In [1]:
# IAM Simulation in Cloud Platforms
# SDG 16: Peace, Justice, and Strong Institutions

import hashlib
import uuid
import time

# User database simulation
users_db = {}

# Role-based access
roles_permissions = {
    "admin": ["create", "read", "update", "delete"],
    "user": ["read"]
}

# Function to hash password
def hash_password(password):
    salt = uuid.uuid4().hex
    hashed = hashlib.sha256(salt.encode() + password.encode()).hexdigest()
    return salt + ':' + hashed

# Function to verify password
def verify_password(stored_password, provided_password):
    salt, hashed = stored_password.split(':')
    return hashed == hashlib.sha256(salt.encode() + provided_password.encode()).hexdigest()

# Function to register a user
def register_user(username, password, role="user"):
    if username in users_db:
        return "User already exists!"
    users_db[username] = {
        "password": hash_password(password),
        "role": role,
        "token": None
    }
    return f"User '{username}' registered successfully as '{role}'."

# Function to login user
def login_user(username, password):
    user = users_db.get(username)
    if not user:
        return "User not found!"
    if verify_password(user["password"], password):
        token = uuid.uuid4().hex  # simple token generation
        user["token"] = token
        return f"Login successful! Token: {token}"
    else:
        return "Incorrect password!"

# Function to check permissions
def check_permission(username, action):
    user = users_db.get(username)
    if not user or not user["token"]:
        return "Access Denied! Login required."
    role = user["role"]
    if action in roles_permissions.get(role, []):
        return f"Access Granted for {action} action to {username} ({role})"
    else:
        return f"Access Denied for {action} action to {username} ({role})"

# ------------------------
# Demo
# ------------------------

# Register users
print(register_user("alice", "password123", "admin"))
print(register_user("bob", "mypassword", "user"))

# Login users
print(login_user("alice", "password123"))
print(login_user("bob", "mypassword"))

# Access control demo
print(check_permission("alice", "delete"))
print(check_permission("bob", "delete"))
print(check_permission("bob", "read"))


User 'alice' registered successfully as 'admin'.
User 'bob' registered successfully as 'user'.
Login successful! Token: 9ebb564f5aa64f7390174cf7bca8cf4d
Login successful! Token: b6c96df4b991418ca8fe2ff03be97385
Access Granted for delete action to alice (admin)
Access Denied for delete action to bob (user)
Access Granted for read action to bob (user)
