def clean(self): cleaned_data = super(CredentialForm, self).clean() # fields to which security_state applies, or from which it can be inferred crypto_fields = ('password', 'key') crypto_values = [cleaned_data.get(t) for t in crypto_fields] # are any of the crypto_fields set to a non-empty, non-annotated-block value? have_unencrypted_field = any_unencrypted(*crypto_values) # are any of the crypto_fields set to a non-empty, annotated-block value? have_annotated_field = any_annotated_block(*crypto_values) if have_unencrypted_field and have_annotated_field: raise forms.ValidationError("Submitted form contains some plain text data and some encrypted data. If you wish to update credentials, you must update all fields.") return cleaned_data
def clean(self): cleaned_data = super(CredentialForm, self).clean() # fields to which security_state applies, or from which it can be inferred crypto_fields = ('password', 'key') crypto_values = [cleaned_data.get(t) for t in crypto_fields] # are any of the crypto_fields set to a non-empty, non-annotated-block value? have_unencrypted_field = any_unencrypted(*crypto_values) # are any of the crypto_fields set to a non-empty, annotated-block value? have_annotated_field = any_annotated_block(*crypto_values) if have_unencrypted_field and have_annotated_field: raise forms.ValidationError( "Submitted form contains some plain text data and some encrypted data. If you wish to update credentials, you must update all fields." ) return cleaned_data
def on_pre_save(self): # security state is read-only in the admin; we validate the form to # make sure the data is consistent, but cross-check here and throw an # exception just in case # # we can't rewrite security_state in the form's clean method, as the # field is marked readonly, and so django discards any changes made to it crypto_values = [self.key, self.password, self.cert] # are any of the crypto_fields set to a non-empty, non-annotated-block value? have_unencrypted_field = any_unencrypted(*crypto_values) # are any of the crypto_fields set to a non-empty, annotated-block value? have_annotated_field = any_annotated_block(*crypto_values) assert not (have_unencrypted_field and have_annotated_field), \ 'Internal YABI error - unencrypted and annotated data mixed in Credential object %s' % str(self) # we never allow plaintext credentials to make it into the database if have_unencrypted_field: def protect(v): return encrypt_to_annotated_block(v, settings.SECRET_KEY) self.password, self.cert, self.key = protect(self.password), protect(self.cert), protect(self.key) self.security_state = Credential.PROTECTED
def on_pre_save(self): # security state is read-only in the admin; we validate the form to # make sure the data is consistent, but cross-check here and throw an # exception just in case # # we can't rewrite security_state in the form's clean method, as the # field is marked readonly, and so django discards any changes made to it crypto_values = [self.key, self.password, self.cert] # are any of the crypto_fields set to a non-empty, non-annotated-block value? have_unencrypted_field = any_unencrypted(*crypto_values) # are any of the crypto_fields set to a non-empty, annotated-block value? have_annotated_field = any_annotated_block(*crypto_values) assert not (have_unencrypted_field and have_annotated_field), \ 'Internal YABI error - unencrypted and annotated data mixed in Credential object %s' % str(self) # we never allow plaintext credentials to make it into the database if have_unencrypted_field: def protect(v): return encrypt_to_annotated_block(v, settings.SECRET_KEY) self.password, self.cert, self.key = protect( self.password), protect(self.cert), protect(self.key) self.security_state = Credential.PROTECTED