From 10c6d20a10397f9f51a8adf17044de11c2991875 Mon Sep 17 00:00:00 2001 From: Cayo Puigdefabregas Date: Thu, 4 Jan 2024 19:17:18 +0100 Subject: [PATCH] fix command initial datas --- idhub/management/commands/initial_datas.py | 8 ++++++++ idhub/migrations/0001_initial.py | 4 ++-- idhub/models.py | 22 +++++++++------------- idhub_auth/migrations/0001_initial.py | 2 +- idhub_auth/models.py | 9 ++++++--- 5 files changed, 26 insertions(+), 19 deletions(-) diff --git a/idhub/management/commands/initial_datas.py b/idhub/management/commands/initial_datas.py index 62c048a..8481a81 100644 --- a/idhub/management/commands/initial_datas.py +++ b/idhub/management/commands/initial_datas.py @@ -7,6 +7,7 @@ from utils import credtools from django.conf import settings from django.core.management.base import BaseCommand, CommandError from django.contrib.auth import get_user_model +from django.core.cache import cache from decouple import config from idhub.models import DID, Schemas from oidc4vp.models import Organization @@ -43,6 +44,9 @@ class Command(BaseCommand): su = User.objects.create_superuser(email=email, password=password) su.set_encrypted_sensitive_data(password) su.save() + key = su.decrypt_sensitive_data(password) + key_dids = {su.id: key} + cache.set("KEY_DIDS", key_dids, None) def create_users(self, email, password): @@ -50,6 +54,10 @@ class Command(BaseCommand): u.set_password(password) u.set_encrypted_sensitive_data(password) u.save() + key_dids = cache.get("KEY_DIDS", {}) + key = u.decrypt_sensitive_data(password) + key_dids.update({u.id: key}) + cache.set("KEY_DIDS", key_dids) def create_organizations(self, name, url): diff --git a/idhub/migrations/0001_initial.py b/idhub/migrations/0001_initial.py index 751af85..05fdbf4 100644 --- a/idhub/migrations/0001_initial.py +++ b/idhub/migrations/0001_initial.py @@ -1,4 +1,4 @@ -# Generated by Django 4.2.5 on 2024-01-04 16:59 +# Generated by Django 4.2.5 on 2024-01-04 18:09 from django.conf import settings from django.db import migrations, models @@ -28,7 +28,7 @@ class Migration(migrations.Migration): ('created_at', models.DateTimeField(auto_now=True)), ('label', models.CharField(max_length=50, verbose_name='Label')), ('did', models.CharField(max_length=250)), - ('_key_material', models.BinaryField(max_length=250)), + ('key_material', models.CharField(max_length=255)), ( 'user', models.ForeignKey( diff --git a/idhub/models.py b/idhub/models.py index 30ad551..116f46c 100644 --- a/idhub/models.py +++ b/idhub/models.py @@ -412,9 +412,7 @@ class DID(models.Model): # In JWK format. Must be stored as-is and passed whole to library functions. # Example key material: # '{"kty":"OKP","crv":"Ed25519","x":"oB2cPGFx5FX4dtS1Rtep8ac6B__61HAP_RtSzJdPxqs","d":"OJw80T1CtcqV0hUcZdcI-vYNBN1dlubrLaJa0_se_gU"}' - # CHANGED: `key_material` to `_key_material`, datatype from CharField to BinaryField and the key is now stored encrypted. - key_material = None - _key_material = models.BinaryField(max_length=250) + key_material = models.CharField(max_length=255) user = models.ForeignKey( User, on_delete=models.CASCADE, @@ -423,18 +421,16 @@ class DID(models.Model): ) def get_key_material(self): - key_dids = cache.get("KEY_DIDS", {}) - if not key_dids.get(user.id): - raise Exception("Ojo! Se intenta acceder a datos cifrados sin tener la clave.") - sb = secret.SecretBox(key_dids[user.id]) - return sb.decrypt(self._key_material) + return self.user.decrypt_data(self.key_material) def set_key_material(self, value): - key_dids = cache.get("KEY_DIDS", {}) - if not key_dids.get(user.id): - raise Exception("Ojo! Se intenta acceder a datos cifrados sin tener la clave.") - sb = secret.SecretBox(key_dids[user.id]) - self._key_material = sb.encrypt(value) + self.key_material = self.user.encrypt_data(value) + + def get_data(self): + return self.user.decrypt_data(self.data) + + def set_data(self, value): + self.data = self.user.encrypt_data(value) @property def is_organization_did(self): diff --git a/idhub_auth/migrations/0001_initial.py b/idhub_auth/migrations/0001_initial.py index 8ea6578..ee16760 100644 --- a/idhub_auth/migrations/0001_initial.py +++ b/idhub_auth/migrations/0001_initial.py @@ -1,4 +1,4 @@ -# Generated by Django 4.2.5 on 2024-01-04 16:59 +# Generated by Django 4.2.5 on 2024-01-04 18:09 from django.db import migrations, models diff --git a/idhub_auth/models.py b/idhub_auth/models.py index aed2199..86da431 100644 --- a/idhub_auth/models.py +++ b/idhub_auth/models.py @@ -148,12 +148,13 @@ class User(AbstractBaseUser): def encrypt_data(self, data): sb = self.get_secret_box() value = base64.b64encode(data.encode('utf-8')) - return sb.encrypt(data) + value_enc = sb.encrypt(data.encode('utf-8')) + return base64.b64encode(value_enc).decode('utf-8') def decrypt_data(self, data): sb = self.get_secret_box() value = base64.b64decode(data.encode('utf-8')) - return sb.decrypt(data) + return sb.decrypt(value).decode('utf-8') def get_secret_box(self): key_dids = cache.get("KEY_DIDS", {}) @@ -162,4 +163,6 @@ class User(AbstractBaseUser): err += "data without having the key." raise Exception(_(err)) - return secret.SecretBox(key_dids[self.id]) + pw = base64.b64decode(key_dids[self.id].encode('utf-8')) + sb_key = self.derive_key_from_password(pw) + return nacl.secret.SecretBox(sb_key)