make migrations and fix some things
This commit is contained in:
parent
bd84dbc3bb
commit
e910f3ceec
|
@ -31,12 +31,15 @@ class Command(BaseCommand):
|
||||||
self.create_organizations(r[0].strip(), r[1].strip())
|
self.create_organizations(r[0].strip(), r[1].strip())
|
||||||
|
|
||||||
def create_admin_users(self, email, password):
|
def create_admin_users(self, email, password):
|
||||||
User.objects.create_superuser(email=email, password=password)
|
su = User.objects.create_superuser(email=email, password=password)
|
||||||
|
su.set_encrypted_sensitive_data(password)
|
||||||
|
su.save()
|
||||||
|
|
||||||
|
|
||||||
def create_users(self, email, password):
|
def create_users(self, email, password):
|
||||||
u= User.objects.create(email=email, password=password)
|
u = User.objects.create(email=email, password=password)
|
||||||
u.set_password(password)
|
u.set_password(password)
|
||||||
|
u.set_encrypted_sensitive_data(password)
|
||||||
u.save()
|
u.save()
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
# Generated by Django 4.2.5 on 2023-11-15 09:58
|
# Generated by Django 4.2.5 on 2024-01-04 15:12
|
||||||
|
|
||||||
from django.conf import settings
|
from django.conf import settings
|
||||||
from django.db import migrations, models
|
from django.db import migrations, models
|
||||||
|
@ -28,7 +28,7 @@ class Migration(migrations.Migration):
|
||||||
('created_at', models.DateTimeField(auto_now=True)),
|
('created_at', models.DateTimeField(auto_now=True)),
|
||||||
('label', models.CharField(max_length=50)),
|
('label', models.CharField(max_length=50)),
|
||||||
('did', models.CharField(max_length=250)),
|
('did', models.CharField(max_length=250)),
|
||||||
('key_material', models.CharField(max_length=250)),
|
('_key_material', models.BinaryField(max_length=250)),
|
||||||
(
|
(
|
||||||
'user',
|
'user',
|
||||||
models.ForeignKey(
|
models.ForeignKey(
|
||||||
|
@ -169,7 +169,7 @@ class Migration(migrations.Migration):
|
||||||
('created_on', models.DateTimeField(auto_now=True)),
|
('created_on', models.DateTimeField(auto_now=True)),
|
||||||
('issued_on', models.DateTimeField(null=True)),
|
('issued_on', models.DateTimeField(null=True)),
|
||||||
('subject_did', models.CharField(max_length=250)),
|
('subject_did', models.CharField(max_length=250)),
|
||||||
('data', models.TextField()),
|
('_data', models.BinaryField()),
|
||||||
('csv_data', models.TextField()),
|
('csv_data', models.TextField()),
|
||||||
(
|
(
|
||||||
'status',
|
'status',
|
||||||
|
@ -274,36 +274,39 @@ class Migration(migrations.Migration):
|
||||||
'type',
|
'type',
|
||||||
models.PositiveSmallIntegerField(
|
models.PositiveSmallIntegerField(
|
||||||
choices=[
|
choices=[
|
||||||
(1, 'EV_USR_REGISTERED'),
|
(1, 'User registered'),
|
||||||
(2, 'EV_USR_WELCOME'),
|
(2, 'User welcomed'),
|
||||||
(3, 'EV_DATA_UPDATE_REQUESTED_BY_USER'),
|
(3, 'Data update requested by user'),
|
||||||
(4, 'EV_DATA_UPDATE_REQUESTED'),
|
(
|
||||||
(5, 'EV_USR_UPDATED_BY_ADMIN'),
|
4,
|
||||||
(6, 'EV_USR_UPDATED'),
|
'Data update requested. Pending approval by administrator',
|
||||||
(7, 'EV_USR_DELETED_BY_ADMIN'),
|
),
|
||||||
(8, 'EV_DID_CREATED_BY_USER'),
|
(5, "User's data updated by admin"),
|
||||||
(9, 'EV_DID_CREATED'),
|
(6, 'Your data updated by admin'),
|
||||||
(10, 'EV_DID_DELETED'),
|
(7, 'User deactivated by admin'),
|
||||||
(11, 'EV_CREDENTIAL_DELETED_BY_ADMIN'),
|
(8, 'DID created by user'),
|
||||||
(12, 'EV_CREDENTIAL_DELETED'),
|
(9, 'DID created'),
|
||||||
(13, 'EV_CREDENTIAL_ISSUED_FOR_USER'),
|
(10, 'DID deleted'),
|
||||||
(14, 'EV_CREDENTIAL_ISSUED'),
|
(11, 'Credential deleted by user'),
|
||||||
(15, 'EV_CREDENTIAL_PRESENTED_BY_USER'),
|
(12, 'Credential deleted'),
|
||||||
(16, 'EV_CREDENTIAL_PRESENTED'),
|
(13, 'Credential issued for user'),
|
||||||
(17, 'EV_CREDENTIAL_ENABLED'),
|
(14, 'Credential issued'),
|
||||||
(18, 'EV_CREDENTIAL_CAN_BE_REQUESTED'),
|
(15, 'Credential presented by user'),
|
||||||
(19, 'EV_CREDENTIAL_REVOKED_BY_ADMIN'),
|
(16, 'Credential presented'),
|
||||||
(20, 'EV_CREDENTIAL_REVOKED'),
|
(17, 'Credential enabled'),
|
||||||
(21, 'EV_ROLE_CREATED_BY_ADMIN'),
|
(18, 'Credential available'),
|
||||||
(22, 'EV_ROLE_MODIFIED_BY_ADMIN'),
|
(19, 'Credential revoked by admin'),
|
||||||
(23, 'EV_ROLE_DELETED_BY_ADMIN'),
|
(20, 'Credential revoked'),
|
||||||
(24, 'EV_SERVICE_CREATED_BY_ADMIN'),
|
(21, 'Role created by admin'),
|
||||||
(25, 'EV_SERVICE_MODIFIED_BY_ADMIN'),
|
(22, 'Role modified by admin'),
|
||||||
(26, 'EV_SERVICE_DELETED_BY_ADMIN'),
|
(23, 'Role deleted by admin'),
|
||||||
(27, 'EV_ORG_DID_CREATED_BY_ADMIN'),
|
(24, 'Service created by admin'),
|
||||||
(28, 'EV_ORG_DID_DELETED_BY_ADMIN'),
|
(25, 'Service modified by admin'),
|
||||||
(29, 'EV_USR_DEACTIVATED_BY_ADMIN'),
|
(26, 'Service deleted by admin'),
|
||||||
(30, 'EV_USR_ACTIVATED_BY_ADMIN'),
|
(27, 'Organisational DID created by admin'),
|
||||||
|
(28, 'Organisational DID deleted by admin'),
|
||||||
|
(29, 'User deactivated'),
|
||||||
|
(30, 'User activated'),
|
||||||
]
|
]
|
||||||
),
|
),
|
||||||
),
|
),
|
||||||
|
|
|
@ -2,7 +2,7 @@ import re
|
||||||
|
|
||||||
from django import forms
|
from django import forms
|
||||||
from django.utils.translation import gettext_lazy as _
|
from django.utils.translation import gettext_lazy as _
|
||||||
from idhub_auth.models import User, gen_salt
|
from idhub_auth.models import User
|
||||||
|
|
||||||
|
|
||||||
class ProfileForm(forms.ModelForm):
|
class ProfileForm(forms.ModelForm):
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
# Generated by Django 4.2.5 on 2023-11-15 09:58
|
# Generated by Django 4.2.5 on 2024-01-04 15:12
|
||||||
|
|
||||||
from django.db import migrations, models
|
from django.db import migrations, models
|
||||||
|
|
||||||
|
@ -38,6 +38,8 @@ class Migration(migrations.Migration):
|
||||||
('is_admin', models.BooleanField(default=False)),
|
('is_admin', models.BooleanField(default=False)),
|
||||||
('first_name', models.CharField(blank=True, max_length=255, null=True)),
|
('first_name', models.CharField(blank=True, max_length=255, null=True)),
|
||||||
('last_name', models.CharField(blank=True, max_length=255, null=True)),
|
('last_name', models.CharField(blank=True, max_length=255, null=True)),
|
||||||
|
('encrypted_sensitive_data', models.CharField(max_length=255)),
|
||||||
|
('salt', models.CharField(max_length=255)),
|
||||||
],
|
],
|
||||||
options={
|
options={
|
||||||
'abstract': False,
|
'abstract': False,
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
import nacl
|
import nacl
|
||||||
import base64
|
import base64
|
||||||
|
|
||||||
|
from nacl import pwhash
|
||||||
from django.db import models
|
from django.db import models
|
||||||
from django.core.cache import cache
|
from django.core.cache import cache
|
||||||
from django.contrib.auth.models import BaseUserManager, AbstractBaseUser
|
from django.contrib.auth.models import BaseUserManager, AbstractBaseUser
|
||||||
|
@ -93,9 +94,9 @@ class User(AbstractBaseUser):
|
||||||
return ", ".join(set(roles))
|
return ", ".join(set(roles))
|
||||||
|
|
||||||
def derive_key_from_password(self, password):
|
def derive_key_from_password(self, password):
|
||||||
kdf = nacl.pwhash.argon2i.kdf
|
kdf = pwhash.argon2i.kdf
|
||||||
ops = nacl.pwhash.argon2i.OPSLIMIT_INTERACTIVE
|
ops = pwhash.argon2i.OPSLIMIT_INTERACTIVE
|
||||||
mem = nacl.pwhash.argon2i.MEMLIMIT_INTERACTIVE
|
mem = pwhash.argon2i.MEMLIMIT_INTERACTIVE
|
||||||
return kdf(
|
return kdf(
|
||||||
nacl.secret.SecretBox.KEY_SIZE,
|
nacl.secret.SecretBox.KEY_SIZE,
|
||||||
password,
|
password,
|
||||||
|
@ -120,7 +121,7 @@ class User(AbstractBaseUser):
|
||||||
if not isinstance(data, bytes):
|
if not isinstance(data, bytes):
|
||||||
data = data.encode('utf-8')
|
data = data.encode('utf-8')
|
||||||
|
|
||||||
return sb.encrypt(data).decode('utf-8')
|
return base64.b64encode(sb.encrypt(data)).decode('utf-8')
|
||||||
|
|
||||||
def get_salt(self):
|
def get_salt(self):
|
||||||
return base64.b64decode(self.salt.encode('utf-8'))
|
return base64.b64decode(self.salt.encode('utf-8'))
|
||||||
|
@ -135,12 +136,12 @@ class User(AbstractBaseUser):
|
||||||
key = base64.b64encode(nacl.utils.random(64))
|
key = base64.b64encode(nacl.utils.random(64))
|
||||||
key_dids = cache.get("KEY_DIDS", {})
|
key_dids = cache.get("KEY_DIDS", {})
|
||||||
|
|
||||||
if key_dids.get(user.id):
|
if key_dids.get(self.id):
|
||||||
key = key_dids[user.id]
|
key = key_dids[self.id]
|
||||||
else:
|
else:
|
||||||
self.set_salt()
|
self.set_salt()
|
||||||
|
|
||||||
key_crypted = self.encrypt_sensitive_data(password, key)
|
key_crypted = self.encrypt_sensitive_data(password, key)
|
||||||
self.encrypted_sensitive_data = base64.b64encode(key_crypted).decode('utf-8')
|
self.encrypted_sensitive_data = key_crypted
|
||||||
|
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue