,3 +346,198 @@ class TestCreateUserFromEmail:
                     # This ensures the branch where email_field != "email" is covered
                     assert "custom_email" in create_user_kwargs
                     assert create_user_kwargs["custom_email"] == email
+
+
+class TestGetIpFromHostname:
+    """Tests for the get_ip_from_hostname function."""
+
+    def test_get_ip_from_valid_hostname(self):
+        """Test getting an IP from a valid hostname."""
+        with patch("socket.getaddrinfo") as mock_getaddrinfo:
+            # Mock the return value of getaddrinfo to simulate a successful lookup
+            mock_getaddrinfo.return_value = [(2, 1, 6, "", ("93.184.216.34", 0))]
+
+            ip = get_ip_from_hostname("example.com")
+            assert ip == "93.184.216.34"
+            mock_getaddrinfo.assert_called_once_with("example.com", None)
+
+    def test_get_ip_from_ip_address(self):
+        """Test getting an IP when the input is already an IP address."""
+        with patch("socket.getaddrinfo") as mock_getaddrinfo:
+            # Mock the return value of getaddrinfo to return the same IP
+            mock_getaddrinfo.return_value = [(2, 1, 6, "", ("192.168.1.1", 0))]
+
+            ip = get_ip_from_hostname("192.168.1.1")
+            assert ip == "192.168.1.1"
+            mock_getaddrinfo.assert_called_once_with("192.168.1.1", None)
+
+    def test_get_ip_from_invalid_hostname(self):
+        """Test getting an IP from an invalid hostname."""
+        with patch("socket.getaddrinfo") as mock_getaddrinfo:
+            # Mock socket.gaierror to simulate a failed lookup
+            mock_getaddrinfo.side_effect = socket.gaierror("Name or service not known")
+
+            ip = get_ip_from_hostname("invalid.hostname.that.does.not.exist")
+            assert ip is None
+            mock_getaddrinfo.assert_called_once_with("invalid.hostname.that.does.not.exist", None)
+
+    def test_get_ip_from_empty_result(self):
+        """Test getting an IP when getaddrinfo returns an empty list."""
+        with patch("socket.getaddrinfo") as mock_getaddrinfo:
+            # Mock the return value of getaddrinfo to return an empty list
+            mock_getaddrinfo.return_value = []
+
+            ip = get_ip_from_hostname("empty.result.com")
+            assert ip is None
+            mock_getaddrinfo.assert_called_once_with("empty.result.com", None)
+
+
+class TestGetClientIp:
+    """Tests for the get_client_ip function."""
+
+    @override_settings(SOLOMON_ANONYMIZE_IP=True)
+    def test_get_client_ip_with_x_forwarded_for_valid_ip(self):
+        """Test getting client IP from X-Forwarded-For header with a valid IP."""
+        request = HttpRequest()
+        request.META = {"HTTP_X_FORWARDED_FOR": "192.168.1.1, 10.0.0.1"}
+
+        # Mock anonymize_ip to return an anonymized IP without calling the real function
+        with patch("django_solomon.utilities.anonymize_ip", return_value="192.168.1.0") as mock_anonymize:
+            ip = get_client_ip(request)
+            assert ip == "192.168.1.0"
+            mock_anonymize.assert_called_once_with("192.168.1.1")
+
+    @override_settings(SOLOMON_ANONYMIZE_IP=True)
+    def test_get_client_ip_with_x_forwarded_for_hostname(self):
+        """Test getting client IP from X-Forwarded-For header with a hostname."""
+        request = HttpRequest()
+        request.META = {"HTTP_X_FORWARDED_FOR": "example.com, 10.0.0.1"}
+
+        # Mock the ip_address function to raise ValueError for the hostname
+        with patch("ipaddress.ip_address", side_effect=ValueError("invalid IP address")):
+            # Mock get_ip_from_hostname to return a valid IP
+            with patch("django_solomon.utilities.get_ip_from_hostname", return_value="93.184.216.34") as mock_get_ip:
+                # Mock anonymize_ip to return an anonymized IP
+                with patch("django_solomon.utilities.anonymize_ip", return_value="93.184.216.0") as mock_anonymize:
+                    ip = get_client_ip(request)
+                    assert ip == "93.184.216.0"
+                    mock_get_ip.assert_called_once_with("example.com")
+                    mock_anonymize.assert_called_once_with("93.184.216.34")
+
+    @override_settings(SOLOMON_ANONYMIZE_IP=True)
+    def test_get_client_ip_with_remote_addr_valid_ip(self):
+        """Test getting client IP from REMOTE_ADDR with a valid IP."""
+        request = HttpRequest()
+        request.META = {"REMOTE_ADDR": "192.168.1.1"}
+
+        # Mock anonymize_ip to return an anonymized IP
+        with patch("django_solomon.utilities.anonymize_ip", return_value="192.168.1.0") as mock_anonymize:
+            ip = get_client_ip(request)
+            assert ip == "192.168.1.0"
+            mock_anonymize.assert_called_once_with("192.168.1.1")
+
+    @override_settings(SOLOMON_ANONYMIZE_IP=True)
+    def test_get_client_ip_with_remote_addr_hostname(self):
+        """Test getting client IP from REMOTE_ADDR with a hostname."""
+        request = HttpRequest()
+        request.META = {"REMOTE_ADDR": "example.com"}
+
+        # Mock the ip_address function to raise ValueError for the hostname
+        with patch("ipaddress.ip_address", side_effect=ValueError("invalid IP address")):
+            # Mock get_ip_from_hostname to return a valid IP
+            with patch("django_solomon.utilities.get_ip_from_hostname", return_value="93.184.216.34") as mock_get_ip:
+                # Mock anonymize_ip to return an anonymized IP
+                with patch("django_solomon.utilities.anonymize_ip", return_value="93.184.216.0") as mock_anonymize:
+                    ip = get_client_ip(request)
+                    assert ip == "93.184.216.0"
+                    mock_get_ip.assert_called_once_with("example.com")
+                    mock_anonymize.assert_called_once_with("93.184.216.34")
+
+    @override_settings(SOLOMON_ANONYMIZE_IP=True)
+    def test_get_client_ip_with_unresolvable_hostname(self):
+        """Test getting client IP when hostname cannot be resolved."""
+        request = HttpRequest()
+        request.META = {"REMOTE_ADDR": "unresolvable.hostname"}
+
+        # Mock the ip_address function to raise ValueError for the hostname
+        with patch("ipaddress.ip_address", side_effect=ValueError("invalid IP address")):
+            # Mock get_ip_from_hostname to return None (unresolvable)
+            with patch("django_solomon.utilities.get_ip_from_hostname", return_value=None) as mock_get_ip:
+                ip = get_client_ip(request)
+                assert ip == "unresolvable.hostname"
+                mock_get_ip.assert_called_once_with("unresolvable.hostname")
+
+    @override_settings(SOLOMON_ANONYMIZE_IP=True)
+    def test_get_client_ip_with_multiple_ips_in_x_forwarded_for(self):
+        """Test getting client IP from X-Forwarded-For with multiple IPs."""
+        request = HttpRequest()
+        request.META = {"HTTP_X_FORWARDED_FOR": "192.168.1.1, 10.0.0.1, 172.16.0.1"}
+
+        # Mock anonymize_ip to return an anonymized IP
+        with patch("django_solomon.utilities.anonymize_ip", return_value="192.168.1.0") as mock_anonymize:
+            ip = get_client_ip(request)
+            assert ip == "192.168.1.0"
+            mock_anonymize.assert_called_once_with("192.168.1.1")
+
+    @override_settings(SOLOMON_ANONYMIZE_IP=False)
+    def test_get_client_ip_with_anonymization_disabled(self):
+        """Test getting client IP with anonymization disabled."""
+        request = HttpRequest()
+        request.META = {"REMOTE_ADDR": "192.168.1.1"}
+
+        # Make sure anonymize_ip is not called
+        with patch("django_solomon.utilities.anonymize_ip") as mock_anonymize:
+            ip = get_client_ip(request)
+            assert ip == "192.168.1.1"
+            mock_anonymize.assert_not_called()
+
+    @override_settings(SOLOMON_ANONYMIZE_IP=False)
+    def test_get_client_ip_with_hostname_and_anonymization_disabled(self):
+        """Test getting client IP from a hostname with anonymization disabled."""
+        request = HttpRequest()
+        request.META = {"REMOTE_ADDR": "example.com"}
+
+        # Mock the ip_address function to raise ValueError for the hostname
+        with patch("ipaddress.ip_address", side_effect=ValueError("invalid IP address")):
+            # Mock get_ip_from_hostname to return a valid IP
+            with patch("django_solomon.utilities.get_ip_from_hostname", return_value="93.184.216.34") as mock_get_ip:
+                # Make sure anonymize_ip is not called
+                with patch("django_solomon.utilities.anonymize_ip") as mock_anonymize:
+                    ip = get_client_ip(request)
+                    assert ip == "93.184.216.34"
+                    mock_get_ip.assert_called_once_with("example.com")
+                    mock_anonymize.assert_not_called()
+
+
+class TestAnonymizeIp:
+    """Tests for the anonymize_ip function."""
+
+    def test_anonymize_ipv4(self):
+        """Test anonymizing an IPv4 address."""
+        # Test with a real IPv4 address
+        result = anonymize_ip("192.168.1.1")
+        assert result == "192.168.1.0"
+
+    def test_anonymize_ipv6(self):
+        """Test anonymizing an IPv6 address."""
+        # Test with a real IPv6 address
+        result = anonymize_ip("2001:db8::1:2:3:4:5")
+        assert result == "2001:db8::"
+
+    def test_anonymize_invalid_ip(self):
+        """Test anonymizing an invalid IP address."""
+        # Test with an invalid IP address
+        result = anonymize_ip("not-an-ip")
+        assert result == "not-an-ip"
+
+    def test_anonymize_other_ip_type(self):
+        """Test anonymizing an IP that is neither IPv4 nor IPv6."""
+        # Mock ip_address to return an object that is neither IPv4 nor IPv6
+        with patch("ipaddress.ip_address") as mock_ip_address:
+            mock_ip = MagicMock()
+            # Make it so the object is not an instance of IPv4Address or IPv6Address
+            mock_ip.__class__ = object
+            mock_ip_address.return_value = mock_ip
+
+            result = anonymize_ip("special-ip")
+            assert result == "special-ip"

django_solomon-0.2.0/src/django_solomon/utilities.py

@@ -1,81 +0,0 @@
-import logging
-
-from django.contrib.auth import get_user_model
-from django.contrib.auth.hashers import make_password
-
-from django_solomon.models import UserType
-
-logger = logging.getLogger(__name__)
-
-
-def get_user_by_email(email: str) -> UserType | None:
-    """
-    Get a user by email.
-
-    This method supports both the standard User model and custom User models
-    by checking if the email field exists on the model.
-
-    Args:
-        email: The email to look up.
-
-    Returns:
-        The user if found, None otherwise.
-    """
-    user_model = get_user_model()
-
-    # Check if the user model has an email field
-    if hasattr(user_model, "EMAIL_FIELD"):
-        email_field = user_model.EMAIL_FIELD
-    else:
-        email_field = "email"
-
-    # Make sure the email field exists on the model
-    if not hasattr(user_model, email_field):
-        logger.warning(f"User model {user_model.__name__} does not have field {email_field}, falling back to 'email'")
-        email_field = "email"
-
-        # Check if the fallback field exists
-        if not hasattr(user_model, email_field):
-            logger.error(f"User model {user_model.__name__} does not have an email field")
-            return None
-
-    # Query for the user
-    try:
-        query = {email_field: email}
-        return user_model.objects.get(**query)
-    except user_model.DoesNotExist:
-        return None
-    except Exception as e:
-        logger.error(f"Error getting user by email: {e}")
-        return None
-
-
-def create_user_from_email(email: str) -> UserType:
-    """
-    Creates a new user with the given email.
-
-    This function uses the email as both the username and email address
-    for the new user.
-
-    Args:
-        email: The email to use for the new user.
-
-    Returns:
-        The newly created user.
-    """
-    user_model = get_user_model()
-
-    # Create the user with email as username
-    user_kwargs = {
-        "username": email,
-        "email": email,
-        "password": make_password(None),
-    }
-
-    # Check if the user model has an email field
-    if hasattr(user_model, "EMAIL_FIELD"):
-        email_field = user_model.EMAIL_FIELD
-        if email_field != "email":
-            user_kwargs[email_field] = email
-
-    return user_model.objects.create_user(**user_kwargs)