Skip to main content
Join the official 2019 Python Developers SurveyStart the survey!

Encrypted IDs for Django Models

Project description

======================
Django Encrypted Id (cryptography)
======================

.. image:: https://badge.fury.io/py/django-encrypted-id-cryptography.svg
:target: https://badge.fury.io/py/django-encrypted-id-cryptography

.. image:: https://travis-ci.org/slinkymanbyday/django-encrypted-id-cryptography.svg?branch=master
:target: https://travis-ci.org/slinkymanbyday/django-encrypted-id-cryptography


django-encrypted-id-cryptography is a Django model which allows the use of encrypted ids for when you don't want to expose the regular pk.

**Note: This is a fork from django-encrypted-id and acts *mostly* a drop in replacement, it requires an additional settings and the encrypted ids are not compaitable. It also uses a different crypto library**


Requirements
------------
The following have been tested, however it should work with more.

* Django [1.11, 2.0, 2.2]
* Python [2.7, 3.5]
* Cryptography

Quickstart
----------

Install django-encrypted-id-cryptography::

pip install django-encrypted-id-cryptography


Create an encryption key:

.. code-block:: python

> from cryptography.fernet import Fernet
> Fernet.generate_key()

'3CNek72sQ3syTXX6h-Z1t3OLKKY1lfAgnTW_THUz37M='


.. code-block:: python

ID_ENCRYPT_KEY = ['3CNek72sQ3syTXX6h-Z1t3OLKKY1lfAgnTW_THUz37M=']

Features
--------

This password validator returns a ValidationError if the PWNED Passwords API
detects the password in its data set. Note that the API is heavily rate-limited,
so there is a timeout (:code:`PWNED_VALIDATOR_TIMEOUT`).

If :code:`PWNED_VALIDATOR_FAIL_SAFE` is True, anything besides an API-identified bad password
will pass, including a timeout. If :code:`PWNED_VALIDATOR_FAIL_SAFE` is False, anything
besides a good password will fail and raise a ValidationError.


Use
--------

Consider this example model:

.. code-block:: python

from django.db import models

from encrypted_id.models import EncryptedIDModel


class Foo(EncryptedIDModel):
text = models.TextField()


By inheriting from ``EncryptedIDModel``, you get .ekey as a property on your
model instances. This is how they will look like:

.. code-block:: python

In [1]: from tapp.models import Foo

In [2]: f = Foo.objects.create(text="asd")

In [3]: f.id
Out[3]: 1

In [4]: f.ekey
Out[4]: 'gAAAAABcyQ2WlhRT6zec6WCRMJ3mDkZL9SCy98JeMvrERki6DJgc3WeIRMbAMm86_zmV0sP3_iPvbAHGgb7RfEGrnIIYdggaig=='
You can do reverse lookup:

In [5]: from encrypted_id import decode

In [6]: decode(f.ekey)
Out[6]: 1

If you can not inherit from the helper base class, no problem, you can just use
the ``ekey()`` function from ``encrypted_id`` package:

.. code-block:: python

In [7]: from encrypted_id import ekey

In [8]: from django.contrib.auth.models import User

In [9]: ekey(User.objects.get(pk=1))
Out[9]: 'gAAAAABcyQ2WlhRT6zec6WCRMJ3mDkZL9SCy98JeMvrERki6DJgc3WeIRMbAMm86_zmV0sP3_iPvbAHGgb7RfEGrnIIYdggaig=='


To do the reverse lookup, you have two helpers available. First is provided by
``EncryptedIDManager``, which is used by default if you inherit from
``EncryptedIDModel``, and have not overwritten the ``.objects``:

.. code-block:: python

In [10]: Foo.objects.get_by_ekey(f.ekey)
Out[10]: <Foo: Foo object>


But sometimes you will prefer the form:

.. code-block:: python

In [11]: Foo.objects.get_by_ekey_or_404(f.ekey)
Out[11]: <Foo: Foo object>


Which works the same, but instead of raising ``DoesNotExist``, it raises
``Http404``, so it can be used in views.

You your manager is not inheriting from ``EncryptedIDManager``, you can use:

.. code-block:: python

In [12]: e = ekey(User.objects.first())

In [13]: e
Out[13]: 'gAAAAABcyQ2WlhRT6zec6WCRMJ3mDkZL9SCy98JeMvrERki6DJgc3WeIRMbAMm86_zmV0sP3_iPvbAHGgb7RfEGrnIIYdggaig=='

In [14]: get_object_or_404(User, e)
Out[14]: <User: amitu>


``encrypted_id.get_object_or_404``, as well as
``EncryptedIDManager.get_by_ekey`` and
``EncryptedIDManager.get_by_ekey_or_404`` take extra keyword argument, that can
be used to filter if you want.

If you are curious, the regex used to match the generated ids is:

.. code-block:: python

"[0-9a-zA-Z-_=]+"


Running Tests
-------------

::

source <YOURVIRTUALENV>/bin/activate
(myenv) $ pip install tox
(myenv) $ tox


Release history Release notifications

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for django-encrypted-id-cryptography, version 1.1.0
Filename, size File type Python version Upload date Hashes
Filename, size django_encrypted_id_cryptography-1.1.0-py2.py3-none-any.whl (6.6 kB) File type Wheel Python version py2.py3 Upload date Hashes View hashes
Filename, size django-encrypted-id-cryptography-1.1.0.tar.gz (5.1 kB) File type Source Python version None Upload date Hashes View hashes

Supported by

Elastic Elastic Search Pingdom Pingdom Monitoring Google Google BigQuery Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN SignalFx SignalFx Supporter DigiCert DigiCert EV certificate StatusPage StatusPage Status page