def clean(self):
cleaned_data = super(CredentialForm, self).clean()
# fields to which security_state applies, or from which it can be inferred
crypto_fields = ('password', 'key')
crypto_values = [cleaned_data.get(t) for t in crypto_fields]
# are any of the crypto_fields set to a non-empty, non-annotated-block value?
have_unencrypted_field = any_unencrypted(*crypto_values)
# are any of the crypto_fields set to a non-empty, annotated-block value?
have_annotated_field = any_annotated_block(*crypto_values)
if have_unencrypted_field and have_annotated_field:
raise forms.ValidationError("Submitted form contains some plain text data and some encrypted data. If you wish to update credentials, you must update all fields.")
return cleaned_data
def clean(self):
cleaned_data = super(CredentialForm, self).clean()
# fields to which security_state applies, or from which it can be inferred
crypto_fields = ('password', 'key')
crypto_values = [cleaned_data.get(t) for t in crypto_fields]
# are any of the crypto_fields set to a non-empty, non-annotated-block value?
have_unencrypted_field = any_unencrypted(*crypto_values)
# are any of the crypto_fields set to a non-empty, annotated-block value?
have_annotated_field = any_annotated_block(*crypto_values)
if have_unencrypted_field and have_annotated_field:
raise forms.ValidationError(
"Submitted form contains some plain text data and some encrypted data. If you wish to update credentials, you must update all fields."
)
return cleaned_data
def on_pre_save(self):
# security state is read-only in the admin; we validate the form to
# make sure the data is consistent, but cross-check here and throw an
# exception just in case
#
# we can't rewrite security_state in the form's clean method, as the
# field is marked readonly, and so django discards any changes made to it
crypto_values = [self.key, self.password, self.cert]
# are any of the crypto_fields set to a non-empty, non-annotated-block value?
have_unencrypted_field = any_unencrypted(*crypto_values)
# are any of the crypto_fields set to a non-empty, annotated-block value?
have_annotated_field = any_annotated_block(*crypto_values)
assert not (have_unencrypted_field and have_annotated_field), \
'Internal YABI error - unencrypted and annotated data mixed in Credential object %s' % str(self)
# we never allow plaintext credentials to make it into the database
if have_unencrypted_field:
def protect(v):
return encrypt_to_annotated_block(v, settings.SECRET_KEY)
self.password, self.cert, self.key = protect(self.password), protect(self.cert), protect(self.key)
self.security_state = Credential.PROTECTED
def on_pre_save(self):
# security state is read-only in the admin; we validate the form to
# make sure the data is consistent, but cross-check here and throw an
# exception just in case
#
# we can't rewrite security_state in the form's clean method, as the
# field is marked readonly, and so django discards any changes made to it
crypto_values = [self.key, self.password, self.cert]
# are any of the crypto_fields set to a non-empty, non-annotated-block value?
have_unencrypted_field = any_unencrypted(*crypto_values)
# are any of the crypto_fields set to a non-empty, annotated-block value?
have_annotated_field = any_annotated_block(*crypto_values)
assert not (have_unencrypted_field and have_annotated_field), \
'Internal YABI error - unencrypted and annotated data mixed in Credential object %s' % str(self)
# we never allow plaintext credentials to make it into the database
if have_unencrypted_field:
def protect(v):
return encrypt_to_annotated_block(v, settings.SECRET_KEY)
self.password, self.cert, self.key = protect(
self.password), protect(self.cert), protect(self.key)
self.security_state = Credential.PROTECTED
