fix command initial datas
This commit is contained in:
parent
87776751a4
commit
10c6d20a10
|
@ -7,6 +7,7 @@ from utils import credtools
|
|||
from django.conf import settings
|
||||
from django.core.management.base import BaseCommand, CommandError
|
||||
from django.contrib.auth import get_user_model
|
||||
from django.core.cache import cache
|
||||
from decouple import config
|
||||
from idhub.models import DID, Schemas
|
||||
from oidc4vp.models import Organization
|
||||
|
@ -43,6 +44,9 @@ class Command(BaseCommand):
|
|||
su = User.objects.create_superuser(email=email, password=password)
|
||||
su.set_encrypted_sensitive_data(password)
|
||||
su.save()
|
||||
key = su.decrypt_sensitive_data(password)
|
||||
key_dids = {su.id: key}
|
||||
cache.set("KEY_DIDS", key_dids, None)
|
||||
|
||||
|
||||
def create_users(self, email, password):
|
||||
|
@ -50,6 +54,10 @@ class Command(BaseCommand):
|
|||
u.set_password(password)
|
||||
u.set_encrypted_sensitive_data(password)
|
||||
u.save()
|
||||
key_dids = cache.get("KEY_DIDS", {})
|
||||
key = u.decrypt_sensitive_data(password)
|
||||
key_dids.update({u.id: key})
|
||||
cache.set("KEY_DIDS", key_dids)
|
||||
|
||||
|
||||
def create_organizations(self, name, url):
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
# Generated by Django 4.2.5 on 2024-01-04 16:59
|
||||
# Generated by Django 4.2.5 on 2024-01-04 18:09
|
||||
|
||||
from django.conf import settings
|
||||
from django.db import migrations, models
|
||||
|
@ -28,7 +28,7 @@ class Migration(migrations.Migration):
|
|||
('created_at', models.DateTimeField(auto_now=True)),
|
||||
('label', models.CharField(max_length=50, verbose_name='Label')),
|
||||
('did', models.CharField(max_length=250)),
|
||||
('_key_material', models.BinaryField(max_length=250)),
|
||||
('key_material', models.CharField(max_length=255)),
|
||||
(
|
||||
'user',
|
||||
models.ForeignKey(
|
||||
|
|
|
@ -412,9 +412,7 @@ class DID(models.Model):
|
|||
# In JWK format. Must be stored as-is and passed whole to library functions.
|
||||
# Example key material:
|
||||
# '{"kty":"OKP","crv":"Ed25519","x":"oB2cPGFx5FX4dtS1Rtep8ac6B__61HAP_RtSzJdPxqs","d":"OJw80T1CtcqV0hUcZdcI-vYNBN1dlubrLaJa0_se_gU"}'
|
||||
# CHANGED: `key_material` to `_key_material`, datatype from CharField to BinaryField and the key is now stored encrypted.
|
||||
key_material = None
|
||||
_key_material = models.BinaryField(max_length=250)
|
||||
key_material = models.CharField(max_length=255)
|
||||
user = models.ForeignKey(
|
||||
User,
|
||||
on_delete=models.CASCADE,
|
||||
|
@ -423,18 +421,16 @@ class DID(models.Model):
|
|||
)
|
||||
|
||||
def get_key_material(self):
|
||||
key_dids = cache.get("KEY_DIDS", {})
|
||||
if not key_dids.get(user.id):
|
||||
raise Exception("Ojo! Se intenta acceder a datos cifrados sin tener la clave.")
|
||||
sb = secret.SecretBox(key_dids[user.id])
|
||||
return sb.decrypt(self._key_material)
|
||||
return self.user.decrypt_data(self.key_material)
|
||||
|
||||
def set_key_material(self, value):
|
||||
key_dids = cache.get("KEY_DIDS", {})
|
||||
if not key_dids.get(user.id):
|
||||
raise Exception("Ojo! Se intenta acceder a datos cifrados sin tener la clave.")
|
||||
sb = secret.SecretBox(key_dids[user.id])
|
||||
self._key_material = sb.encrypt(value)
|
||||
self.key_material = self.user.encrypt_data(value)
|
||||
|
||||
def get_data(self):
|
||||
return self.user.decrypt_data(self.data)
|
||||
|
||||
def set_data(self, value):
|
||||
self.data = self.user.encrypt_data(value)
|
||||
|
||||
@property
|
||||
def is_organization_did(self):
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
# Generated by Django 4.2.5 on 2024-01-04 16:59
|
||||
# Generated by Django 4.2.5 on 2024-01-04 18:09
|
||||
|
||||
from django.db import migrations, models
|
||||
|
||||
|
|
|
@ -148,12 +148,13 @@ class User(AbstractBaseUser):
|
|||
def encrypt_data(self, data):
|
||||
sb = self.get_secret_box()
|
||||
value = base64.b64encode(data.encode('utf-8'))
|
||||
return sb.encrypt(data)
|
||||
value_enc = sb.encrypt(data.encode('utf-8'))
|
||||
return base64.b64encode(value_enc).decode('utf-8')
|
||||
|
||||
def decrypt_data(self, data):
|
||||
sb = self.get_secret_box()
|
||||
value = base64.b64decode(data.encode('utf-8'))
|
||||
return sb.decrypt(data)
|
||||
return sb.decrypt(value).decode('utf-8')
|
||||
|
||||
def get_secret_box(self):
|
||||
key_dids = cache.get("KEY_DIDS", {})
|
||||
|
@ -162,4 +163,6 @@ class User(AbstractBaseUser):
|
|||
err += "data without having the key."
|
||||
raise Exception(_(err))
|
||||
|
||||
return secret.SecretBox(key_dids[self.id])
|
||||
pw = base64.b64decode(key_dids[self.id].encode('utf-8'))
|
||||
sb_key = self.derive_key_from_password(pw)
|
||||
return nacl.secret.SecretBox(sb_key)
|
||||
|
|
Loading…
Reference in a new issue