Projet

Général

Profil

0001-encrypt-user-credentials-9534.patch

Josué Kouka, 07 janvier 2016 17:48

Télécharger (4,35 ko)

Voir les différences: 

Subject: [PATCH] encrypt user credentials (#9534)


 debian/control              |  1 +
 mandayejs/mandaye/models.py | 35 +++++++++++++++++++++++++++++++++--
 mandayejs/mandaye/utils.py  |  8 ++++++++
 mandayejs/mandaye/views.py  |  1 +
 mandayejs/settings.py       |  2 +-
 5 files changed, 44 insertions(+), 3 deletions(-)
debian/control
13 13 
    python-gadjo,
14 14 
    python-django-jsonfield,
15 15 
    python-ldap,
16 
    python-cryptography
16 17 
Recommends: python-django-mellon
17 18 
Description: Authentication Reverse Proxy
18 19 

  		












  

    
      mandayejs/mandaye/models.py
    
  





  16
  16
  
    

  		




  17
  17
  
    

  		




  18
  18
  
    
from django.db import models

  		




  19
  
  
    
from jsonfield import JSONField

  		




  
  19
  
    
from django.conf import settings

  		




  20
  20
  
    
from django.utils.translation import ugettext_lazy as _

  		




  21
  21
  
    

  		




  
  22
  
    
from jsonfield import JSONField

  		




  
  23
  
    
from cryptography.fernet import Fernet

  		




  
  24
  
    

  		




  
  25
  
    
from mandayejs.mandaye.utils import get_password_field

  		




  22
  26
  
    

  		




  23
  27
  
    
class UserCredentials(models.Model):

  		




  24
  28
  
    
    user = models.ForeignKey('auth.User')

  		




  25
  29
  
    
    locators = JSONField(_('locators'), default={}, blank=True) 

  		




  26
  30
  
    
    linked = models.BooleanField(_('associated'), default=False, blank=True)

  		




  
  31
  
    
    #token = models.CharField(_('encryption token', max_length=128, blank=True))

  		




  27
  32
  
    

  		




  28
  33
  
    
    class Meta:

  		




  29
  34
  
    
        unique_together = ('user',)

  		




  ......




  33
  38
  
    
            or self.user.email \

  		




  34
  39
  
    
            or self.user.username

  		




  35
  40
  
    

  		




  36
  
  
    
    def to_login_info(self):

  		




  
  41
  
    
    def save(self, *args, **kwargs):

  		




  
  42
  
    
        self.encrypt()

  		




  
  43
  
    
        super(UserCredentials, self).save(*args, **kwargs)

  		




  
  44
  
    

  		




  
  45
  
    
    def encrypt(self,):

  		




  
  46
  
    
        """Encrypt password

  		




  
  47
  
    
        """

  		




  
  48
  
    
        secret_key = settings.SECRET_KEY

  		




  
  49
  
    
        password_field_name = get_password_field()

  		




  
  50
  
    
        f = Fernet(secret_key)

  		




  
  51
  
    
        self.locators[password_field_name] = \

  		




  
  52
  
    
            f.encrypt(self.locators.get(password_field_name,'').encode('ascii'))

  		




  
  53
  
    
        return self.locators

  		




  
  54
  
    

  		




  
  55
  
    
    def decrypt(self,):

  		




  
  56
  
    
        """Decrypt password

  		




  
  57
  
    
        """

  		




  
  58
  
    
        secret_key = settings.SECRET_KEY 

  		




  
  59
  
    
        password_field_name = get_password_field()

  		




  
  60
  
    
        f = Fernet(secret_key)

  		




  
  61
  
    
        self.locators[password_field_name] = \

  		




  
  62
  
    
            f.decrypt(self.locators.get(password_field_name, '').encode('ascii'))

  		




  
  63
  
    
        return self.locators

  		




  
  64
  
    

  		




  
  65
  
    
    def to_login_info(self, decrypt=False):

  		




  
  66
  
    
        if decrypt:

  		




  
  67
  
    
            self.decrypt()

  		




  37
  68
  
    
        return {'#'+k : v for k,v in self.locators.items() }

  		




  38
  69
  
    

  		












  

    
      mandayejs/mandaye/utils.py
    
  





  51
  51
  
    
    url = url._replace(netloc=settings.SITE_DOMAIN)

  		




  52
  52
  
    
    return url.path

  		




  53
  53
  
    

  		




  
  54
  
    
def get_password_field():

  		




  
  55
  
    
    """Return name of the password field

  		




  
  56
  
    
    """

  		




  
  57
  
    
    try:

  		




  
  58
  
    
        field_name = [ field.get('name') for field in settings.SITE_LOCATORS if field.get('kind') == 'password' ]

  		




  
  59
  
    
        return field_name[0]

  		




  
  60
  
    
    except (IndexError,):

  		




  
  61
  
    
        return None

  		




  54
  62
  
    

  		












  

    
      mandayejs/mandaye/views.py
    
  





  153
  153
  
    
        'auth_checker': os.path.join(site_static_root, site_auth_checker)

  		




  154
  154
  
    
    }

  		




  155
  155
  
    
    logger.debug(login_info)

  		




  
  156
  
    
    login_info['locators'] = [ credentials.to_login_info(decrypt=True)]

  		




  156
  157
  
    
    result = exec_phantom(login_info)

  		




  157
  158
  
    
    logger.debug(result)

  		




  158
  159
  
    

  		












  

    
      mandayejs/settings.py
    
  





  35
  35
  
    
# See https://docs.djangoproject.com/en/1.7/howto/deployment/checklist/

  		




  36
  36
  
    

  		




  37
  37
  
    
# SECURITY WARNING: keep the secret key used in production secret!

  		




  38
  
  
    
SECRET_KEY = 'xlf$@r5j*6p5-l#q=bg&t$mlhf=v@fq9^xfs#%712zndtu2#2@'

  		




  
  38
  
    
SECRET_KEY = 'QJCOqbVnL4jj37b9wd9YQo-2wSvOoGw6OwPu-ErT5QA='

  		




  39
  39
  
    

  		




  40
  40
  
    
# SECURITY WARNING: don't run with debug turned on in production!

  		




  41
  41
  
    
DEBUG = True

  		




  42
  
  
    
-