0001-encrypt-user-credentials-9534.patch
debian/control | ||
---|---|---|
13 | 13 |
python-gadjo, |
14 | 14 |
python-django-jsonfield, |
15 | 15 |
python-ldap, |
16 |
python-cryptography |
|
16 | 17 |
Recommends: python-django-mellon |
17 | 18 |
Description: Authentication Reverse Proxy |
18 | 19 |
mandayejs/mandaye/models.py | ||
---|---|---|
16 | 16 | |
17 | 17 | |
18 | 18 |
from django.db import models |
19 |
from jsonfield import JSONField
|
|
19 |
from django.conf import settings
|
|
20 | 20 |
from django.utils.translation import ugettext_lazy as _ |
21 | 21 | |
22 |
from jsonfield import JSONField |
|
23 |
from cryptography.fernet import Fernet |
|
24 | ||
25 |
from mandayejs.mandaye.utils import get_password_field |
|
22 | 26 | |
23 | 27 |
class UserCredentials(models.Model): |
24 | 28 |
user = models.ForeignKey('auth.User') |
... | ... | |
33 | 37 |
or self.user.email \ |
34 | 38 |
or self.user.username |
35 | 39 | |
36 |
def to_login_info(self): |
|
40 |
def save(self, *args, **kwargs): |
|
41 |
self.encrypt() |
|
42 |
super(UserCredentials, self).save(*args, **kwargs) |
|
43 | ||
44 |
def encrypt(self,): |
|
45 |
"""Encrypt password |
|
46 |
""" |
|
47 |
secret_key = settings.SECRET_KEY |
|
48 |
password_field_name = get_password_field() |
|
49 |
f = Fernet(secret_key) |
|
50 |
self.locators[password_field_name] = \ |
|
51 |
f.encrypt(self.locators.get(password_field_name,'').encode('ascii')) |
|
52 |
return self.locators |
|
53 | ||
54 |
def decrypt(self,): |
|
55 |
"""Decrypt password |
|
56 |
""" |
|
57 |
secret_key = settings.SECRET_KEY |
|
58 |
password_field_name = get_password_field() |
|
59 |
f = Fernet(secret_key) |
|
60 |
self.locators[password_field_name] = \ |
|
61 |
f.decrypt(self.locators.get(password_field_name, '').encode('ascii')) |
|
62 |
return self.locators |
|
63 | ||
64 |
def to_login_info(self, decrypt=False): |
|
65 |
if decrypt: |
|
66 |
self.decrypt() |
|
37 | 67 |
return {'#'+k : v for k,v in self.locators.items() } |
38 | 68 |
mandayejs/mandaye/utils.py | ||
---|---|---|
51 | 51 |
url = url._replace(netloc=settings.SITE_DOMAIN) |
52 | 52 |
return url.path |
53 | 53 | |
54 |
def get_password_field(): |
|
55 |
"""Return name of the password field |
|
56 |
""" |
|
57 |
try: |
|
58 |
field_name = [ field.get('name') for field in settings.SITE_LOCATORS if field.get('kind') == 'password' ] |
|
59 |
return field_name[0] |
|
60 |
except (IndexError,): |
|
61 |
return None |
|
54 | 62 |
mandayejs/mandaye/views.py | ||
---|---|---|
153 | 153 |
'auth_checker': os.path.join(site_static_root, site_auth_checker) |
154 | 154 |
} |
155 | 155 |
logger.debug(login_info) |
156 |
login_info['locators'] = [ credentials.to_login_info(decrypt=True)] |
|
156 | 157 |
result = exec_phantom(login_info) |
157 | 158 |
logger.debug(result) |
158 | 159 | |
159 |
- |