Add Secrets to the admin page #939
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Task linked: QF-3734 Add a way to configure secrets via the Admin |
suricactus
reviewed
May 21, 2024
There was a problem hiding this comment.
Code looks good, a few small comments.
Unfortunately checking out locally causes this error:
Environment:
Request Method: GET
Request URL: http://localhost:8002/admin/core/secret/
Django Version: 3.2.25
Python Version: 3.10.8
Installed Applications:
['qfieldcloud.web',
'jazzmin',
'django.contrib.admin',
'django.contrib.contenttypes',
'django.contrib.gis',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'django.contrib.sites',
'django_filters',
'debug_toolbar',
'rest_framework',
'rest_framework.authtoken',
'drf_spectacular',
'allauth',
'allauth.account',
'allauth.socialaccount',
'storages',
'invitations',
'django_cron',
'django_countries',
'timezone_field',
'auditlog',
'qfieldcloud.core',
'django.contrib.auth',
'qfieldcloud.subscription',
'qfieldcloud.notifs',
'qfieldcloud.authentication',
'notifications',
'axes',
'migrate_sql',
'constance',
'constance.backends.database',
'django_extensions',
'bootstrap4',
'django_tables2',
'qfieldcloud.billing']
Installed Middleware:
['debug_toolbar.middleware.DebugToolbarMiddleware',
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.locale.LocaleMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'qfieldcloud.core.middleware.requests.attach_keys',
'log_request_id.middleware.RequestIDMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
'django_currentuser.middleware.ThreadLocalUserMiddleware',
'auditlog.middleware.AuditlogMiddleware',
'qfieldcloud.core.middleware.timezone.TimezoneMiddleware',
'qfieldcloud.core.middleware.test.TestMiddleware',
'axes.middleware.AxesMiddleware']
Traceback (most recent call last):
File "/usr/local/lib/python3.10/site-packages/django_cryptography/core/signing.py", line 245, in unsign
self.signature(signed_value[:-d_size]).verify(sig)
During handling of the above exception (Signature did not match digest.), another exception occurred:
File "/usr/local/lib/python3.10/site-packages/django/core/handlers/exception.py", line 47, in inner
response = get_response(request)
File "/usr/local/lib/python3.10/site-packages/django/core/handlers/base.py", line 181, in _get_response
response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "/usr/local/lib/python3.10/site-packages/sentry_sdk/integrations/django/views.py", line 85, in sentry_wrapped_callback
return callback(request, *args, **kwargs)
File "/usr/local/lib/python3.10/site-packages/django/contrib/admin/options.py", line 616, in wrapper
return self.admin_site.admin_view(view)(*args, **kwargs)
File "/usr/local/lib/python3.10/site-packages/django/utils/decorators.py", line 130, in _wrapped_view
response = view_func(request, *args, **kwargs)
File "/usr/local/lib/python3.10/site-packages/django/views/decorators/cache.py", line 44, in _wrapped_view_func
response = view_func(request, *args, **kwargs)
File "/usr/local/lib/python3.10/site-packages/django/contrib/admin/sites.py", line 232, in inner
return view(request, *args, **kwargs)
File "/usr/local/lib/python3.10/site-packages/django/utils/decorators.py", line 43, in _wrapper
return bound_method(*args, **kwargs)
File "/usr/local/lib/python3.10/site-packages/django/utils/decorators.py", line 130, in _wrapped_view
response = view_func(request, *args, **kwargs)
File "/usr/local/lib/python3.10/site-packages/django/contrib/admin/options.py", line 1815, in changelist_view
'selection_note': _('0 of %(cnt)s selected') % {'cnt': len(cl.result_list)},
File "/usr/local/lib/python3.10/site-packages/django/db/models/query.py", line 262, in __len__
self._fetch_all()
File "/usr/local/lib/python3.10/site-packages/django/db/models/query.py", line 1324, in _fetch_all
self._result_cache = list(self._iterable_class(self))
File "/usr/local/lib/python3.10/site-packages/django/db/models/query.py", line 68, in __iter__
for row in compiler.results_iter(results):
File "/usr/local/lib/python3.10/site-packages/django/db/models/sql/compiler.py", line 1122, in apply_converters
value = converter(value, expression, connection)
File "/usr/local/lib/python3.10/site-packages/django_cryptography/fields.py", line 174, in from_db_value
return self._load(force_bytes(value))
File "/usr/local/lib/python3.10/site-packages/django_cryptography/fields.py", line 116, in _load
return pickle.loads(self._fernet.decrypt(value, self.ttl))
File "/usr/local/lib/python3.10/site-packages/django_cryptography/utils/crypto.py", line 143, in decrypt
data = self._signer.unsign(data, ttl)
File "/usr/local/lib/python3.10/site-packages/django_cryptography/core/signing.py", line 247, in unsign
raise BadSignature(
Exception Type: BadSignature at /admin/core/secret/
Exception Value: Signature "b'fMju/hqFTCst1kP8c5/Bp5tRZn30lRedc2R+HJl3A9A=\n'" does not match
Any ideas? Shall we look together?
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
|
@suricactus BadSignature error occurs when you have secrets in the db encrypted with a different key (e.g. a db dump from another system). Try to clean the secrets table and test with newly created secrets. |
suricactus
reviewed
May 22, 2024
suricactus
reviewed
May 22, 2024
|
There is now a read-only ProjectSecretInline:
The only missing part is a button in the project admin to create a new secret for that project. @suricactus do you have an idea how this can be implemented (without a custom project template)? Otherwise I think this is ready to be merged. |
See potential fix to this issue here: #949
I did a small commit, check it's commit and message. In general, we always prefer to use the decorator for new admin stuff, the old way looks a bit too hacky. |
suricactus
approved these changes
May 26, 2024
boardend
force-pushed
the
QF-3734-secret-admin
branch
from
632c24c
to
8b157fc
Compare
Since we are messing with the name in Just re-based on my machine. If the tests pass, I will squash and merge. |
Co-authored-by: Ivan Ivanov <suricactus@users.noreply.github.com>
Co-authored-by: Ivan Ivanov <suricactus@users.noreply.github.com>
Co-authored-by: Ivan Ivanov <suricactus@users.noreply.github.com>
boardend
force-pushed
the
QF-3734-secret-admin
branch
from
1902184
to
eb02bba
Compare
This was referenced May 27, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Secrets list view:
Adding a new secret:
Name,Type,ValueandProjectcan be specifiedCreated bywill be set to the current userModifying an existing secret:
Valueis not presented to the userValuecan be overwrittenType