fix command initial datas

This commit is contained in:
Cayo Puigdefabregas 2024-01-04 19:17:18 +01:00
parent 87776751a4
commit 10c6d20a10
5 changed files with 26 additions and 19 deletions

View file

@ -7,6 +7,7 @@ from utils import credtools
from django.conf import settings
from django.core.management.base import BaseCommand, CommandError
from django.contrib.auth import get_user_model
from django.core.cache import cache
from decouple import config
from idhub.models import DID, Schemas
from oidc4vp.models import Organization
@ -43,6 +44,9 @@ class Command(BaseCommand):
su = User.objects.create_superuser(email=email, password=password)
su.set_encrypted_sensitive_data(password)
su.save()
key = su.decrypt_sensitive_data(password)
key_dids = {su.id: key}
cache.set("KEY_DIDS", key_dids, None)
def create_users(self, email, password):
@ -50,6 +54,10 @@ class Command(BaseCommand):
u.set_password(password)
u.set_encrypted_sensitive_data(password)
u.save()
key_dids = cache.get("KEY_DIDS", {})
key = u.decrypt_sensitive_data(password)
key_dids.update({u.id: key})
cache.set("KEY_DIDS", key_dids)
def create_organizations(self, name, url):

View file

@ -1,4 +1,4 @@
# Generated by Django 4.2.5 on 2024-01-04 16:59
# Generated by Django 4.2.5 on 2024-01-04 18:09
from django.conf import settings
from django.db import migrations, models
@ -28,7 +28,7 @@ class Migration(migrations.Migration):
('created_at', models.DateTimeField(auto_now=True)),
('label', models.CharField(max_length=50, verbose_name='Label')),
('did', models.CharField(max_length=250)),
('_key_material', models.BinaryField(max_length=250)),
('key_material', models.CharField(max_length=255)),
(
'user',
models.ForeignKey(

View file

@ -412,9 +412,7 @@ class DID(models.Model):
# In JWK format. Must be stored as-is and passed whole to library functions.
# Example key material:
# '{"kty":"OKP","crv":"Ed25519","x":"oB2cPGFx5FX4dtS1Rtep8ac6B__61HAP_RtSzJdPxqs","d":"OJw80T1CtcqV0hUcZdcI-vYNBN1dlubrLaJa0_se_gU"}'
# CHANGED: `key_material` to `_key_material`, datatype from CharField to BinaryField and the key is now stored encrypted.
key_material = None
_key_material = models.BinaryField(max_length=250)
key_material = models.CharField(max_length=255)
user = models.ForeignKey(
User,
on_delete=models.CASCADE,
@ -423,18 +421,16 @@ class DID(models.Model):
)
def get_key_material(self):
key_dids = cache.get("KEY_DIDS", {})
if not key_dids.get(user.id):
raise Exception("Ojo! Se intenta acceder a datos cifrados sin tener la clave.")
sb = secret.SecretBox(key_dids[user.id])
return sb.decrypt(self._key_material)
return self.user.decrypt_data(self.key_material)
def set_key_material(self, value):
key_dids = cache.get("KEY_DIDS", {})
if not key_dids.get(user.id):
raise Exception("Ojo! Se intenta acceder a datos cifrados sin tener la clave.")
sb = secret.SecretBox(key_dids[user.id])
self._key_material = sb.encrypt(value)
self.key_material = self.user.encrypt_data(value)
def get_data(self):
return self.user.decrypt_data(self.data)
def set_data(self, value):
self.data = self.user.encrypt_data(value)
@property
def is_organization_did(self):

View file

@ -1,4 +1,4 @@
# Generated by Django 4.2.5 on 2024-01-04 16:59
# Generated by Django 4.2.5 on 2024-01-04 18:09
from django.db import migrations, models

View file

@ -148,12 +148,13 @@ class User(AbstractBaseUser):
def encrypt_data(self, data):
sb = self.get_secret_box()
value = base64.b64encode(data.encode('utf-8'))
return sb.encrypt(data)
value_enc = sb.encrypt(data.encode('utf-8'))
return base64.b64encode(value_enc).decode('utf-8')
def decrypt_data(self, data):
sb = self.get_secret_box()
value = base64.b64decode(data.encode('utf-8'))
return sb.decrypt(data)
return sb.decrypt(value).decode('utf-8')
def get_secret_box(self):
key_dids = cache.get("KEY_DIDS", {})
@ -162,4 +163,6 @@ class User(AbstractBaseUser):
err += "data without having the key."
raise Exception(_(err))
return secret.SecretBox(key_dids[self.id])
pw = base64.b64decode(key_dids[self.id].encode('utf-8'))
sb_key = self.derive_key_from_password(pw)
return nacl.secret.SecretBox(sb_key)