From 9f2abf6a04ae3a9dfd58cb193e0e758a66ef83eb Mon Sep 17 00:00:00 2001 From: Cayo Puigdefabregas Date: Wed, 17 Jan 2024 13:43:40 +0100 Subject: [PATCH] fix --- idhub/models.py | 9 +++++---- idhub/views.py | 11 ++++++----- idhub_auth/models.py | 11 +++-------- 3 files changed, 14 insertions(+), 17 deletions(-) diff --git a/idhub/models.py b/idhub/models.py index 128071b..0e3fe32 100644 --- a/idhub/models.py +++ b/idhub/models.py @@ -535,10 +535,11 @@ class VerificableCredential(models.Model): self.status = self.Status.ISSUED self.subject_did = did self.issued_on = datetime.datetime.now().astimezone(pytz.utc) - issuer_pass = self.user.decrypt_data( - cache.get("KEY_DIDS"), - settings.SECRET_KEY, - ) + issuer_pass = cache.get("KEY_DIDS") + # issuer_pass = self.user.decrypt_data( + # cache.get("KEY_DIDS"), + # settings.SECRET_KEY, + # ) data = sign_credential( self.render(), self.issuer_did.get_key_material(issuer_pass) diff --git a/idhub/views.py b/idhub/views.py index 3d64501..f544adb 100644 --- a/idhub/views.py +++ b/idhub/views.py @@ -31,11 +31,12 @@ class LoginView(auth_views.LoginView): if not user.is_anonymous and user.is_admin: admin_dashboard = reverse_lazy('idhub:admin_dashboard') self.extra_context['success_url'] = admin_dashboard - encryption_key = user.encrypt_data( - sensitive_data_encryption_key, - settings.SECRET_KEY - ) - cache.set("KEY_DIDS", encryption_key, None) + # encryption_key = user.encrypt_data( + # sensitive_data_encryption_key, + # settings.SECRET_KEY + # ) + # cache.set("KEY_DIDS", encryption_key, None) + cache.set("KEY_DIDS", sensitive_data_encryption_key, None) self.request.session["key_did"] = user.encrypt_data( sensitive_data_encryption_key, diff --git a/idhub_auth/models.py b/idhub_auth/models.py index 189b421..38224b2 100644 --- a/idhub_auth/models.py +++ b/idhub_auth/models.py @@ -135,28 +135,23 @@ class User(AbstractBaseUser): def set_encrypted_sensitive_data(self, password): key = base64.b64encode(nacl.utils.random(64)) - key_dids = cache.get("KEY_DIDS", {}) - - if key_dids.get(self.id): - key = key_dids[self.id] - else: - self.set_salt() + self.set_salt() key_crypted = self.encrypt_sensitive_data(password, key) self.encrypted_sensitive_data = key_crypted def encrypt_data(self, data, password): sb = self.get_secret_box(password) - value = base64.b64encode(data.encode('utf-8')) value_enc = sb.encrypt(data.encode('utf-8')) return base64.b64encode(value_enc).decode('utf-8') def decrypt_data(self, data, password): + # import pdb; pdb.set_trace() sb = self.get_secret_box(password) value = base64.b64decode(data.encode('utf-8')) return sb.decrypt(value).decode('utf-8') def get_secret_box(self, password): - pw = base64.b64decode(password.encode('utf-8')) + pw = base64.b64decode(password.encode('utf-8')*4) sb_key = self.derive_key_from_password(pw) return nacl.secret.SecretBox(sb_key)