def create(self, validated_data):
owner = validated_data['owner_write']
passwords = validated_data['passwords_write']
signing_key = validated_data['signing_key']
del validated_data['owner_write']
del validated_data['passwords_write']
del validated_data['signing_key']
del validated_data['user']
validated_data['owner'] = owner
with transaction.atomic(savepoint=True):
# Acquire lock on master key user
lock = get_lock()
# Validate our password dict looks good
keyset = self.check_password_dict(owner, passwords)
self.check_signing_key(signing_key)
# Create our key entry object
keyentry = KeyEntry.objects.create(**validated_data)
for entry in passwords:
key_pk, encoded_password, encoded_signature = self.check_password_dict_entry(
entry, keyset)
password_object = Password(
key_entry=keyentry,
public_key=PublicKey.objects.get(pk=key_pk),
password=encoded_password,
signature=encoded_signature,
signing_key=signing_key,
)
password_object.full_clean()
password_object.save()
keyentry.check_passwords()
return keyentry
def update(self, instance, validated_data):
owner = instance.owner
passwords = validated_data['passwords_write']
signing_key = validated_data['signing_key']
with transaction.atomic(savepoint=True):
# Acquire lock on master key user
lock = get_lock()
# Validate our password dict looks good
keyset = self.check_password_dict(owner, passwords)
self.check_signing_key(signing_key)
# Get our key entry object
keyentry = instance
for entry in passwords:
key_pk, encoded_password, encoded_signature = self.check_password_dict_entry(
entry, keyset)
# Get the corresponding password entry
password_object = keyentry.passwords.get(
public_key=PublicKey.objects.get(pk=key_pk))
password_object.password = encoded_password
password_object.signature = encoded_signature
password_object.signing_key = signing_key
password_object.full_clean()
password_object.save()
keyentry.check_passwords()
return keyentry
def ready(self):
from django.conf import settings
from api.models.util import get_master_user
from api.models.util import get_lock
from api.models.util import parse_key
from api.models import PublicKey
# Try to set up our master user, this fails under makemigrations.
try:
master_key = settings.MASTER_PUBLIC_KEY
# Try to parse the master key (exception if invalid)
parse_key(master_key)
with transaction.atomic(savepoint=True):
# Ensure our master key user exists
user = get_master_user()
# Acquire lock on master key user
lock = get_lock()
# Delete all keys, which aren't the master key
deleted_count, del_dict = PublicKey.objects.filter(
user=user).exclude(key=master_key).delete()
key, created = PublicKey.objects.get_or_create(user=user,
key=master_key)
if deleted_count != 0:
print "Deleted spurious master key(s)"
if created:
print "Created master key"
except Exception as exception:
print str(exception)
# TODO: Log exception
pass
def create(self, validated_data):
with transaction.atomic(savepoint=True):
# Acquire lock on master key user
lock = get_lock()
# Don't provide public key to user constructor
public_key_string = validated_data['public_key']
del validated_data['public_key']
# Create the user
user = super(UserSerializer, self).create(validated_data)
user.set_password(validated_data['password'])
user.full_clean()
user.save()
# Create an identity group
group = Group(name=validated_data['username'], )
group.full_clean()
group.save()
# Add our user to the group
group.user_set.add(user)
# Create the public key object for the user
public_key = PublicKey(
user=user,
key=public_key_string,
)
public_key.full_clean()
public_key.save()
# Return the user
return user
def create(self, validated_data):
user = self.context['request'].user
with transaction.atomic(savepoint=True):
# Acquire lock on master key user
lock = get_lock()
# Create a group
group = Group(name=validated_data['name'], )
group.full_clean()
group.save()
# Add the current user to the group
group.user_set.add(user)
return group
def update(self, instance, validated_data):
# TODO: Check that current user is allowed to add
with transaction.atomic(savepoint=True):
# Acquire lock on master key user
lock = get_lock()
user = validated_data['user_pk']
# # Get the provided user
# user = get_user_model().objects.get(pk=validated_data['user_pk'])
# Check that no passwords exist on the group
if instance.key_entries.count() != 0:
raise ValueError("Cannot add to groups with passwords")
# Add the provided user to the group
instance.user_set.add(user)
return instance