make migrations and fix some things
This commit is contained in:
parent
bd84dbc3bb
commit
e910f3ceec
|
@ -31,12 +31,15 @@ class Command(BaseCommand):
|
|||
self.create_organizations(r[0].strip(), r[1].strip())
|
||||
|
||||
def create_admin_users(self, email, password):
|
||||
User.objects.create_superuser(email=email, password=password)
|
||||
su = User.objects.create_superuser(email=email, password=password)
|
||||
su.set_encrypted_sensitive_data(password)
|
||||
su.save()
|
||||
|
||||
|
||||
def create_users(self, email, password):
|
||||
u= User.objects.create(email=email, password=password)
|
||||
u = User.objects.create(email=email, password=password)
|
||||
u.set_password(password)
|
||||
u.set_encrypted_sensitive_data(password)
|
||||
u.save()
|
||||
|
||||
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
# Generated by Django 4.2.5 on 2023-11-15 09:58
|
||||
# Generated by Django 4.2.5 on 2024-01-04 15:12
|
||||
|
||||
from django.conf import settings
|
||||
from django.db import migrations, models
|
||||
|
@ -28,7 +28,7 @@ class Migration(migrations.Migration):
|
|||
('created_at', models.DateTimeField(auto_now=True)),
|
||||
('label', models.CharField(max_length=50)),
|
||||
('did', models.CharField(max_length=250)),
|
||||
('key_material', models.CharField(max_length=250)),
|
||||
('_key_material', models.BinaryField(max_length=250)),
|
||||
(
|
||||
'user',
|
||||
models.ForeignKey(
|
||||
|
@ -169,7 +169,7 @@ class Migration(migrations.Migration):
|
|||
('created_on', models.DateTimeField(auto_now=True)),
|
||||
('issued_on', models.DateTimeField(null=True)),
|
||||
('subject_did', models.CharField(max_length=250)),
|
||||
('data', models.TextField()),
|
||||
('_data', models.BinaryField()),
|
||||
('csv_data', models.TextField()),
|
||||
(
|
||||
'status',
|
||||
|
@ -274,36 +274,39 @@ class Migration(migrations.Migration):
|
|||
'type',
|
||||
models.PositiveSmallIntegerField(
|
||||
choices=[
|
||||
(1, 'EV_USR_REGISTERED'),
|
||||
(2, 'EV_USR_WELCOME'),
|
||||
(3, 'EV_DATA_UPDATE_REQUESTED_BY_USER'),
|
||||
(4, 'EV_DATA_UPDATE_REQUESTED'),
|
||||
(5, 'EV_USR_UPDATED_BY_ADMIN'),
|
||||
(6, 'EV_USR_UPDATED'),
|
||||
(7, 'EV_USR_DELETED_BY_ADMIN'),
|
||||
(8, 'EV_DID_CREATED_BY_USER'),
|
||||
(9, 'EV_DID_CREATED'),
|
||||
(10, 'EV_DID_DELETED'),
|
||||
(11, 'EV_CREDENTIAL_DELETED_BY_ADMIN'),
|
||||
(12, 'EV_CREDENTIAL_DELETED'),
|
||||
(13, 'EV_CREDENTIAL_ISSUED_FOR_USER'),
|
||||
(14, 'EV_CREDENTIAL_ISSUED'),
|
||||
(15, 'EV_CREDENTIAL_PRESENTED_BY_USER'),
|
||||
(16, 'EV_CREDENTIAL_PRESENTED'),
|
||||
(17, 'EV_CREDENTIAL_ENABLED'),
|
||||
(18, 'EV_CREDENTIAL_CAN_BE_REQUESTED'),
|
||||
(19, 'EV_CREDENTIAL_REVOKED_BY_ADMIN'),
|
||||
(20, 'EV_CREDENTIAL_REVOKED'),
|
||||
(21, 'EV_ROLE_CREATED_BY_ADMIN'),
|
||||
(22, 'EV_ROLE_MODIFIED_BY_ADMIN'),
|
||||
(23, 'EV_ROLE_DELETED_BY_ADMIN'),
|
||||
(24, 'EV_SERVICE_CREATED_BY_ADMIN'),
|
||||
(25, 'EV_SERVICE_MODIFIED_BY_ADMIN'),
|
||||
(26, 'EV_SERVICE_DELETED_BY_ADMIN'),
|
||||
(27, 'EV_ORG_DID_CREATED_BY_ADMIN'),
|
||||
(28, 'EV_ORG_DID_DELETED_BY_ADMIN'),
|
||||
(29, 'EV_USR_DEACTIVATED_BY_ADMIN'),
|
||||
(30, 'EV_USR_ACTIVATED_BY_ADMIN'),
|
||||
(1, 'User registered'),
|
||||
(2, 'User welcomed'),
|
||||
(3, 'Data update requested by user'),
|
||||
(
|
||||
4,
|
||||
'Data update requested. Pending approval by administrator',
|
||||
),
|
||||
(5, "User's data updated by admin"),
|
||||
(6, 'Your data updated by admin'),
|
||||
(7, 'User deactivated by admin'),
|
||||
(8, 'DID created by user'),
|
||||
(9, 'DID created'),
|
||||
(10, 'DID deleted'),
|
||||
(11, 'Credential deleted by user'),
|
||||
(12, 'Credential deleted'),
|
||||
(13, 'Credential issued for user'),
|
||||
(14, 'Credential issued'),
|
||||
(15, 'Credential presented by user'),
|
||||
(16, 'Credential presented'),
|
||||
(17, 'Credential enabled'),
|
||||
(18, 'Credential available'),
|
||||
(19, 'Credential revoked by admin'),
|
||||
(20, 'Credential revoked'),
|
||||
(21, 'Role created by admin'),
|
||||
(22, 'Role modified by admin'),
|
||||
(23, 'Role deleted by admin'),
|
||||
(24, 'Service created by admin'),
|
||||
(25, 'Service modified by admin'),
|
||||
(26, 'Service deleted by admin'),
|
||||
(27, 'Organisational DID created by admin'),
|
||||
(28, 'Organisational DID deleted by admin'),
|
||||
(29, 'User deactivated'),
|
||||
(30, 'User activated'),
|
||||
]
|
||||
),
|
||||
),
|
||||
|
|
|
@ -2,7 +2,7 @@ import re
|
|||
|
||||
from django import forms
|
||||
from django.utils.translation import gettext_lazy as _
|
||||
from idhub_auth.models import User, gen_salt
|
||||
from idhub_auth.models import User
|
||||
|
||||
|
||||
class ProfileForm(forms.ModelForm):
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
# Generated by Django 4.2.5 on 2023-11-15 09:58
|
||||
# Generated by Django 4.2.5 on 2024-01-04 15:12
|
||||
|
||||
from django.db import migrations, models
|
||||
|
||||
|
@ -38,6 +38,8 @@ class Migration(migrations.Migration):
|
|||
('is_admin', models.BooleanField(default=False)),
|
||||
('first_name', models.CharField(blank=True, max_length=255, null=True)),
|
||||
('last_name', models.CharField(blank=True, max_length=255, null=True)),
|
||||
('encrypted_sensitive_data', models.CharField(max_length=255)),
|
||||
('salt', models.CharField(max_length=255)),
|
||||
],
|
||||
options={
|
||||
'abstract': False,
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
import nacl
|
||||
import base64
|
||||
|
||||
from nacl import pwhash
|
||||
from django.db import models
|
||||
from django.core.cache import cache
|
||||
from django.contrib.auth.models import BaseUserManager, AbstractBaseUser
|
||||
|
@ -93,9 +94,9 @@ class User(AbstractBaseUser):
|
|||
return ", ".join(set(roles))
|
||||
|
||||
def derive_key_from_password(self, password):
|
||||
kdf = nacl.pwhash.argon2i.kdf
|
||||
ops = nacl.pwhash.argon2i.OPSLIMIT_INTERACTIVE
|
||||
mem = nacl.pwhash.argon2i.MEMLIMIT_INTERACTIVE
|
||||
kdf = pwhash.argon2i.kdf
|
||||
ops = pwhash.argon2i.OPSLIMIT_INTERACTIVE
|
||||
mem = pwhash.argon2i.MEMLIMIT_INTERACTIVE
|
||||
return kdf(
|
||||
nacl.secret.SecretBox.KEY_SIZE,
|
||||
password,
|
||||
|
@ -120,7 +121,7 @@ class User(AbstractBaseUser):
|
|||
if not isinstance(data, bytes):
|
||||
data = data.encode('utf-8')
|
||||
|
||||
return sb.encrypt(data).decode('utf-8')
|
||||
return base64.b64encode(sb.encrypt(data)).decode('utf-8')
|
||||
|
||||
def get_salt(self):
|
||||
return base64.b64decode(self.salt.encode('utf-8'))
|
||||
|
@ -135,12 +136,12 @@ class User(AbstractBaseUser):
|
|||
key = base64.b64encode(nacl.utils.random(64))
|
||||
key_dids = cache.get("KEY_DIDS", {})
|
||||
|
||||
if key_dids.get(user.id):
|
||||
key = key_dids[user.id]
|
||||
if key_dids.get(self.id):
|
||||
key = key_dids[self.id]
|
||||
else:
|
||||
self.set_salt()
|
||||
|
||||
key_crypted = self.encrypt_sensitive_data(password, key)
|
||||
self.encrypted_sensitive_data = base64.b64encode(key_crypted).decode('utf-8')
|
||||
self.encrypted_sensitive_data = key_crypted
|
||||
|
||||
|
||||
|
|
Loading…
Reference in a new issue