flo
47d46e8e6f
Self-service drink tab at /suff/ for festival attendees. Users log in with username + 3-digit PIN stored in a separate User.pin field, so staff/admin accounts can keep their strong password for /admin/ and also use the drink tool with the same username. PINs for staff users must be set from the admin panel via a dedicated "PIN setzen" view to prevent account takeover by name collision. Time-gated to the festival window (Thu–Sun in Berlin tz) with phases before/booking/readonly/closed; in non-production mode the tool is always in booking phase for local testing. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
26 lines
839 B
Python
26 lines
839 B
Python
from django.contrib.auth import get_user_model
|
|
from django.contrib.auth.backends import ModelBackend
|
|
|
|
|
|
class PinBackend(ModelBackend):
|
|
"""Authenticate festival users by username + 3-digit PIN stored in `pin`.
|
|
|
|
Strong passwords stay on the User model for /admin/ via the default
|
|
ModelBackend. Staff can also set a PIN to use the drink tool with the
|
|
same username.
|
|
"""
|
|
|
|
def authenticate(self, request, username=None, pin=None, **kwargs):
|
|
if username is None or pin is None:
|
|
return None
|
|
User = get_user_model()
|
|
try:
|
|
user = User.objects.get(username=username)
|
|
except User.DoesNotExist:
|
|
return None
|
|
if not user.check_pin(pin):
|
|
return None
|
|
if not self.user_can_authenticate(user):
|
|
return None
|
|
return user
|