diff --git a/idhub/management/commands/initial_datas.py b/idhub/management/commands/initial_datas.py index acdf6c7..fd644e9 100644 --- a/idhub/management/commands/initial_datas.py +++ b/idhub/management/commands/initial_datas.py @@ -31,12 +31,15 @@ class Command(BaseCommand): self.create_organizations(r[0].strip(), r[1].strip()) def create_admin_users(self, email, password): - User.objects.create_superuser(email=email, password=password) + su = User.objects.create_superuser(email=email, password=password) + su.set_encrypted_sensitive_data(password) + su.save() def create_users(self, email, password): - u= User.objects.create(email=email, password=password) + u = User.objects.create(email=email, password=password) u.set_password(password) + u.set_encrypted_sensitive_data(password) u.save() diff --git a/idhub/migrations/0001_initial.py b/idhub/migrations/0001_initial.py index b4d6ac7..5bd4f31 100644 --- a/idhub/migrations/0001_initial.py +++ b/idhub/migrations/0001_initial.py @@ -1,4 +1,4 @@ -# Generated by Django 4.2.5 on 2023-11-15 09:58 +# Generated by Django 4.2.5 on 2024-01-04 15:12 from django.conf import settings from django.db import migrations, models @@ -28,7 +28,7 @@ class Migration(migrations.Migration): ('created_at', models.DateTimeField(auto_now=True)), ('label', models.CharField(max_length=50)), ('did', models.CharField(max_length=250)), - ('key_material', models.CharField(max_length=250)), + ('_key_material', models.BinaryField(max_length=250)), ( 'user', models.ForeignKey( @@ -169,7 +169,7 @@ class Migration(migrations.Migration): ('created_on', models.DateTimeField(auto_now=True)), ('issued_on', models.DateTimeField(null=True)), ('subject_did', models.CharField(max_length=250)), - ('data', models.TextField()), + ('_data', models.BinaryField()), ('csv_data', models.TextField()), ( 'status', @@ -274,36 +274,39 @@ class Migration(migrations.Migration): 'type', models.PositiveSmallIntegerField( choices=[ - (1, 'EV_USR_REGISTERED'), - (2, 'EV_USR_WELCOME'), - (3, 'EV_DATA_UPDATE_REQUESTED_BY_USER'), - (4, 'EV_DATA_UPDATE_REQUESTED'), - (5, 'EV_USR_UPDATED_BY_ADMIN'), - (6, 'EV_USR_UPDATED'), - (7, 'EV_USR_DELETED_BY_ADMIN'), - (8, 'EV_DID_CREATED_BY_USER'), - (9, 'EV_DID_CREATED'), - (10, 'EV_DID_DELETED'), - (11, 'EV_CREDENTIAL_DELETED_BY_ADMIN'), - (12, 'EV_CREDENTIAL_DELETED'), - (13, 'EV_CREDENTIAL_ISSUED_FOR_USER'), - (14, 'EV_CREDENTIAL_ISSUED'), - (15, 'EV_CREDENTIAL_PRESENTED_BY_USER'), - (16, 'EV_CREDENTIAL_PRESENTED'), - (17, 'EV_CREDENTIAL_ENABLED'), - (18, 'EV_CREDENTIAL_CAN_BE_REQUESTED'), - (19, 'EV_CREDENTIAL_REVOKED_BY_ADMIN'), - (20, 'EV_CREDENTIAL_REVOKED'), - (21, 'EV_ROLE_CREATED_BY_ADMIN'), - (22, 'EV_ROLE_MODIFIED_BY_ADMIN'), - (23, 'EV_ROLE_DELETED_BY_ADMIN'), - (24, 'EV_SERVICE_CREATED_BY_ADMIN'), - (25, 'EV_SERVICE_MODIFIED_BY_ADMIN'), - (26, 'EV_SERVICE_DELETED_BY_ADMIN'), - (27, 'EV_ORG_DID_CREATED_BY_ADMIN'), - (28, 'EV_ORG_DID_DELETED_BY_ADMIN'), - (29, 'EV_USR_DEACTIVATED_BY_ADMIN'), - (30, 'EV_USR_ACTIVATED_BY_ADMIN'), + (1, 'User registered'), + (2, 'User welcomed'), + (3, 'Data update requested by user'), + ( + 4, + 'Data update requested. Pending approval by administrator', + ), + (5, "User's data updated by admin"), + (6, 'Your data updated by admin'), + (7, 'User deactivated by admin'), + (8, 'DID created by user'), + (9, 'DID created'), + (10, 'DID deleted'), + (11, 'Credential deleted by user'), + (12, 'Credential deleted'), + (13, 'Credential issued for user'), + (14, 'Credential issued'), + (15, 'Credential presented by user'), + (16, 'Credential presented'), + (17, 'Credential enabled'), + (18, 'Credential available'), + (19, 'Credential revoked by admin'), + (20, 'Credential revoked'), + (21, 'Role created by admin'), + (22, 'Role modified by admin'), + (23, 'Role deleted by admin'), + (24, 'Service created by admin'), + (25, 'Service modified by admin'), + (26, 'Service deleted by admin'), + (27, 'Organisational DID created by admin'), + (28, 'Organisational DID deleted by admin'), + (29, 'User deactivated'), + (30, 'User activated'), ] ), ), diff --git a/idhub_auth/forms.py b/idhub_auth/forms.py index c9ab1f6..fa771d4 100644 --- a/idhub_auth/forms.py +++ b/idhub_auth/forms.py @@ -2,7 +2,7 @@ import re from django import forms from django.utils.translation import gettext_lazy as _ -from idhub_auth.models import User, gen_salt +from idhub_auth.models import User class ProfileForm(forms.ModelForm): diff --git a/idhub_auth/migrations/0001_initial.py b/idhub_auth/migrations/0001_initial.py index d40f0a4..5655a6f 100644 --- a/idhub_auth/migrations/0001_initial.py +++ b/idhub_auth/migrations/0001_initial.py @@ -1,4 +1,4 @@ -# Generated by Django 4.2.5 on 2023-11-15 09:58 +# Generated by Django 4.2.5 on 2024-01-04 15:12 from django.db import migrations, models @@ -38,6 +38,8 @@ class Migration(migrations.Migration): ('is_admin', models.BooleanField(default=False)), ('first_name', models.CharField(blank=True, max_length=255, null=True)), ('last_name', models.CharField(blank=True, max_length=255, null=True)), + ('encrypted_sensitive_data', models.CharField(max_length=255)), + ('salt', models.CharField(max_length=255)), ], options={ 'abstract': False, diff --git a/idhub_auth/models.py b/idhub_auth/models.py index 2fcf669..7c3434d 100644 --- a/idhub_auth/models.py +++ b/idhub_auth/models.py @@ -1,6 +1,7 @@ import nacl import base64 +from nacl import pwhash from django.db import models from django.core.cache import cache from django.contrib.auth.models import BaseUserManager, AbstractBaseUser @@ -93,9 +94,9 @@ class User(AbstractBaseUser): return ", ".join(set(roles)) def derive_key_from_password(self, password): - kdf = nacl.pwhash.argon2i.kdf - ops = nacl.pwhash.argon2i.OPSLIMIT_INTERACTIVE - mem = nacl.pwhash.argon2i.MEMLIMIT_INTERACTIVE + kdf = pwhash.argon2i.kdf + ops = pwhash.argon2i.OPSLIMIT_INTERACTIVE + mem = pwhash.argon2i.MEMLIMIT_INTERACTIVE return kdf( nacl.secret.SecretBox.KEY_SIZE, password, @@ -120,7 +121,7 @@ class User(AbstractBaseUser): if not isinstance(data, bytes): data = data.encode('utf-8') - return sb.encrypt(data).decode('utf-8') + return base64.b64encode(sb.encrypt(data)).decode('utf-8') def get_salt(self): return base64.b64decode(self.salt.encode('utf-8')) @@ -135,12 +136,12 @@ class User(AbstractBaseUser): key = base64.b64encode(nacl.utils.random(64)) key_dids = cache.get("KEY_DIDS", {}) - if key_dids.get(user.id): - key = key_dids[user.id] + if key_dids.get(self.id): + key = key_dids[self.id] else: self.set_salt() key_crypted = self.encrypt_sensitive_data(password, key) - self.encrypted_sensitive_data = base64.b64encode(key_crypted).decode('utf-8') + self.encrypted_sensitive_data = key_crypted