orcasgit / django-fernet-fields Goto Github PK

Just a heads up that the following has started showing up:

django.utils.deprecation.RemovedInDjango30Warning: Remove the context parameter from EncryptedTextField.from_db_value(). Support for it will be removed in Django 3.0.

It seems to be referring to this code, which fortunately doesn't actually use that param:

Thank you for this very useful library!

Hello, I've got an issue with django-fernet-fields. I am using Django 1.11 and django-fernet-fields 0.5. When I am trying to access a model that contains 2 attributes encrypted as EncryptedTextField , even from the admin site, Django is raising this error:

[2019/08/16 08:55:27] django.request ERROR [...] Internal Server Error: /admin/...
Traceback (most recent call last):
  File "/usr/local/lib/python3.6/site-packages/cryptography/fernet.py", line 104, in _verify_signature
    h.verify(data[-32:])
  File "/usr/local/lib/python3.6/site-packages/cryptography/hazmat/primitives/hmac.py", line 66, in verify
    ctx.verify(signature)
  File "/usr/local/lib/python3.6/site-packages/cryptography/hazmat/backends/openssl/hmac.py", line 74, in verify
    raise InvalidSignature("Signature did not match digest.")
cryptography.exceptions.InvalidSignature: Signature did not match digest.

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  ...
  File "/usr/local/lib/python3.6/site-packages/cryptography/fernet.py", line 75, in decrypt
    return self._decrypt_data(data, timestamp, ttl)
  File "/usr/local/lib/python3.6/site-packages/cryptography/fernet.py", line 117, in _decrypt_data
    self._verify_signature(data)
  File "/usr/local/lib/python3.6/site-packages/cryptography/fernet.py", line 106, in _verify_signature
    raise InvalidToken
cryptography.fernet.InvalidToken

I am not defining any key for encryption/decryption, so I assume (according to the docs) that the key used to encrypt/decrypt is my Django secret key. I am pretty sure this key has not changed (the only thing I changed was my database address, but it is exactly the same database).
If you can point me in a right direction to solve this issue would be great. Otherwise, there might be an issue with django-fernet-fields.
Thanks in advance.

In the docs or in this issue number can someone explain how to decrypt the fields when you want to see the encrypted data again? Can you view the decrypted data automatically in admin or the database (postgresql, sqlite, etc)? Please provide code examples and easy descriptions on how to do the decryption. Does it have to be decrypted in the command line? Where do the keys come in and how do you use them?

edit: Figured out that encryption and decryption happens from the SECRET_KEY automatically.

Deploying an app that depends on django-fernet-fields on Heroku does not work out-of-the-box if only django-fernet-fields is specified on the requirements.txt (i.e. not its dependencies)

Heroku needs to know the app explicitly depends on cffi to install libffi. See:
https://github.com/heroku/heroku-buildpack-python/blob/5446d448fd3c06c369ff51c60344180796e7bf5d/bin/steps/cryptography#L23

Maybe it would be good to have a note about this on README?

In model AccountTransaction as creation_timestamp we using fernet_fields.EncryptedDateTimeField. And we just found that this field is loosing timezone on save action.

Please see below code:

In [22]: at_z3 = AccountTransaction.objects.last()

In [22]: at_z3.creation_timestamp
Out[22]: datetime.datetime(2021, 10, 29, 3, 16, 6, 896068)

In [23]: at_z3.creation_timestamp = set_timezone(at_z3.creation_timestamp)

In [24]: at_z3.creation_timestamp
Out[24]: datetime.datetime(2021, 10, 29, 3, 16, 6, 896068, tzinfo=<DstTzInfo 'Europe/Berlin' CEST+2:00:00 DST>)

In [25]: at_z3.save()

In [26]: at_z4 = AccountTransaction.objects.last()

In [27]: at_z3
Out[27]: <AccountTransaction: f2d60076-ff91-4d98-8f63-7b2e896635e6-T613951385360465921.48974>

In [28]: at_z4
Out[28]: <AccountTransaction: f2d60076-ff91-4d98-8f63-7b2e896635e6-T613951385360465921.48974>

In [29]: at_z3.creation_timestamp
Out[29]: datetime.datetime(2021, 10, 29, 3, 16, 6, 896068, tzinfo=<DstTzInfo 'Europe/Berlin' CEST+2:00:00 DST>)

In [30]: at_z4.creation_timestamp
Out[30]: datetime.datetime(2021, 10, 29, 1, 16, 6, 896068)

I am experiencing the error indicated in the title. I am running Python 3.6.5 and am using the EncryptedCharField. Django 2.0

/venv/lib/python3.6/site-packages/fernet_fields/fields.py", line 76, in from_db_value value = bytes(value) TypeError: string argument without an encoding

Likely related to this? https://stackoverflow.com/a/37601966/5331935

The README mentions that only Python 3.4 is supported.
Are there any plans to support Python 3.5 or is there anything we can do that Python 3.5 will be supported (Pull Request?)

Hello,

Encrypting the models are good, but after the encryption, if I want to get the data by the id of the row i get the exception error like mentioned above.
My Modal

from fernet_fields import EncryptedCharField

class MyModal(models.Model): 
    name = EncryptedCharField(max_length=50, default='')

My code

from app.models import MyModal

def get_details(request):
    data_id = request.GET.get('id')
    data = MyModal.objects.filter(id=data_id)
    print data
    return HttpResponse('Success')

Can I hide origin field data in Django admin?
show hash like django passwords or link with Show/Hide actions?

Does anyone know if there will be updates to support Django 3.x released soon? It looks like there is activity in Pull Requests / Issues, but the package author is no where to be found. Is the project abandoned?

Are there any plans to support File and Image fields?

Thanks!

This github project's EncryptedEmailField() is not compatible with allauth for encrypting an email during the allauth custom user model sign up process from my website's form. When I create a user from the command line or admin, this github project works perfectly. But when trying to create a user from the allauth sign up form, it gives me this error message:

Error:

django.core.exceptions.FieldError: EncryptedEmailField 'iexact' does not support lookups

I have the following custom user model:

from fernet_fields import EncryptedEmailField

class CustomUserManager(BaseUserManager):
	def _create_user(self, email, password,is_staff, is_superuser, **extra_fields):
		now = timezone.now()
		if not email:
			raise ValueError('The given email must be set')
		email = self.normalize_email(email)
		user = self.model(email=email,is_staff=is_staff, is_active=True,is_superuser=is_superuser, last_login=now,**extra_fields)
		user.set_password(password)
		user.save(using=self._db)
		return user
	def create_user(self, email, password=None, **extra_fields):
		return self._create_user(email, password, False, False,**extra_fields)
	def create_superuser(self, email, password, **extra_fields):
		return self._create_user(email, password, True, True,**extra_fields)

class CustomUser(AbstractBaseUser, PermissionsMixin):
	objects = CustomUserManager()
	email = EncryptedEmailField()
	identifier = models.CharField(unique=True, max_length=50, default=uuid.uuid1)
	username = models.CharField(_('username'), max_length=30, blank=True, default='', unique=True)
	USERNAME_FIELD = 'username'
	first_name = models.CharField(_('first name'), max_length=30, blank=True)
	last_name = models.CharField(_('last name'), max_length=30, blank=True)
	is_staff = models.BooleanField(_('staff status'), default=False,
    	help_text=_('Designates whether the user can log into this admin '
                	'site.'))
	is_mod = models.BooleanField(_('moderator status'), default=False,
    	help_text=_('Designates whether the user can access mod pages and do mod things.'))
	is_active = models.BooleanField(_('active'), default=True,
    	help_text=_('Designates whether this user should be treated as '
                	'active. Unselect this instead of deleting accounts.'))
	EMAIL_FIELD = 'email'
	REQUIRED_FIELDS = ['email']

Allauth files interfering with this:

https://github.com/pennersr/django-allauth/blob/master/allauth/utils.py#L145

https://github.com/pennersr/django-allauth/blob/master/allauth/account/forms.py#L336

https://github.com/pennersr/django-allauth/blob/master/allauth/account/adapter.py#L300

The main reason I want to do this is to protect myself from PII violations. Since allauth is probably the most popular django authentication package, I think this should be a required fix.

More details:

https://www.reddit.com/r/djangolearning/comments/fm7cnt/custom_user_model_encrypt_email/

I also created this same issue on the allauth github project page.

I've tried the following:

from django.contrib.postgres.fields import JSONField
from fernet_fields import EncryptedField

class EncryptedJSONField (EncryptedField, JSONField):
    ...

private_column = EncryptedJSONField(default = dict)

but got the following error:

django.db.utils.ProgrammingError: column "private_column" is of type jsonb but expression is of type bytea

Any suggestion?

This DeprecationWarning has started showing up in Django when using EncryptedCharField

/usr/local/lib/python3.6/dist-packages/fernet_fields/fields.py:77: RemovedInDjango40Warning: force_text() is deprecated in favor of force_str().
    return self.to_python(force_text(self.fernet.decrypt(value)))