Skip to main content

Store user secrets encrypted into database.

Project description

Store user secrets encrypted into database.

Build Status on github

github.com/jedie/django-user-secrets/actions

Current project state: “Beta”

Licence: GPL v3 or above

the idea

Store a user’s secrets in the database encrypted with his password.

Only the user can decrypt the stored data. His password is used for encryption and decryption. This password is only transmitted in plain text when logging in (Django itself only saves a salted hash of the password).

The intermediate-user-secret is decrypted and stored with the clear text password in RAM after successful login. All user secrets will be encrypted and decrypted with his intermediate-user-secret.

Limitations and/or facts:

  • Only the same user can decrypt his own data.

  • The decrypted data can only be used during an active session.

  • A intermediate-user-secret is used, so that a password can be changed without losing the encrypted data.

usage

The encrypted user secrets are stored via EncryptedField in the user model. Your project must implement a own settings.AUTH_USER_MODEL inherith from AbstractUserSecretsModel e.g.:

/your_project/your_app/models.py

from user_secrets.model_fields import EncryptedField
from user_secrets.models import AbstractUserSecretsModel

class UserSecretsModel(AbstractUserSecretsModel):
    example_secret = EncryptedField(max_length=256, blank=True, null=True)  # can have one or more EncryptedField's!

Add this own user model to the Django Admin and add the own EncryptedField, so the user can fill it in the admin, e.g.:

/your_project/your_app/admin.py

from django.contrib import admin
from django.utils.translation import gettext_lazy as _

from user_secrets.admin import UserSecretsAdmin
from user_secrets_tests.models import UserSecretsModel


@admin.register(UserSecretsModel)
class ExampleModelAdmin(UserSecretsAdmin):
    fieldsets = (
        (None, {'fields': ('username', 'password')}),
        (_('User Secrets'), {'fields': ('encrypted_secret', 'example_secret')}),  # <<< own fields
        (_('Personal info'), {'fields': ('first_name', 'last_name', 'email')}),
        (_('Permissions'), {
            'fields': ('is_active', 'is_staff', 'is_superuser', 'groups', 'user_permissions'),
        }),
        (_('Important dates'), {'fields': ('last_login', 'date_joined')}),
    )

It’s also possible to implement a own “edit” view just for the EncryptedField values. Have a look at the demo app view: /user_secrets_tests/views/edit.py For this you can easy get a model form, e.g.:

from user_secrets.forms import UserSecretsBaseModelModelForm
from user_secrets_tests.models import UserSecretsModel


class ExampleModelForm(UserSecretsBaseModelModelForm):
    class Meta:
        model = UserSecretsModel
        fields = ['example_secret']

To use the stored secret in a view, e.g.:

user = request.user  # get current user
example_secret = user.example_secret  # the the example field value (encrypted)
# decrypt the example
decrypted_value = user_decrypt(user=user, encrypted_data=example_secret)
# ...do something with the value...

Complete example is: /user_secrets_tests/views/display.py

Needed settings:

# The SECRET_KEY should never changed after django-user-secrets are created!
SECRET_KEY = 'Use a long random string and keep this value secret!'

INSTALLED_APPS = (
    #...
    'user_secrets.apps.UserSecretsConfig',
    #...
)

# Must point to a own UserModel class
# This class must inherit from user_secrets.models.AbstractUserSecretsModel
AUTH_USER_MODEL = 'your_app.YourUserModel'


AUTHENTICATION_BACKENDS = [
    'user_secrets.auth_backend.UserSecretsAuthBackend',  # Must be at first
    'django.contrib.auth.backends.ModelBackend'
]


CACHES = {
    'default': {  # Can use any backend.
        'BACKEND': 'django.core.cache.backends.locmem.LocMemCache',
        'LOCATION': 'default',
    },
    'user_secrets': {  # Should be use the LocMemCache!
        'BACKEND': 'django.core.cache.backends.locmem.LocMemCache',
        'LOCATION': 'user_secrets',
    }
}


MIDDLEWARE = (
    #...
    'user_secrets.middleware.UserSecretsMiddleware',  # inserted after AuthenticationMiddleware
)

Complete example is: /user_secrets_tests/settings.py

DEMO

Prepare: install poetry e.g.:

~$ sudo apt install python3-pip
~$ pip3 install -U pip --user
~$ pip3 install -U poerty --user

Clone the sources, e.g.:

~$ git clone https://github.com/jedie/django-user-secrets.git
~$ cd django-user-secrets

# install via poetry:
~/django-user-secrets$ poetry install

# Start Django dev. server:
~/django-user-secrets$ poetry run dev_server

You can also use our Makefile, e.g.:

~/django-user-secrets$ make help
help                 List all commands
install-poetry       install or update poetry
install              install django-user-secrets via poetry
update               update the sources and installation
lint                 Run code formatters and linter
fix-code-style       Fix code formatting
tox-listenvs         List all tox test environments
tox                  Run pytest via tox with all environments
tox-py36             Run pytest via tox with *python v3.6*
tox-py37             Run pytest via tox with *python v3.7*
tox-py38             Run pytest via tox with *python v3.8*
pytest               Run pytest
update-rst-readme    update README.rst from README.creole
publish              Release new version to PyPi
start-dev-server     Start Django dev. server with the test project

history

  • *dev*

    • TBC

  • v0.2.0 - 06.07.2020

    • refactor:

      • Move EncryptedFields into user model and don’t use a extra model for them

      • Move code parts from demo app into main package

    • Update demo app

    • update README

    • Bugfix Makefile

  • v0.1.0 - 04.07.2020

    • first release on PyPi


Note: this file is generated from README.creole 2020-07-06 11:30:39 with "python-creole"

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

django-user-secrets-0.2.0.tar.gz (21.9 kB view details)

Uploaded Source

Built Distribution

django_user_secrets-0.2.0-py3-none-any.whl (30.3 kB view details)

Uploaded Python 3

File details

Details for the file django-user-secrets-0.2.0.tar.gz.

File metadata

  • Download URL: django-user-secrets-0.2.0.tar.gz
  • Upload date:
  • Size: 21.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.2.0 pkginfo/1.5.0.1 requests/2.24.0 setuptools/39.0.1 requests-toolbelt/0.9.1 tqdm/4.47.0 CPython/3.6.9

File hashes

Hashes for django-user-secrets-0.2.0.tar.gz
Algorithm Hash digest
SHA256 c40c966282e3965c5d5c10cb9bba4332e55c749612fed238acb680a4a4d619be
MD5 a6df9e1fc8f74a2c5b41f701883655af
BLAKE2b-256 425c88f9476c113f0535502d1f608e031a5c6d429587a303b9ffd25684700a36

See more details on using hashes here.

File details

Details for the file django_user_secrets-0.2.0-py3-none-any.whl.

File metadata

  • Download URL: django_user_secrets-0.2.0-py3-none-any.whl
  • Upload date:
  • Size: 30.3 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.2.0 pkginfo/1.5.0.1 requests/2.24.0 setuptools/39.0.1 requests-toolbelt/0.9.1 tqdm/4.47.0 CPython/3.6.9

File hashes

Hashes for django_user_secrets-0.2.0-py3-none-any.whl
Algorithm Hash digest
SHA256 e87611aa656cd39689c9d466cf56e43135f07d76f90af9d6c536af4c2c37d26e
MD5 e8ef99602aad340381d516ebc4207c26
BLAKE2b-256 69f64931beeaa02bffce171d1208762b02df617c027b1567abeeb8ea899c6977

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page