Add a separate pubkey/privatekey for sharing.

It's separated from the login one so that encryption key and identity can be rotated separately.
5 years ago · e94e2f9d70
parent 863c405802
commit e94e2f9d70
3 changed files with 33 additions and 1 deletions
--- a/django_etesync/migrations/0006_auto_20200526_1040.py
+++ b/django_etesync/migrations/0006_auto_20200526_1040.py
@ -0,0 +1,25 @@
+# Generated by Django 3.0.3 on 2020-05-26 10:40
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('django_etesync', '0005_auto_20200526_1021'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='userinfo',
+            name='encryptedSeckey',
+            field=models.BinaryField(default=b'', editable=True),
+            preserve_default=False,
+        ),
+        migrations.AddField(
+            model_name='userinfo',
+            name='pubkey',
+            field=models.BinaryField(default=b'', editable=True),
+            preserve_default=False,
+        ),
+    ]
--- a/django_etesync/models.py
+++ b/django_etesync/models.py
@ -175,6 +175,8 @@ class UserInfo(models.Model):
    owner = models.OneToOneField(settings.AUTH_USER_MODEL, on_delete=models.CASCADE, primary_key=True)
    version = models.PositiveSmallIntegerField(default=1)
    loginPubkey = models.BinaryField(editable=True, blank=False, null=False)
+    pubkey = models.BinaryField(editable=True, blank=False, null=False)
+    encryptedSeckey = models.BinaryField(editable=True, blank=False, null=False)
    salt = models.BinaryField(editable=True, blank=False, null=False)

    def __str__(self):
--- a/django_etesync/serializers.py
+++ b/django_etesync/serializers.py
@ -326,9 +326,12 @@ class InvitationAcceptSerializer(serializers.Serializer):


 class UserSerializer(serializers.ModelSerializer):
+    pubkey = BinaryBase64Field(source='userinfo.pubkey')
+    encryptedSeckey = BinaryBase64Field(source='userinfo.encryptedSeckey')
+
    class Meta:
        model = User
-        fields = (User.USERNAME_FIELD, User.EMAIL_FIELD)
+        fields = (User.USERNAME_FIELD, User.EMAIL_FIELD, 'pubkey', 'encryptedSeckey')


 class UserQuerySerializer(serializers.ModelSerializer):
@ -349,6 +352,8 @@ class AuthenticationSignupSerializer(serializers.Serializer):
    user = UserQuerySerializer(many=False)
    salt = BinaryBase64Field()
    loginPubkey = BinaryBase64Field()
+    pubkey = BinaryBase64Field()
+    encryptedSeckey = BinaryBase64Field()

    def create(self, validated_data):
        """Function that's called when this serializer creates an item"""