def upload_photo_id_image(self, img_data): """ Upload an the user's photo ID image. `img_data` should be a raw bytestream of a PNG image. This method will take the data, encrypt it using a randomly generated AES key, encode it with base64 and save it to the storage backend. The random key is also encrypted using Software Secure's public RSA key and stored in our `photo_id_key` field. Yes, encoding it to base64 adds compute and disk usage without much real benefit, but that's what the other end of this API is expecting to get. """ # Skip this whole thing if we're running acceptance tests or if we're # developing and aren't interested in working on student identity # verification functionality. If you do want to work on it, you have to # explicitly enable these in your private settings. if settings.FEATURES.get('AUTOMATIC_VERIFY_STUDENT_IDENTITY_FOR_TESTING'): # fake photo id key is set only for initial verification self.photo_id_key = 'fake-photo-id-key' self.save() return aes_key = random_aes_key() rsa_key_str = settings.VERIFY_STUDENT["SOFTWARE_SECURE"]["RSA_PUBLIC_KEY"] rsa_encrypted_aes_key = rsa_encrypt(aes_key, rsa_key_str) # Save this to the storage backend path = self._get_path("photo_id") buff = ContentFile(encrypt_and_encode(img_data, aes_key)) self._storage.save(path, buff) # Update our record fields self.photo_id_key = rsa_encrypted_aes_key.encode('base64') self.save()