From 1e4323673c172fd560caeb3f60c24279db7e6a8b Mon Sep 17 00:00:00 2001
From: Cayo Puigdefabregas <cayo@usody.com>
Date: Wed, 17 Jan 2024 12:40:54 +0100
Subject: [PATCH] encrypt admin dids with secret_key

---
 idhub/models.py | 5 ++++-
 idhub/views.py  | 7 ++++++-
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/idhub/models.py b/idhub/models.py
index 0ff6499..128071b 100644
--- a/idhub/models.py
+++ b/idhub/models.py
@@ -535,7 +535,10 @@ class VerificableCredential(models.Model):
         self.status = self.Status.ISSUED
         self.subject_did = did
         self.issued_on = datetime.datetime.now().astimezone(pytz.utc)
-        issuer_pass = cache.get("KEY_DIDS")
+        issuer_pass = self.user.decrypt_data(
+            cache.get("KEY_DIDS"),
+            settings.SECRET_KEY,
+        )
         data = sign_credential(
             self.render(),
             self.issuer_did.get_key_material(issuer_pass)
diff --git a/idhub/views.py b/idhub/views.py
index e746f02..3d64501 100644
--- a/idhub/views.py
+++ b/idhub/views.py
@@ -1,4 +1,5 @@
 from django.urls import reverse_lazy
+from django.conf import settings
 from django.core.cache import cache
 from django.utils.translation import gettext_lazy as _
 from django.contrib.auth import views as auth_views
@@ -30,7 +31,11 @@ class LoginView(auth_views.LoginView):
         if not user.is_anonymous and user.is_admin:
             admin_dashboard = reverse_lazy('idhub:admin_dashboard')
             self.extra_context['success_url'] = admin_dashboard
-            cache.set("KEY_DIDS", sensitive_data_encryption_key, None)
+            encryption_key = user.encrypt_data(
+                sensitive_data_encryption_key,
+                settings.SECRET_KEY
+            )
+            cache.set("KEY_DIDS", encryption_key, None)
 
         self.request.session["key_did"] = user.encrypt_data(
             sensitive_data_encryption_key,