fix command initial datas

2024-01-04 19:17:18 +01:00 · 2024-01-04 19:17:18 +01:00 · 10c6d20a10
parent 87776751a4
commit 10c6d20a10
5 changed files with 26 additions and 19 deletions
--- a/idhub/management/commands/initial_datas.py
+++ b/idhub/management/commands/initial_datas.py
@ -7,6 +7,7 @@ from utils import credtools
 from django.conf import settings
 from django.core.management.base import BaseCommand, CommandError
 from django.contrib.auth import get_user_model
+from django.core.cache import cache
 from decouple import config
 from idhub.models import DID, Schemas
 from oidc4vp.models import Organization
@ -43,6 +44,9 @@ class Command(BaseCommand):
        su = User.objects.create_superuser(email=email, password=password)
        su.set_encrypted_sensitive_data(password)
        su.save()
+        key = su.decrypt_sensitive_data(password)
+        key_dids = {su.id: key}
+        cache.set("KEY_DIDS", key_dids, None)


    def create_users(self, email, password):
@ -50,6 +54,10 @@ class Command(BaseCommand):
        u.set_password(password)
        u.set_encrypted_sensitive_data(password)
        u.save()
+        key_dids = cache.get("KEY_DIDS", {})
+        key = u.decrypt_sensitive_data(password)
+        key_dids.update({u.id: key})
+        cache.set("KEY_DIDS", key_dids)


    def create_organizations(self, name, url):
--- a/idhub/migrations/0001_initial.py
+++ b/idhub/migrations/0001_initial.py
@ -1,4 +1,4 @@
-# Generated by Django 4.2.5 on 2024-01-04 16:59
+# Generated by Django 4.2.5 on 2024-01-04 18:09

 from django.conf import settings
 from django.db import migrations, models
@ -28,7 +28,7 @@ class Migration(migrations.Migration):
                ('created_at', models.DateTimeField(auto_now=True)),
                ('label', models.CharField(max_length=50, verbose_name='Label')),
                ('did', models.CharField(max_length=250)),
-                ('_key_material', models.BinaryField(max_length=250)),
+                ('key_material', models.CharField(max_length=255)),
                (
                    'user',
                    models.ForeignKey(
--- a/idhub/models.py
+++ b/idhub/models.py
@ -412,9 +412,7 @@ class DID(models.Model):
    # In JWK format. Must be stored as-is and passed whole to library functions.
    # Example key material:
    # '{"kty":"OKP","crv":"Ed25519","x":"oB2cPGFx5FX4dtS1Rtep8ac6B__61HAP_RtSzJdPxqs","d":"OJw80T1CtcqV0hUcZdcI-vYNBN1dlubrLaJa0_se_gU"}'
-    # CHANGED: `key_material` to `_key_material`, datatype from CharField to BinaryField and the key is now stored encrypted.
-    key_material = None
-    _key_material = models.BinaryField(max_length=250)
+    key_material = models.CharField(max_length=255)
    user = models.ForeignKey(
        User,
        on_delete=models.CASCADE,
@ -423,18 +421,16 @@ class DID(models.Model):
    )

    def get_key_material(self):
-        key_dids = cache.get("KEY_DIDS", {})
-        if not key_dids.get(user.id):
-            raise Exception("Ojo! Se intenta acceder a datos cifrados sin tener la clave.")
-        sb = secret.SecretBox(key_dids[user.id])
-        return sb.decrypt(self._key_material)
+        return self.user.decrypt_data(self.key_material)

    def set_key_material(self, value):
-        key_dids = cache.get("KEY_DIDS", {})
-        if not key_dids.get(user.id):
-            raise Exception("Ojo! Se intenta acceder a datos cifrados sin tener la clave.")
-        sb = secret.SecretBox(key_dids[user.id])
-        self._key_material = sb.encrypt(value)
+        self.key_material = self.user.encrypt_data(value)
+        
+    def get_data(self):
+        return self.user.decrypt_data(self.data)
+
+    def set_data(self, value):
+        self.data = self.user.encrypt_data(value)

    @property
    def is_organization_did(self):
--- a/idhub_auth/migrations/0001_initial.py
+++ b/idhub_auth/migrations/0001_initial.py
@ -1,4 +1,4 @@
-# Generated by Django 4.2.5 on 2024-01-04 16:59
+# Generated by Django 4.2.5 on 2024-01-04 18:09

 from django.db import migrations, models

--- a/idhub_auth/models.py
+++ b/idhub_auth/models.py
@ -148,12 +148,13 @@ class User(AbstractBaseUser):
    def encrypt_data(self, data):
        sb = self.get_secret_box()
        value = base64.b64encode(data.encode('utf-8'))
-        return sb.encrypt(data)
+        value_enc = sb.encrypt(data.encode('utf-8'))
+        return base64.b64encode(value_enc).decode('utf-8')

    def decrypt_data(self, data):
        sb = self.get_secret_box()
        value = base64.b64decode(data.encode('utf-8'))
-        return sb.decrypt(data)
+        return sb.decrypt(value).decode('utf-8')

    def get_secret_box(self):
        key_dids = cache.get("KEY_DIDS", {})
@ -162,4 +163,6 @@ class User(AbstractBaseUser):
            err += "data without having the key."
            raise Exception(_(err))

-        return secret.SecretBox(key_dids[self.id])
+        pw = base64.b64decode(key_dids[self.id].encode('utf-8'))
+        sb_key = self.derive_key_from_password(pw)
+        return nacl.secret.SecretBox(sb_key)