diff --git a/idhub/admin/forms.py b/idhub/admin/forms.py index 29ce073..f9ceecc 100644 --- a/idhub/admin/forms.py +++ b/idhub/admin/forms.py @@ -75,6 +75,10 @@ class EncryptionKeyForm(forms.Form): if commit: cache.set("KEY_DIDS", self._key, None) + if not DID.objects.exists(): + did = DID.objects.create(label='Default', type=DID.Types.WEB) + did.set_did() + did.save() return @@ -155,9 +159,8 @@ class ImportForm(forms.Form): self.rows = {} self.properties = {} self.users = [] - self.user = kwargs.pop('user', None) super().__init__(*args, **kwargs) - dids = DID.objects.filter(user=self.user) + dids = DID.objects.filter(user__isnull=True) self.fields['did'].choices = [ (x.did, x.label) for x in dids.filter(eidas1=False) ] @@ -176,7 +179,7 @@ class ImportForm(forms.Form): def clean(self): data = self.cleaned_data["did"] did = DID.objects.filter( - user=self.user, + user__isnull=True, did=data ) @@ -188,7 +191,7 @@ class ImportForm(forms.Form): eidas1 = self.cleaned_data.get('eidas1') if eidas1: self._eidas1 = DID.objects.filter( - user=self.user, + user__isnull=True, eidas1=True, did=eidas1 ).first() diff --git a/idhub/admin/views.py b/idhub/admin/views.py index b5216a4..1c5aaa4 100644 --- a/idhub/admin/views.py +++ b/idhub/admin/views.py @@ -759,7 +759,7 @@ class DidsView(Credentials, SingleTableView): def get_context_data(self, **kwargs): queryset = kwargs.pop('object_list', None) - dids = DID.objects.filter(user=self.request.user) + dids = DID.objects.filter(user__isnull=True) if queryset is None: self.object_list = dids.all() @@ -781,7 +781,6 @@ class DidRegisterView(Credentials, CreateView): object = None def form_valid(self, form): - form.instance.user = self.request.user form.instance.set_did() form.save() messages.success(self.request, _('DID created successfully')) @@ -1063,11 +1062,6 @@ class ImportAddView(NotifyActivateUserByEmail, ImportExport, FormView): form_class = ImportForm success_url = reverse_lazy('idhub:admin_import') - def get_form_kwargs(self): - kwargs = super().get_form_kwargs() - kwargs['user'] = self.request.user - return kwargs - def form_valid(self, form): creds = form.save() if creds: diff --git a/idhub/management/commands/initial_datas.py b/idhub/management/commands/initial_datas.py index b4f783b..363d7fb 100644 --- a/idhub/management/commands/initial_datas.py +++ b/idhub/management/commands/initial_datas.py @@ -7,9 +7,8 @@ from utils import credtools from django.conf import settings from django.core.management.base import BaseCommand from django.contrib.auth import get_user_model -from django.core.cache import cache from decouple import config -from idhub.models import DID, Schemas +from idhub.models import Schemas from oidc4vp.models import Organization @@ -22,8 +21,6 @@ class Command(BaseCommand): def handle(self, *args, **kwargs): ADMIN_EMAIL = config('ADMIN_EMAIL', 'admin@example.org') ADMIN_PASSWORD = config('ADMIN_PASSWORD', '1234') - KEY_DIDS = config('KEY_DIDS', '1234') - cache.set("KEY_DIDS", KEY_DIDS, None) self.create_admin_users(ADMIN_EMAIL, ADMIN_PASSWORD) if settings.CREATE_TEST_USERS: @@ -37,6 +34,10 @@ class Command(BaseCommand): f = csv.reader(csvfile, delimiter=';', quotechar='"') for r in f: self.create_organizations(r[0].strip(), r[1].strip()) + + # You need to confirm than your Organization is created + assert Organization.objects.filter(name=settings.ORGANIZATION).exists() + if settings.SYNC_ORG_DEV == 'y': self.sync_credentials_organizations("pangea.org", "somconnexio.coop") self.sync_credentials_organizations("local 8000", "local 9000") @@ -44,17 +45,13 @@ class Command(BaseCommand): def create_admin_users(self, email, password): su = User.objects.create_superuser(email=email, password=password) - su.set_encrypted_sensitive_data() su.save() - self.create_defaults_dids(su) def create_users(self, email, password): u = User.objects.create(email=email, password=password) u.set_password(password) - u.set_encrypted_sensitive_data() u.save() - self.create_defaults_dids(u) def create_organizations(self, name, url): @@ -70,11 +67,6 @@ class Command(BaseCommand): org1.save() org2.save() - def create_defaults_dids(self, u): - did = DID(label="Default", user=u, type=DID.Types.WEB) - did.set_did() - did.save() - def create_schemas(self): schemas_files = os.listdir(settings.SCHEMAS_DIR) for x in schemas_files: diff --git a/idhub/models.py b/idhub/models.py index 2f563bf..6b9d0e4 100644 --- a/idhub/models.py +++ b/idhub/models.py @@ -16,6 +16,7 @@ from utils.idhub_ssikit import ( webdid_from_controller_key, verify_credential, ) +from oidc4vp.models import Organization from idhub_auth.models import User @@ -419,8 +420,8 @@ class Event(models.Model): class DID(models.Model): class Types(models.IntegerChoices): - KEY = 1, "Key" - WEB = 2, "Web" + WEB = 1, "Web" + KEY = 2, "Key" type = models.PositiveSmallIntegerField( _("Type"), choices=Types.choices, @@ -442,18 +443,23 @@ class DID(models.Model): # JSON-serialized DID document didweb_document = models.TextField() - def get_key_material(self): - return self.user.decrypt_data(self.key_material) - - def set_key_material(self, value): - self.key_material = self.user.encrypt_data(value) - @property def is_organization_did(self): if not self.user: return True return False + def get_key_material(self): + user = self.user or self.get_organization() + return user.decrypt_data(self.key_material) + + def set_key_material(self, value): + user = self.user or self.get_organization() + if not user.encrypted_sensitive_data: + user.set_encrypted_sensitive_data() + user.save() + self.key_material = user.encrypt_data(value) + def set_did(self): new_key_material = generate_did_controller_key() self.set_key_material(new_key_material) @@ -468,6 +474,9 @@ class DID(models.Model): def get_key(self): return json.loads(self.key_material) + def get_organization(self): + return Organization.objects.get(name=settings.ORGANIZATION) + class Schemas(models.Model): type = models.CharField(max_length=250) file_schema = models.CharField(max_length=250) diff --git a/idhub/templates/idhub/admin/user.html b/idhub/templates/idhub/admin/user.html index fbb04d1..65be22d 100644 --- a/idhub/templates/idhub/admin/user.html +++ b/idhub/templates/idhub/admin/user.html @@ -43,6 +43,15 @@ {{ object.email }} + {% if object.is_admin %} +