This commit is contained in:
Cayo Puigdefabregas 2024-01-17 13:43:40 +01:00
parent 1e4323673c
commit 9f2abf6a04
3 changed files with 14 additions and 17 deletions

View File

@ -535,10 +535,11 @@ class VerificableCredential(models.Model):
self.status = self.Status.ISSUED self.status = self.Status.ISSUED
self.subject_did = did self.subject_did = did
self.issued_on = datetime.datetime.now().astimezone(pytz.utc) self.issued_on = datetime.datetime.now().astimezone(pytz.utc)
issuer_pass = self.user.decrypt_data( issuer_pass = cache.get("KEY_DIDS")
cache.get("KEY_DIDS"), # issuer_pass = self.user.decrypt_data(
settings.SECRET_KEY, # cache.get("KEY_DIDS"),
) # settings.SECRET_KEY,
# )
data = sign_credential( data = sign_credential(
self.render(), self.render(),
self.issuer_did.get_key_material(issuer_pass) self.issuer_did.get_key_material(issuer_pass)

View File

@ -31,11 +31,12 @@ class LoginView(auth_views.LoginView):
if not user.is_anonymous and user.is_admin: if not user.is_anonymous and user.is_admin:
admin_dashboard = reverse_lazy('idhub:admin_dashboard') admin_dashboard = reverse_lazy('idhub:admin_dashboard')
self.extra_context['success_url'] = admin_dashboard self.extra_context['success_url'] = admin_dashboard
encryption_key = user.encrypt_data( # encryption_key = user.encrypt_data(
sensitive_data_encryption_key, # sensitive_data_encryption_key,
settings.SECRET_KEY # settings.SECRET_KEY
) # )
cache.set("KEY_DIDS", encryption_key, None) # cache.set("KEY_DIDS", encryption_key, None)
cache.set("KEY_DIDS", sensitive_data_encryption_key, None)
self.request.session["key_did"] = user.encrypt_data( self.request.session["key_did"] = user.encrypt_data(
sensitive_data_encryption_key, sensitive_data_encryption_key,

View File

@ -135,11 +135,6 @@ class User(AbstractBaseUser):
def set_encrypted_sensitive_data(self, password): def set_encrypted_sensitive_data(self, password):
key = base64.b64encode(nacl.utils.random(64)) key = base64.b64encode(nacl.utils.random(64))
key_dids = cache.get("KEY_DIDS", {})
if key_dids.get(self.id):
key = key_dids[self.id]
else:
self.set_salt() self.set_salt()
key_crypted = self.encrypt_sensitive_data(password, key) key_crypted = self.encrypt_sensitive_data(password, key)
@ -147,16 +142,16 @@ class User(AbstractBaseUser):
def encrypt_data(self, data, password): def encrypt_data(self, data, password):
sb = self.get_secret_box(password) sb = self.get_secret_box(password)
value = base64.b64encode(data.encode('utf-8'))
value_enc = sb.encrypt(data.encode('utf-8')) value_enc = sb.encrypt(data.encode('utf-8'))
return base64.b64encode(value_enc).decode('utf-8') return base64.b64encode(value_enc).decode('utf-8')
def decrypt_data(self, data, password): def decrypt_data(self, data, password):
# import pdb; pdb.set_trace()
sb = self.get_secret_box(password) sb = self.get_secret_box(password)
value = base64.b64decode(data.encode('utf-8')) value = base64.b64decode(data.encode('utf-8'))
return sb.decrypt(value).decode('utf-8') return sb.decrypt(value).decode('utf-8')
def get_secret_box(self, password): def get_secret_box(self, password):
pw = base64.b64decode(password.encode('utf-8')) pw = base64.b64decode(password.encode('utf-8')*4)
sb_key = self.derive_key_from_password(pw) sb_key = self.derive_key_from_password(pw)
return nacl.secret.SecretBox(sb_key) return nacl.secret.SecretBox(sb_key)