<div style="background-color:lightgrey;
            padding:10px;
            color:black;
            border:black dashed 2px; 
            border-radius:5px;
            margin: 20px 0;">
            
            
# Larger Project


**Staff:** Mike Kestemont <br/>
**Support Material:** None <br/>
**Support Sessions:**  None

</div>


In the past sessions, we've often worked on smaller exercises that targeted a very specific topic or skill. It can be hard to imagine, for the time being, how such an abstract exercise could become a useful building block in a larger, real-life application. In this session, we'll work on a larger project: an authentication system for a website, in which you have to combine several smaller pieces of functionality.

- Piece together code in smart way, but make use of **abstraction mechanism**, such as functions, that allow you to divide the work in managable packages
- Think about the design of the code: translate a free running text in natural language into formal code **requirements**
- Think about **reuse**: which third part stuff already exists that I can reuse in a stable way?

## Project: an authentication system

**Assignment**: *produce Python code that sets up a naive authentication system, e.g. for a website, that allows a user to register and log in. Before peaking at the task description below: try to describe for yourself, potentially making use of a schematic drawing, what such a system should be able to do. What limits do you want impose on the user? Which liberties will you allow? Try to protect yourself from malicious users but also try to protect users from their own mistakes.*


### Functionality
Implement the following functionality:
- (A) Ask a user (via `input()`) for an email address (as a proxy for a user name) and a password. A **valid password** must be be at least 8 characters long, contain uppercase *and* lowercase characters, as well as two digits, but no punctuation. Store this information in a suitable data structure, but only *if* the user name entered is a **valid email address**. For the sake of simplicity, you can limit yourself to the following dummy rules as to what constitutes a valid email address:
    + It contains (exactly one) "@".
    + It ends in ".com", ".org", or ".be".
    + It contains no other punctuation than '-', '@' and '.'
    
- (B) Ask the user (via `input()`) to login with her/his **credentials** and grant access to the website the password matches an existing user in the database. If the user three times enters a false password, send a **warning email** to the email address that was used as user name in the last attempt.


In your code, the following information should be printed under the appropriate conditions:

(A)
   - “Your account has been successfully created!”
   - “You entered an invalid email address. Try again.”
   - “Your password isn't long enough.”
   - “That user name has already been taken. Try again.”

(B)
   - “You have successfully logged in!”
   - “This email address does not exist in our database. Try again.”
   - “Your email address exists, but your password is incorrect. Try again. (`n` attempts left)”
   - "You have exhausted your 3 login attempts. A warning message has been emailed to the last email address used."

In [52]:
from string import punctuation as punct

def validate_password(pw):
    """
    Requirements for a valid password:
      - 8 chars long
      - two digits
      - no punctuation
      - uppercase and lowercase characters
    """
    # length?
    if len(pw) < 8:
        return False
    
    # at least two digits?
    digit_count = 0
    for character in pw:
        if character.isdigit():
            digit_count += 1
    if digit_count < 2:
        return False
    
    # no punctuation present?
    for character in pw:
        if character in punct:
            return False
    
    # uppercase characters?
    num_uppercase = 0
    for c in pw:
        if c.isupper():
            num_uppercase += 1
    if num_uppercase == 0:
        return False
    
    # lowercase characters?
    num_lowercase = 0
    for c in pw:
        if c.islower():
            num_lowercase += 1
    if num_lowercase == 0:
        return False
    
    return True

validate_password('sssSsssss8888')

True

In [53]:
def validate_email(em):
    """
    Requirements:
       - (exactly one) "@".
       - ends in ".com", ".org", or ".be".
       - no other punctuation than '-', '@' and '.'
    """
    allowed_punctuation = '-.@'
    if em.count('@') != 1:
        return False
    if not em.endswith(('.com', '.org', '.be')):
        return False
    for c in em:
        if c not in allowed_punctuation and c in punct:
            return False

    return True

validate_email('mike.kestemont@gmail.com')

True

In [54]:
help(validate_password)

Help on function validate_password in module __main__:

validate_password(pw)
    Requirements for a valid password:
      - 8 chars long
      - two digits
      - no punctuation
      - uppercase and lowercase characters



(A)
- “Your account has been successfully created!”
- “You entered an invalid email address. Try again.”
- “Your password isn't long enough.”
- “That user name has already been taken. Try again.”

In [57]:
db = {
      'mike@gmail.com': 'hgHghgh87',
      'walter@hotmail.com': 'hgghss123H'
      }

In [75]:
un = input('Welcome! What is your user name? ')

if not validate_email(un):
    print('Invalid user name')

if un in db:
    pw = input('What is your password?')
    # ask for pw
    if pw == db[un]:
        print("That's correct. Welcome back")
    else:
        print("That password is incorrect")
else:
    # ask the user to register
    un = input("We don't have you as a user yet: input your email address to register: ")
    if validate_email(un):
        if un not in db:
            pw = input('Enter a password please: ')
            if validate_password(pw):
                db[un] = pw # actual registration
            else:
                print('Too bad: passwords should be...')
        else:
            print('Too bad: that user name has been taken already')
    else:
        print("Couldn't register you: corrupt email address!")

Welcome! What is your user name? bart@gmail.com
What is your password?hgghss123H
That's correct. Welcome back


(B)
- “You have successfully logged in!”
- “This email address does not exist in our database. Try again.”
- “Your email address exists, but your password is incorrect. Try again. (n attempts left)”
- "You have exhausted your 3 login attempts. A warning message has been emailed to the last email address used."

In [80]:
num_retrials = 3

for attempt in range(num_retrials):
    print(f'Attempt {attempt + 1} of {num_retrials}')
    un = input('Welcome! What is your user name? ')

    if not validate_email(un):
        print('Invalid user name')

    if un in db:
        pw = input('What is your password?')
        # ask for pw
        if pw == db[un]:
            print("That's correct. Welcome back")
        else:
            print("That password is incorrect")
    
    if attempt == (num_retrials - 1):
        print(f"You've exhausted your {num_retrials} login attempts")


Attempt 1 of 3
Welcome! What is your user name? k
Invalid user name
Attempt 2 of 3
Welcome! What is your user name? k
Invalid user name
Attempt 3 of 3
Welcome! What is your user name? 
Invalid user name
You've exhausted your 3 login attempts
