0001-encrypt-user-credentials-9534.patch
debian/control | ||
---|---|---|
13 | 13 |
python-gadjo, |
14 | 14 |
python-django-jsonfield, |
15 | 15 |
python-ldap, |
16 |
python-cryptography |
|
16 | 17 |
Recommends: python-django-mellon |
17 | 18 |
Description: Authentication Reverse Proxy |
18 | 19 |
mandayejs/mandaye/models.py | ||
---|---|---|
16 | 16 | |
17 | 17 | |
18 | 18 |
from django.db import models |
19 |
from jsonfield import JSONField
|
|
19 |
from django.conf import settings
|
|
20 | 20 |
from django.utils.translation import ugettext_lazy as _ |
21 | 21 | |
22 |
from jsonfield import JSONField |
|
23 |
from cryptography.fernet import Fernet |
|
24 | ||
25 |
from mandayejs.mandaye.utils import get_password_field |
|
22 | 26 | |
23 | 27 |
class UserCredentials(models.Model): |
24 | 28 |
user = models.ForeignKey('auth.User') |
25 | 29 |
locators = JSONField(_('locators'), default={}, blank=True) |
26 | 30 |
linked = models.BooleanField(_('associated'), default=False, blank=True) |
31 |
#token = models.CharField(_('encryption token', max_length=128, blank=True)) |
|
27 | 32 | |
28 | 33 |
class Meta: |
29 | 34 |
unique_together = ('user',) |
... | ... | |
33 | 38 |
or self.user.email \ |
34 | 39 |
or self.user.username |
35 | 40 | |
36 |
def to_login_info(self): |
|
41 |
def save(self, *args, **kwargs): |
|
42 |
self.encrypt() |
|
43 |
super(UserCredentials, self).save(*args, **kwargs) |
|
44 | ||
45 |
def encrypt(self,): |
|
46 |
"""Encrypt password |
|
47 |
""" |
|
48 |
secret_key = settings.SECRET_KEY |
|
49 |
password_field_name = get_password_field() |
|
50 |
f = Fernet(secret_key) |
|
51 |
self.locators[password_field_name] = \ |
|
52 |
f.encrypt(self.locators.get(password_field_name,'').encode('ascii')) |
|
53 |
return self.locators |
|
54 | ||
55 |
def decrypt(self,): |
|
56 |
"""Decrypt password |
|
57 |
""" |
|
58 |
secret_key = settings.SECRET_KEY |
|
59 |
password_field_name = get_password_field() |
|
60 |
f = Fernet(secret_key) |
|
61 |
self.locators[password_field_name] = \ |
|
62 |
f.decrypt(self.locators.get(password_field_name, '').encode('ascii')) |
|
63 |
return self.locators |
|
64 | ||
65 |
def to_login_info(self, decrypt=False): |
|
66 |
if decrypt: |
|
67 |
self.decrypt() |
|
37 | 68 |
return {'#'+k : v for k,v in self.locators.items() } |
38 | 69 |
mandayejs/mandaye/utils.py | ||
---|---|---|
51 | 51 |
url = url._replace(netloc=settings.SITE_DOMAIN) |
52 | 52 |
return url.path |
53 | 53 | |
54 |
def get_password_field(): |
|
55 |
"""Return name of the password field |
|
56 |
""" |
|
57 |
try: |
|
58 |
field_name = [ field.get('name') for field in settings.SITE_LOCATORS if field.get('kind') == 'password' ] |
|
59 |
return field_name[0] |
|
60 |
except (IndexError,): |
|
61 |
return None |
|
54 | 62 |
mandayejs/mandaye/views.py | ||
---|---|---|
153 | 153 |
'auth_checker': os.path.join(site_static_root, site_auth_checker) |
154 | 154 |
} |
155 | 155 |
logger.debug(login_info) |
156 |
login_info['locators'] = [ credentials.to_login_info(decrypt=True)] |
|
156 | 157 |
result = exec_phantom(login_info) |
157 | 158 |
logger.debug(result) |
158 | 159 |
mandayejs/settings.py | ||
---|---|---|
35 | 35 |
# See https://docs.djangoproject.com/en/1.7/howto/deployment/checklist/ |
36 | 36 | |
37 | 37 |
# SECURITY WARNING: keep the secret key used in production secret! |
38 |
SECRET_KEY = 'xlf$@r5j*6p5-l#q=bg&t$mlhf=v@fq9^xfs#%712zndtu2#2@'
|
|
38 |
SECRET_KEY = 'QJCOqbVnL4jj37b9wd9YQo-2wSvOoGw6OwPu-ErT5QA='
|
|
39 | 39 | |
40 | 40 |
# SECURITY WARNING: don't run with debug turned on in production! |
41 | 41 |
DEBUG = True |
42 |
- |