encrypt admin dids with secret_key

2024-01-17 12:40:54 +01:00 · 2024-01-17 12:40:54 +01:00 · 1e4323673c
parent 7a9017563a
commit 1e4323673c
2 changed files with 10 additions and 2 deletions
--- a/idhub/models.py
+++ b/idhub/models.py
@ -535,7 +535,10 @@ class VerificableCredential(models.Model):
        self.status = self.Status.ISSUED
        self.subject_did = did
        self.issued_on = datetime.datetime.now().astimezone(pytz.utc)
-        issuer_pass = cache.get("KEY_DIDS")
+        issuer_pass = self.user.decrypt_data(
+            cache.get("KEY_DIDS"),
+            settings.SECRET_KEY,
+        )
        data = sign_credential(
            self.render(),
            self.issuer_did.get_key_material(issuer_pass)
--- a/idhub/views.py
+++ b/idhub/views.py
@ -1,4 +1,5 @@
 from django.urls import reverse_lazy
+from django.conf import settings
 from django.core.cache import cache
 from django.utils.translation import gettext_lazy as _
 from django.contrib.auth import views as auth_views
@ -30,7 +31,11 @@ class LoginView(auth_views.LoginView):
        if not user.is_anonymous and user.is_admin:
            admin_dashboard = reverse_lazy('idhub:admin_dashboard')
            self.extra_context['success_url'] = admin_dashboard
-            cache.set("KEY_DIDS", sensitive_data_encryption_key, None)
+            encryption_key = user.encrypt_data(
+                sensitive_data_encryption_key,
+                settings.SECRET_KEY
+            )
+            cache.set("KEY_DIDS", encryption_key, None)

        self.request.session["key_did"] = user.encrypt_data(
            sensitive_data_encryption_key,