Skip to main content

Replace Rest Framework's IntegerField pk or id lookups with encrypted strings.

Project description

[![PyPI](https://img.shields.io/pypi/dm/django-rest-encrypted-lookup.svg)]()
[![Build Status](https://travis-ci.org/InterSIS/django-rest-encrypted-lookup.svg?branch=master)](https://travis-ci.org/InterSIS/django-rest-encrypted-lookup)

django-rest-encrypted-lookup
=============

Drop-in ViewSets, Serializers, and Fields that replace your IntegerField pk or id lookups with encrypted string lookups.

Use a single cipher across your entire project, or provide a unique cipher for each serializer, model, user, and/or client.

The json representation of a poll:
```
{
"id": 5,
"questions": [
2,
10,
12,
]
}
```
becomes:
```
{
"id": "4xoh7gja2mtvz3i47ywy5h6ouu",
"questions": [
"t6y4zo26vutj4xclh5hpy3sc5m",
"hp7c75ggggiwv6cs5zc4mpzeoe",
"rqq5a2evfokyo7tz74loiu3bcq",
]
}
```

Choose a user-by-user cipher such that:
```
# User A GETs /api/polls/ and receives:

{
"results": [
"4xoh7gja2mtvz3i47ywy5h6ouu",
"12gc75ggggiwv6cs5zc4mpzeoe",
]
}

# User B GETs /api/polls/ and receives:

{
"results": [
"rqq5a2evfokyo7tz74loiu3bcq",
"hp7c75g84g63v6cs5zc423zeoe",
]
}
```


If you prefer hyperlinked related fields:
```
{
"id": "4xoh7gja2mtvz3i47ywy5h6ouu",
"questions": [
"https://example.com/api/questions/t6y4zo26vutj4xclh5hpy3sc5m/",
"https://example.com/api/questions/hp7c75ggggiwv6cs5zc4mpzeoe/",
"https://example.com/api/questions/rqq5a2evfokyo7tz74loiu3bcq/",
]
}
```

The endpoint:

```
/api/polls/5/
```
becomes:
```
/api/polls/4xoh7gja2mtvz3i47ywy5h6ouu/
```

Encrypted lookups are *not* appropriate to use as a security measure against users guessing object URIs. Encrypted
lookups *are* appropriate to use as a method of obfuscating object pks/ids.


Installation
===============

Install the module in your Python distribution or virtualenv:

$ pip install django-rest-encrypted-lookup

Add the application to your `INSTALLED_APPS`:

```
INSTALLED_APPS = (
...
"rest_framework_encrypted_lookup",
...
)
```

And in settings.py:

```
ENCRYPTED_LOOKUP = {
'lookup_field_name': 'id', # String value name of your drf lookup field, generally 'id' or 'pk'
'secret_key': 'uniquesecret', # Choose a string value unique secret key with which to encrypt your lookup fields
},
```

How it Works
============

Encrypted lookup strings are *not* stored in the database in association with the objects they represent. Encrypted
lookups are generated by the model serializers during response composition. Encrypted lookups presented in the endpoint
URI are decrypted in the call to dispatch, and encrypted lookups presented in data fields are decrypted by the model
deserializers.

Encryption is provided by the PyCrypto AES library.

Use
===

django-rest-encrypted-lookup provides three field classes:

from rest_framework_encrypted_lookup.fields import EncryptedLookupField, EncryptedLookupRelatedField, EncryptedLookupHyperlinkedRelatedField

two new serializer classes:

from rest_framework_encrypted_lookup.serializers import EncryptedLookupModelSerializer, EncryptedLookupHyperlinkedModelSerializer

and a generic view class:

from rest_framework_encrypted_lookup.views import EncryptedLookupGenericViewSet

Use these in place of the classes provided with Django Rest Framework 3.

Example:

```
# models.py
...
class Poll(models.Model):
...


# serializers.py
...
class PollSerializer(EncryptedLookupModelSerializer):

class Meta:
model = Poll


# views.py
...
from rest_framework import viewsets

class PollViewSet(EncryptedLookupGenericViewSet,
viewsets.mixins.ListModelMixin,
viewsets.mixins.RetrieveModelMixin,
...
)

queryset = Poll.objects.all()
serializer_class = PollSerializer

lookup_field = 'id'
```

Of the classes included in this package, the example above makes use of `EncryptedLookupModelSerializer`, and
`EncryptedLookupGenericViewSet`.

The fields `EncryptedLookupField`, `EncryptedLookupRelatedField` are used implicitly
by the EncryptedLookupModelSerializer. These fields may also be used explicitly, if needed.

We could have used `EncryptedLookupHyperlinkedModelSerializer` instead of `EncryptedLookupModelSerializer`:
```
# serializers.py
...
class PollSerializer(EncryptedLookupHyperlinkedModelSerializer):

class Meta:
model = Poll
```

In this case, PollSerializer would serialize related fields as hyperlinks, using the `EncryptedHyperlinkedLookupRelatedField`.

By default, every encrypted-lookup serializer class will use the same cypher. You can choose a non-default cypher by
overwriting your serializer's `get_cypher` method. Here is a ```get_cypher``` method that will produce a unique cypher per-model:

```
from rest_framework_encrypted_lookup.utils import IDCipher
from rest_framework_encrypted_lookup.settings import encrypted_lookup_settings

class MyEncryptedLookupModelSerializer(EncryptedLookupModelSerializer):

def get_cipher(self):
return IDCipher(secret=encrypted_lookup_settings['secret_key']+self.Meta.model)

```

Here is a ```get_cypher``` method that will produce a unique cypher per-user:

```
from rest_framework_encrypted_lookup.utils import IDCipher
from rest_framework_encrypted_lookup.settings import encrypted_lookup_settings

class MyEncryptedLookupModelSerializer(EncryptedLookupModelSerializer):

def get_cipher(self):
# Let's suppose that a user must be logged in to reach this endpoint.

return IDCipher(secret=encrypted_lookup_settings['secret_key']+self._context["request"].user.username)

```


Compatibility
=============

* Django Rest Framework 3.0, 3.1
* Django 1.6, 1.7, 1.8
* Python 2.7, 3.3, 3.4

See tox.ini for specific minor versions tested.

Additional Requirements
=======================

* PyCrypto 2.6.1

Todo
====

* Helpful exceptions.
* Coverage.

Getting Involved
================

Feel free to open pull requests or issues. GitHub is the canonical location of this project.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

django-rest-encrypted-lookup-0.10.1.tar.gz (21.0 kB view details)

Uploaded Source

File details

Details for the file django-rest-encrypted-lookup-0.10.1.tar.gz.

File metadata

File hashes

Hashes for django-rest-encrypted-lookup-0.10.1.tar.gz
Algorithm Hash digest
SHA256 2685d501874475b8c4cbe74b284a55a109056181e07a7311f2034f578e1fff38
MD5 61e2faef9ffc5946c67a0979066829ef
BLAKE2b-256 3daf94d96e8875e3c465c26c0485847fe5c38d7095efd8c08f069db641364d4d

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page