Custom auth backend won't work after applied configurations on exists django project.
Vitaee opened this issue · 0 comments
Vitaee commented
I have simple django web project and i have below auth backend:
class EmailBackend(ModelBackend):
def authenticate(self, request, email, password, **kwargs):
try:
key = Fernet(b'-XDmDxaRPAiWfVu67gH-zc9R5QARb47IokU5Wu3rbK0=')
# above byte value is my django project's secret key
decrypted_email = key.decrypt(email.encode()).decode()
user = User.objects.get(email__iexact=decrypted_email)
except User.DoesNotExist:
return None
if user.check_password(password):
return user
I configured django-cryptography and i updated my auth backend like above. My exists data in now encrypted its working well.
Now i got Invalid Token error on my authentication. So currently my users can't authenticate. What is my mistake? why i can't decrypt the encrypted emails? to able to use django orm on it.
i created Fernet key based on Django's SECRET_KEY like below:
django_secret_key = settings.SECRET_KEY
key = PBKDF2HMAC(
algorithm=hashes.SHA256(),
salt=b'django-cryptography',
iterations=100000,
length=32
).derive(django_secret_key.encode())
fernet_key = base64.urlsafe_b64encode(key)
In my settings.py i didn't put any variables related to django-cryptography. Should i use these variables?
- CRYPTOGRAPHY_BACKEND
- CRYPTOGRAPHY_DIGEST
- CRYPTOGRAPHY_KEY
- CRYPTOGRAPHY_SALT
My current user model looks like below:
class User(AbstractUser):
email = encrypt(models.EmailField('Eposta Adresi', blank=True, null=True))
phone=encrypt(PhoneNumberField(
_('GSM Numarası'), unique=True, blank=False, null=True))
device_id= encrypt(models.CharField(
'Cihaz ID', max_length=50, null=True, blank=True))
id_no = encrypt(models.CharField(
verbose_name="Kullanıcı TC Kimlik No", blank=True, null=True, max_length=11))
USERNAME_FIELD = 'phone'
REQUIRED_FIELDS = []
My django version==4.2.6 and i am using latest release of the django-cryptography. As a database i am using postgresql.