fix command initial datas
This commit is contained in:
parent
87776751a4
commit
10c6d20a10
|
@ -7,6 +7,7 @@ from utils import credtools
|
||||||
from django.conf import settings
|
from django.conf import settings
|
||||||
from django.core.management.base import BaseCommand, CommandError
|
from django.core.management.base import BaseCommand, CommandError
|
||||||
from django.contrib.auth import get_user_model
|
from django.contrib.auth import get_user_model
|
||||||
|
from django.core.cache import cache
|
||||||
from decouple import config
|
from decouple import config
|
||||||
from idhub.models import DID, Schemas
|
from idhub.models import DID, Schemas
|
||||||
from oidc4vp.models import Organization
|
from oidc4vp.models import Organization
|
||||||
|
@ -43,6 +44,9 @@ class Command(BaseCommand):
|
||||||
su = User.objects.create_superuser(email=email, password=password)
|
su = User.objects.create_superuser(email=email, password=password)
|
||||||
su.set_encrypted_sensitive_data(password)
|
su.set_encrypted_sensitive_data(password)
|
||||||
su.save()
|
su.save()
|
||||||
|
key = su.decrypt_sensitive_data(password)
|
||||||
|
key_dids = {su.id: key}
|
||||||
|
cache.set("KEY_DIDS", key_dids, None)
|
||||||
|
|
||||||
|
|
||||||
def create_users(self, email, password):
|
def create_users(self, email, password):
|
||||||
|
@ -50,6 +54,10 @@ class Command(BaseCommand):
|
||||||
u.set_password(password)
|
u.set_password(password)
|
||||||
u.set_encrypted_sensitive_data(password)
|
u.set_encrypted_sensitive_data(password)
|
||||||
u.save()
|
u.save()
|
||||||
|
key_dids = cache.get("KEY_DIDS", {})
|
||||||
|
key = u.decrypt_sensitive_data(password)
|
||||||
|
key_dids.update({u.id: key})
|
||||||
|
cache.set("KEY_DIDS", key_dids)
|
||||||
|
|
||||||
|
|
||||||
def create_organizations(self, name, url):
|
def create_organizations(self, name, url):
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
# Generated by Django 4.2.5 on 2024-01-04 16:59
|
# Generated by Django 4.2.5 on 2024-01-04 18:09
|
||||||
|
|
||||||
from django.conf import settings
|
from django.conf import settings
|
||||||
from django.db import migrations, models
|
from django.db import migrations, models
|
||||||
|
@ -28,7 +28,7 @@ class Migration(migrations.Migration):
|
||||||
('created_at', models.DateTimeField(auto_now=True)),
|
('created_at', models.DateTimeField(auto_now=True)),
|
||||||
('label', models.CharField(max_length=50, verbose_name='Label')),
|
('label', models.CharField(max_length=50, verbose_name='Label')),
|
||||||
('did', models.CharField(max_length=250)),
|
('did', models.CharField(max_length=250)),
|
||||||
('_key_material', models.BinaryField(max_length=250)),
|
('key_material', models.CharField(max_length=255)),
|
||||||
(
|
(
|
||||||
'user',
|
'user',
|
||||||
models.ForeignKey(
|
models.ForeignKey(
|
||||||
|
|
|
@ -412,9 +412,7 @@ class DID(models.Model):
|
||||||
# In JWK format. Must be stored as-is and passed whole to library functions.
|
# In JWK format. Must be stored as-is and passed whole to library functions.
|
||||||
# Example key material:
|
# Example key material:
|
||||||
# '{"kty":"OKP","crv":"Ed25519","x":"oB2cPGFx5FX4dtS1Rtep8ac6B__61HAP_RtSzJdPxqs","d":"OJw80T1CtcqV0hUcZdcI-vYNBN1dlubrLaJa0_se_gU"}'
|
# '{"kty":"OKP","crv":"Ed25519","x":"oB2cPGFx5FX4dtS1Rtep8ac6B__61HAP_RtSzJdPxqs","d":"OJw80T1CtcqV0hUcZdcI-vYNBN1dlubrLaJa0_se_gU"}'
|
||||||
# CHANGED: `key_material` to `_key_material`, datatype from CharField to BinaryField and the key is now stored encrypted.
|
key_material = models.CharField(max_length=255)
|
||||||
key_material = None
|
|
||||||
_key_material = models.BinaryField(max_length=250)
|
|
||||||
user = models.ForeignKey(
|
user = models.ForeignKey(
|
||||||
User,
|
User,
|
||||||
on_delete=models.CASCADE,
|
on_delete=models.CASCADE,
|
||||||
|
@ -423,18 +421,16 @@ class DID(models.Model):
|
||||||
)
|
)
|
||||||
|
|
||||||
def get_key_material(self):
|
def get_key_material(self):
|
||||||
key_dids = cache.get("KEY_DIDS", {})
|
return self.user.decrypt_data(self.key_material)
|
||||||
if not key_dids.get(user.id):
|
|
||||||
raise Exception("Ojo! Se intenta acceder a datos cifrados sin tener la clave.")
|
|
||||||
sb = secret.SecretBox(key_dids[user.id])
|
|
||||||
return sb.decrypt(self._key_material)
|
|
||||||
|
|
||||||
def set_key_material(self, value):
|
def set_key_material(self, value):
|
||||||
key_dids = cache.get("KEY_DIDS", {})
|
self.key_material = self.user.encrypt_data(value)
|
||||||
if not key_dids.get(user.id):
|
|
||||||
raise Exception("Ojo! Se intenta acceder a datos cifrados sin tener la clave.")
|
def get_data(self):
|
||||||
sb = secret.SecretBox(key_dids[user.id])
|
return self.user.decrypt_data(self.data)
|
||||||
self._key_material = sb.encrypt(value)
|
|
||||||
|
def set_data(self, value):
|
||||||
|
self.data = self.user.encrypt_data(value)
|
||||||
|
|
||||||
@property
|
@property
|
||||||
def is_organization_did(self):
|
def is_organization_did(self):
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
# Generated by Django 4.2.5 on 2024-01-04 16:59
|
# Generated by Django 4.2.5 on 2024-01-04 18:09
|
||||||
|
|
||||||
from django.db import migrations, models
|
from django.db import migrations, models
|
||||||
|
|
||||||
|
|
|
@ -148,12 +148,13 @@ class User(AbstractBaseUser):
|
||||||
def encrypt_data(self, data):
|
def encrypt_data(self, data):
|
||||||
sb = self.get_secret_box()
|
sb = self.get_secret_box()
|
||||||
value = base64.b64encode(data.encode('utf-8'))
|
value = base64.b64encode(data.encode('utf-8'))
|
||||||
return sb.encrypt(data)
|
value_enc = sb.encrypt(data.encode('utf-8'))
|
||||||
|
return base64.b64encode(value_enc).decode('utf-8')
|
||||||
|
|
||||||
def decrypt_data(self, data):
|
def decrypt_data(self, data):
|
||||||
sb = self.get_secret_box()
|
sb = self.get_secret_box()
|
||||||
value = base64.b64decode(data.encode('utf-8'))
|
value = base64.b64decode(data.encode('utf-8'))
|
||||||
return sb.decrypt(data)
|
return sb.decrypt(value).decode('utf-8')
|
||||||
|
|
||||||
def get_secret_box(self):
|
def get_secret_box(self):
|
||||||
key_dids = cache.get("KEY_DIDS", {})
|
key_dids = cache.get("KEY_DIDS", {})
|
||||||
|
@ -162,4 +163,6 @@ class User(AbstractBaseUser):
|
||||||
err += "data without having the key."
|
err += "data without having the key."
|
||||||
raise Exception(_(err))
|
raise Exception(_(err))
|
||||||
|
|
||||||
return secret.SecretBox(key_dids[self.id])
|
pw = base64.b64decode(key_dids[self.id].encode('utf-8'))
|
||||||
|
sb_key = self.derive_key_from_password(pw)
|
||||||
|
return nacl.secret.SecretBox(sb_key)
|
||||||
|
|
Loading…
Reference in New Issue