make migrations and fix some things

2024-01-04 16:27:27 +01:00 · 2024-01-04 16:27:27 +01:00 · e910f3ceec
parent bd84dbc3bb
commit e910f3ceec
5 changed files with 53 additions and 44 deletions
--- a/idhub/management/commands/initial_datas.py
+++ b/idhub/management/commands/initial_datas.py
@ -31,12 +31,15 @@ class Command(BaseCommand):
                self.create_organizations(r[0].strip(), r[1].strip())

    def create_admin_users(self, email, password):
-        User.objects.create_superuser(email=email, password=password)
+        su = User.objects.create_superuser(email=email, password=password)
+        su.set_encrypted_sensitive_data(password)
+        su.save()


    def create_users(self, email, password):
-        u= User.objects.create(email=email, password=password)
+        u = User.objects.create(email=email, password=password)
        u.set_password(password)
+        u.set_encrypted_sensitive_data(password)
        u.save()


--- a/idhub/migrations/0001_initial.py
+++ b/idhub/migrations/0001_initial.py
@ -1,4 +1,4 @@
-# Generated by Django 4.2.5 on 2023-11-15 09:58
+# Generated by Django 4.2.5 on 2024-01-04 15:12

 from django.conf import settings
 from django.db import migrations, models
@ -28,7 +28,7 @@ class Migration(migrations.Migration):
                ('created_at', models.DateTimeField(auto_now=True)),
                ('label', models.CharField(max_length=50)),
                ('did', models.CharField(max_length=250)),
-                ('key_material', models.CharField(max_length=250)),
+                ('_key_material', models.BinaryField(max_length=250)),
                (
                    'user',
                    models.ForeignKey(
@ -169,7 +169,7 @@ class Migration(migrations.Migration):
                ('created_on', models.DateTimeField(auto_now=True)),
                ('issued_on', models.DateTimeField(null=True)),
                ('subject_did', models.CharField(max_length=250)),
-                ('data', models.TextField()),
+                ('_data', models.BinaryField()),
                ('csv_data', models.TextField()),
                (
                    'status',
@ -274,36 +274,39 @@ class Migration(migrations.Migration):
                    'type',
                    models.PositiveSmallIntegerField(
                        choices=[
-                            (1, 'EV_USR_REGISTERED'),
-                            (2, 'EV_USR_WELCOME'),
-                            (3, 'EV_DATA_UPDATE_REQUESTED_BY_USER'),
-                            (4, 'EV_DATA_UPDATE_REQUESTED'),
-                            (5, 'EV_USR_UPDATED_BY_ADMIN'),
-                            (6, 'EV_USR_UPDATED'),
-                            (7, 'EV_USR_DELETED_BY_ADMIN'),
-                            (8, 'EV_DID_CREATED_BY_USER'),
-                            (9, 'EV_DID_CREATED'),
-                            (10, 'EV_DID_DELETED'),
-                            (11, 'EV_CREDENTIAL_DELETED_BY_ADMIN'),
-                            (12, 'EV_CREDENTIAL_DELETED'),
-                            (13, 'EV_CREDENTIAL_ISSUED_FOR_USER'),
-                            (14, 'EV_CREDENTIAL_ISSUED'),
-                            (15, 'EV_CREDENTIAL_PRESENTED_BY_USER'),
-                            (16, 'EV_CREDENTIAL_PRESENTED'),
-                            (17, 'EV_CREDENTIAL_ENABLED'),
-                            (18, 'EV_CREDENTIAL_CAN_BE_REQUESTED'),
-                            (19, 'EV_CREDENTIAL_REVOKED_BY_ADMIN'),
-                            (20, 'EV_CREDENTIAL_REVOKED'),
-                            (21, 'EV_ROLE_CREATED_BY_ADMIN'),
-                            (22, 'EV_ROLE_MODIFIED_BY_ADMIN'),
-                            (23, 'EV_ROLE_DELETED_BY_ADMIN'),
-                            (24, 'EV_SERVICE_CREATED_BY_ADMIN'),
-                            (25, 'EV_SERVICE_MODIFIED_BY_ADMIN'),
-                            (26, 'EV_SERVICE_DELETED_BY_ADMIN'),
-                            (27, 'EV_ORG_DID_CREATED_BY_ADMIN'),
-                            (28, 'EV_ORG_DID_DELETED_BY_ADMIN'),
-                            (29, 'EV_USR_DEACTIVATED_BY_ADMIN'),
-                            (30, 'EV_USR_ACTIVATED_BY_ADMIN'),
+                            (1, 'User registered'),
+                            (2, 'User welcomed'),
+                            (3, 'Data update requested by user'),
+                            (
+                                4,
+                                'Data update requested. Pending approval by administrator',
+                            ),
+                            (5, "User's data updated by admin"),
+                            (6, 'Your data updated by admin'),
+                            (7, 'User deactivated by admin'),
+                            (8, 'DID created by user'),
+                            (9, 'DID created'),
+                            (10, 'DID deleted'),
+                            (11, 'Credential deleted by user'),
+                            (12, 'Credential deleted'),
+                            (13, 'Credential issued for user'),
+                            (14, 'Credential issued'),
+                            (15, 'Credential presented by user'),
+                            (16, 'Credential presented'),
+                            (17, 'Credential enabled'),
+                            (18, 'Credential available'),
+                            (19, 'Credential revoked by admin'),
+                            (20, 'Credential revoked'),
+                            (21, 'Role created by admin'),
+                            (22, 'Role modified by admin'),
+                            (23, 'Role deleted by admin'),
+                            (24, 'Service created by admin'),
+                            (25, 'Service modified by admin'),
+                            (26, 'Service deleted by admin'),
+                            (27, 'Organisational DID created by admin'),
+                            (28, 'Organisational DID deleted by admin'),
+                            (29, 'User deactivated'),
+                            (30, 'User activated'),
                        ]
                    ),
                ),
--- a/idhub_auth/forms.py
+++ b/idhub_auth/forms.py
@ -2,7 +2,7 @@ import re

 from django import forms
 from django.utils.translation import gettext_lazy as _
-from idhub_auth.models import User, gen_salt
+from idhub_auth.models import User


 class ProfileForm(forms.ModelForm):
--- a/idhub_auth/migrations/0001_initial.py
+++ b/idhub_auth/migrations/0001_initial.py
@ -1,4 +1,4 @@
-# Generated by Django 4.2.5 on 2023-11-15 09:58
+# Generated by Django 4.2.5 on 2024-01-04 15:12

 from django.db import migrations, models

@ -38,6 +38,8 @@ class Migration(migrations.Migration):
                ('is_admin', models.BooleanField(default=False)),
                ('first_name', models.CharField(blank=True, max_length=255, null=True)),
                ('last_name', models.CharField(blank=True, max_length=255, null=True)),
+                ('encrypted_sensitive_data', models.CharField(max_length=255)),
+                ('salt', models.CharField(max_length=255)),
            ],
            options={
                'abstract': False,
--- a/idhub_auth/models.py
+++ b/idhub_auth/models.py
@ -1,6 +1,7 @@
 import nacl
 import base64

+from nacl import pwhash
 from django.db import models
 from django.core.cache import cache
 from django.contrib.auth.models import BaseUserManager, AbstractBaseUser
@ -93,9 +94,9 @@ class User(AbstractBaseUser):
        return ", ".join(set(roles))

    def derive_key_from_password(self, password):
-        kdf = nacl.pwhash.argon2i.kdf
-        ops = nacl.pwhash.argon2i.OPSLIMIT_INTERACTIVE
-        mem = nacl.pwhash.argon2i.MEMLIMIT_INTERACTIVE
+        kdf = pwhash.argon2i.kdf
+        ops = pwhash.argon2i.OPSLIMIT_INTERACTIVE
+        mem = pwhash.argon2i.MEMLIMIT_INTERACTIVE
        return kdf(
            nacl.secret.SecretBox.KEY_SIZE,
            password,
@ -120,7 +121,7 @@ class User(AbstractBaseUser):
        if not isinstance(data, bytes):
            data = data.encode('utf-8')
        
-        return sb.encrypt(data).decode('utf-8')
+        return base64.b64encode(sb.encrypt(data)).decode('utf-8')

    def get_salt(self):
        return base64.b64decode(self.salt.encode('utf-8'))
@ -135,12 +136,12 @@ class User(AbstractBaseUser):
        key = base64.b64encode(nacl.utils.random(64))
        key_dids = cache.get("KEY_DIDS", {})

-        if key_dids.get(user.id):
-            key = key_dids[user.id]
+        if key_dids.get(self.id):
+            key = key_dids[self.id]
        else:
            self.set_salt()

        key_crypted = self.encrypt_sensitive_data(password, key)
-        self.encrypted_sensitive_data = base64.b64encode(key_crypted).decode('utf-8')
+        self.encrypted_sensitive_data = key_crypted