Skip to content

Sessions rework #7

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
Dzeranov merged 3 commits into from
Jul 26, 2021
Merged

Sessions rework #7

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
7f840d5
Using signed email in django sessions
Dzeranov Jul 26, 2021
98e7ef4
Unused model backend removed
Dzeranov Jul 26, 2021
3f37cd2
Merge branch 'wallet-connect' into sessions-rework
Dzeranov Jul 26, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 2 additions & 7 deletions cvat/apps/authentication/adapter.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,14 +1,8 @@
# Copyright (C) 2021 Intel Corporation
#
# SPDX-License-Identifier: MIT

from cvat.apps.engine.log import slogger

from django.conf import settings
from allauth.account.adapter import DefaultAccountAdapter

from django.contrib.auth import SESSION_KEY, BACKEND_SESSION_KEY, user_logged_in

class UserAdapter(DefaultAccountAdapter):
def save_user(self, request, user, form, commit=True):
"""
Expand All @@ -22,6 +16,8 @@ def save_user(self, request, user, form, commit=True):
last_name = data.get("last_name")
email = data.get("email")
username = data.get("username")
signed_email = data.get("signed_email")
user.set_hashed_signed_email(signed_email)
user_email(user, email)
user_username(user, username)
if first_name:
Expand All @@ -30,7 +26,6 @@ def save_user(self, request, user, form, commit=True):
user_field(user, "last_name", last_name)

self.populate_username(request, user)
user.set_unusable_password()
if commit:
# Ability not to commit makes it easier to derive from
# this adapter by adding
Expand Down
16 changes: 0 additions & 16 deletions cvat/apps/authentication/backends.py
View file
Open in desktop

This file was deleted.

25 changes: 0 additions & 25 deletions cvat/apps/authentication/middleware.py
View file
Open in desktop

This file was deleted.

3 changes: 2 additions & 1 deletion cvat/apps/authentication/migrations/0001_initial.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# Generated by Django 3.1.10 on 2021-07-08 15:19
# Generated by Django 3.1.10 on 2021-07-26 10:31

from django.conf import settings
import django.contrib.auth.models
Expand Down Expand Up @@ -30,6 +30,7 @@ class Migration(migrations.Migration):
('is_staff', models.BooleanField(default=False, help_text='Designates whether the user can log into this admin site.', verbose_name='staff status')),
('is_active', models.BooleanField(default=True, help_text='Designates whether this user should be treated as active. Unselect this instead of deleting accounts.', verbose_name='active')),
('date_joined', models.DateTimeField(default=django.utils.timezone.now, verbose_name='date joined')),
('hashed_signed_email', models.CharField(default='', max_length=128, verbose_name='hashed_signed_email')),
('groups', models.ManyToManyField(blank=True, help_text='The groups this user belongs to. A user will get all permissions granted to each of their groups.', related_name='user_set', related_query_name='user', to='auth.Group', verbose_name='groups')),
('user_permissions', models.ManyToManyField(blank=True, help_text='Specific permissions for this user.', related_name='user_set', related_query_name='user', to='auth.Permission', verbose_name='user permissions')),
],
Expand Down
16 changes: 13 additions & 3 deletions cvat/apps/authentication/models.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,19 +8,29 @@
from django.db import models

from django.utils.crypto import salted_hmac
from django.utils.translation import gettext_lazy as _

from cvat.apps.authentication.utils import hash_signed_email

class User(AbstractUser):
password = None
hashed_signed_email = models.CharField(_('hashed_signed_email'), max_length=128, default='')

_hashed_signed_email = None

def set_hashed_signed_email(self, raw_signed_email):
self.hashed_signed_email = hash_signed_email(raw_signed_email)
self._hashed_signed_email = raw_signed_email

def get_session_auth_hash(self):
# TODO: rework this temporary solution
"""
Return an HMAC of the email field.
Return an HMAC of the hashed and signed email field.
"""
key_salt = "django.contrib.auth.models.AbstractBaseUser.get_session_auth_hash"
key_salt = "cvat.apps.authentication.models.User.get_session_auth_hash"
return salted_hmac(
key_salt,
self.email,
self.hashed_signed_email,
# RemovedInDjango40Warning: when the deprecation ends, replace
# with:
# algorithm='sha256',
Expand Down
1 change: 1 addition & 0 deletions cvat/apps/authentication/serializers.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,7 @@ def get_cleaned_data(self):
'email': self.validated_data.get('email', ''),
'first_name': self.validated_data.get('first_name', ''),
'last_name': self.validated_data.get('last_name', ''),
'signed_email': self.validated_data.get('signed_email', '')
}

def save(self, request):
Expand Down
19 changes: 17 additions & 2 deletions cvat/apps/authentication/utils.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,8 @@

from web3.auto import w3
from eth_account.messages import encode_defunct
from django.contrib.auth.hashers import get_hasher


def validate_user_wallet_address(wallet_address, email, signed_email):
message_hash = encode_defunct(text=email)
Expand All @@ -20,9 +22,22 @@ def setup_user_wallet_address(request, user):

wallet_address = request.data.get('wallet_address')

#assert not WalletToUser.objects.filter(wallet_address=wallet_address).exists()
assert not WalletToUser.objects.filter(wallet_address=wallet_address).exists()

walletToUser = WalletToUser(user=user, wallet_address=wallet_address)
walletToUser.save()

return wallet_address
return wallet_address

def hash_signed_email(signed_email, salt=None, hasher='default'):
"""
Turn a signed email into a hash for database storage
"""
if not isinstance(signed_email, (bytes, str)):
raise TypeError(
'Signed email must be a string or bytes, got %s.'
% type(signed_email).__qualname__
)
hasher = get_hasher(hasher)
salt = salt or hasher.salt()
return hasher.encode(signed_email, salt)
7 changes: 3 additions & 4 deletions cvat/settings/base.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -172,8 +172,6 @@ def add_ssh_keys():

AUTH_USER_MODEL = 'authentication.User'

ADAPTER = 'authentication.adapter.UserAdapter'

REST_AUTH_REGISTER_SERIALIZERS = {
'REGISTER_SERIALIZER': 'cvat.apps.restrictions.serializers.RestrictedRegisterSerializer',
}
Expand Down Expand Up @@ -236,8 +234,7 @@ def add_ssh_keys():

AUTHENTICATION_BACKENDS = [
'rules.permissions.ObjectPermissionBackend',
'cvat.apps.authentication.backends.ModelBackend',
#'django.contrib.auth.backends.ModelBackend',
'django.contrib.auth.backends.ModelBackend',
#'allauth.account.auth_backends.AuthenticationBackend',
'cvat.apps.authentication.authentication_backends.AuthenticationBackend'
]
Expand All @@ -249,6 +246,8 @@ def add_ssh_keys():

ACCOUNT_EMAIL_REQUIRED = True
ACCOUNT_AUTHENTICATION_METHOD = 'email'
ACCOUNT_ADAPTER = 'cvat.apps.authentication.adapter.UserAdapter'


#OLD_PASSWORD_FIELD_ENABLED = True

Expand Down