fix command initial datas

This commit is contained in:
Cayo Puigdefabregas 2024-01-04 19:17:18 +01:00
parent 87776751a4
commit 10c6d20a10
5 changed files with 26 additions and 19 deletions

View File

@ -7,6 +7,7 @@ from utils import credtools
from django.conf import settings from django.conf import settings
from django.core.management.base import BaseCommand, CommandError from django.core.management.base import BaseCommand, CommandError
from django.contrib.auth import get_user_model from django.contrib.auth import get_user_model
from django.core.cache import cache
from decouple import config from decouple import config
from idhub.models import DID, Schemas from idhub.models import DID, Schemas
from oidc4vp.models import Organization from oidc4vp.models import Organization
@ -43,6 +44,9 @@ class Command(BaseCommand):
su = User.objects.create_superuser(email=email, password=password) su = User.objects.create_superuser(email=email, password=password)
su.set_encrypted_sensitive_data(password) su.set_encrypted_sensitive_data(password)
su.save() su.save()
key = su.decrypt_sensitive_data(password)
key_dids = {su.id: key}
cache.set("KEY_DIDS", key_dids, None)
def create_users(self, email, password): def create_users(self, email, password):
@ -50,6 +54,10 @@ class Command(BaseCommand):
u.set_password(password) u.set_password(password)
u.set_encrypted_sensitive_data(password) u.set_encrypted_sensitive_data(password)
u.save() u.save()
key_dids = cache.get("KEY_DIDS", {})
key = u.decrypt_sensitive_data(password)
key_dids.update({u.id: key})
cache.set("KEY_DIDS", key_dids)
def create_organizations(self, name, url): def create_organizations(self, name, url):

View File

@ -1,4 +1,4 @@
# Generated by Django 4.2.5 on 2024-01-04 16:59 # Generated by Django 4.2.5 on 2024-01-04 18:09
from django.conf import settings from django.conf import settings
from django.db import migrations, models from django.db import migrations, models
@ -28,7 +28,7 @@ class Migration(migrations.Migration):
('created_at', models.DateTimeField(auto_now=True)), ('created_at', models.DateTimeField(auto_now=True)),
('label', models.CharField(max_length=50, verbose_name='Label')), ('label', models.CharField(max_length=50, verbose_name='Label')),
('did', models.CharField(max_length=250)), ('did', models.CharField(max_length=250)),
('_key_material', models.BinaryField(max_length=250)), ('key_material', models.CharField(max_length=255)),
( (
'user', 'user',
models.ForeignKey( models.ForeignKey(

View File

@ -412,9 +412,7 @@ class DID(models.Model):
# In JWK format. Must be stored as-is and passed whole to library functions. # In JWK format. Must be stored as-is and passed whole to library functions.
# Example key material: # Example key material:
# '{"kty":"OKP","crv":"Ed25519","x":"oB2cPGFx5FX4dtS1Rtep8ac6B__61HAP_RtSzJdPxqs","d":"OJw80T1CtcqV0hUcZdcI-vYNBN1dlubrLaJa0_se_gU"}' # '{"kty":"OKP","crv":"Ed25519","x":"oB2cPGFx5FX4dtS1Rtep8ac6B__61HAP_RtSzJdPxqs","d":"OJw80T1CtcqV0hUcZdcI-vYNBN1dlubrLaJa0_se_gU"}'
# CHANGED: `key_material` to `_key_material`, datatype from CharField to BinaryField and the key is now stored encrypted. key_material = models.CharField(max_length=255)
key_material = None
_key_material = models.BinaryField(max_length=250)
user = models.ForeignKey( user = models.ForeignKey(
User, User,
on_delete=models.CASCADE, on_delete=models.CASCADE,
@ -423,18 +421,16 @@ class DID(models.Model):
) )
def get_key_material(self): def get_key_material(self):
key_dids = cache.get("KEY_DIDS", {}) return self.user.decrypt_data(self.key_material)
if not key_dids.get(user.id):
raise Exception("Ojo! Se intenta acceder a datos cifrados sin tener la clave.")
sb = secret.SecretBox(key_dids[user.id])
return sb.decrypt(self._key_material)
def set_key_material(self, value): def set_key_material(self, value):
key_dids = cache.get("KEY_DIDS", {}) self.key_material = self.user.encrypt_data(value)
if not key_dids.get(user.id):
raise Exception("Ojo! Se intenta acceder a datos cifrados sin tener la clave.") def get_data(self):
sb = secret.SecretBox(key_dids[user.id]) return self.user.decrypt_data(self.data)
self._key_material = sb.encrypt(value)
def set_data(self, value):
self.data = self.user.encrypt_data(value)
@property @property
def is_organization_did(self): def is_organization_did(self):

View File

@ -1,4 +1,4 @@
# Generated by Django 4.2.5 on 2024-01-04 16:59 # Generated by Django 4.2.5 on 2024-01-04 18:09
from django.db import migrations, models from django.db import migrations, models

View File

@ -148,12 +148,13 @@ class User(AbstractBaseUser):
def encrypt_data(self, data): def encrypt_data(self, data):
sb = self.get_secret_box() sb = self.get_secret_box()
value = base64.b64encode(data.encode('utf-8')) value = base64.b64encode(data.encode('utf-8'))
return sb.encrypt(data) value_enc = sb.encrypt(data.encode('utf-8'))
return base64.b64encode(value_enc).decode('utf-8')
def decrypt_data(self, data): def decrypt_data(self, data):
sb = self.get_secret_box() sb = self.get_secret_box()
value = base64.b64decode(data.encode('utf-8')) value = base64.b64decode(data.encode('utf-8'))
return sb.decrypt(data) return sb.decrypt(value).decode('utf-8')
def get_secret_box(self): def get_secret_box(self):
key_dids = cache.get("KEY_DIDS", {}) key_dids = cache.get("KEY_DIDS", {})
@ -162,4 +163,6 @@ class User(AbstractBaseUser):
err += "data without having the key." err += "data without having the key."
raise Exception(_(err)) raise Exception(_(err))
return secret.SecretBox(key_dids[self.id]) pw = base64.b64decode(key_dids[self.id].encode('utf-8'))
sb_key = self.derive_key_from_password(pw)
return nacl.secret.SecretBox(sb_key)