From 20f40b43d049d325ccc33b97bef0da784ac7d380 Mon Sep 17 00:00:00 2001 From: Daniel Armengod Date: Fri, 1 Dec 2023 07:01:51 +0100 Subject: [PATCH] Refactored all uses of DID.key_material --- idhub/admin/views.py | 2 +- idhub/models.py | 17 ++++++++++++----- idhub/user/forms.py | 3 ++- idhub/user/views.py | 3 ++- 4 files changed, 17 insertions(+), 8 deletions(-) diff --git a/idhub/admin/views.py b/idhub/admin/views.py index f8fd6d0..1725339 100644 --- a/idhub/admin/views.py +++ b/idhub/admin/views.py @@ -645,7 +645,7 @@ class DidRegisterView(Credentials, CreateView): def form_valid(self, form): form.instance.user = self.request.user - form.instance.set_did() + form.instance.set_did(self.request.session) form.save() messages.success(self.request, _('DID created successfully')) Event.set_EV_ORG_DID_CREATED_BY_ADMIN(form.instance) diff --git a/idhub/models.py b/idhub/models.py index fbf00ef..6a326b9 100644 --- a/idhub/models.py +++ b/idhub/models.py @@ -439,9 +439,16 @@ class DID(models.Model): return True return False - def set_did(self): - self.key_material = generate_did_controller_key() - self.did = keydid_from_controller_key(self.key_material) + def set_did(self, session): + """ + Generates a new DID Controller Key and derives a DID from it. + Because DID Controller Keys are stored encrypted using a User's Sensitive Data Encryption Key, + this function needs to be called in the context of a request. + """ + new_key_material = generate_did_controller_key() + self.did = keydid_from_controller_key(new_key_material) + self.set_key_material(new_key_material, session) + # TODO: darmengo: esta funcion solo se llama desde un fichero que sube cosas a s3 (??) Preguntar a ver que hace. def get_key_deprecated(self): @@ -546,7 +553,7 @@ class VerificableCredential(models.Model): data = json.loads(self.csv_data).items() return data - def issue(self, did): + def issue(self, did, session): if self.status == self.Status.ISSUED: return @@ -555,7 +562,7 @@ class VerificableCredential(models.Model): self.issued_on = datetime.datetime.now().astimezone(pytz.utc) self.data = sign_credential( self.render(), - self.issuer_did.key_material + self.issuer_did.get_key_material(session) ) def get_context(self): diff --git a/idhub/user/forms.py b/idhub/user/forms.py index 53a1149..3735d64 100644 --- a/idhub/user/forms.py +++ b/idhub/user/forms.py @@ -18,6 +18,7 @@ class RequestCredentialForm(forms.Form): def __init__(self, *args, **kwargs): self.user = kwargs.pop('user', None) + self.session = kwargs.pop('session', None) super().__init__(*args, **kwargs) self.fields['did'].choices = [ (x.did, x.label) for x in DID.objects.filter(user=self.user) @@ -45,7 +46,7 @@ class RequestCredentialForm(forms.Form): did = did[0].did cred = cred[0] try: - cred.issue(did) + cred.issue(did, self.session) except Exception: return diff --git a/idhub/user/views.py b/idhub/user/views.py index 482b40e..d59f7d6 100644 --- a/idhub/user/views.py +++ b/idhub/user/views.py @@ -128,6 +128,7 @@ class CredentialsRequestView(MyWallet, FormView): def get_form_kwargs(self): kwargs = super().get_form_kwargs() kwargs['user'] = self.request.user + kwargs['session'] = self.request.session return kwargs def form_valid(self, form): @@ -189,7 +190,7 @@ class DidRegisterView(MyWallet, CreateView): def form_valid(self, form): form.instance.user = self.request.user - form.instance.set_did() + form.instance.set_did(self.request.session) form.save() messages.success(self.request, _('DID created successfully'))