alex/django_wallet
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add app user management allauth

Browse Source
This commit is contained in:
alex
2025-02-01 19:16:33 +01:00
parent c13049a30f
commit e3ae8300f1
55 changed files with 1147 additions and 465 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
wallet_api/__init__.py
View File

@@ -1,45 +0,0 @@
from queue import Queue
from dotenv import dotenv_values
import paho.mqtt.client as mqtt
import json
import os
print(f"__init__.py eseguito in PID {os.getpid()}")
config = dotenv_values(".env")
listClients_queue = Queue()
listRoles_queue = Queue()
getClient_queue = Queue()
changeClient_queue = Queue()
command_queue_map = {
"listClients": listClients_queue,
"listRoles": listRoles_queue,
"getClient": getClient_queue,
"createClient": changeClient_queue,
"deleteClient": changeClient_queue,
"enableClient": changeClient_queue,
"disableClient": changeClient_queue
}
def on_message(client, userdata, msg):
msg_json = json.loads(msg.payload.decode("utf-8"))
command = msg_json['responses'][0]['command']
print(f"Received message: {msg.payload.decode("utf-8")} - Command: {command}")
if command in command_queue_map:
command_queue_map[command].put(msg.payload.decode("utf-8"))
def on_connect(client, userdata, flags, rc, properties):
if rc == 0:
print('Connected successfully. Properties:', properties)
client.subscribe(config['MQTT_DS_RESP_TOPIC'])
else:
print('Bad connection. Code:', rc)
client = mqtt.Client(mqtt.CallbackAPIVersion.VERSION2, protocol=mqtt.MQTTv5)
client.on_connect = on_connect
client.on_message = on_message
client.username_pw_set(config['MQTT_USER'], config['MQTT_PASSWORD'])
client.connect(config['MQTT_HOST'], int(config['MQTT_PORT']), int(config['MQTT_KEEPALIVE']))
client.loop_start()

15
wallet_api/migrations/0001_initial.py
View File

@@ -1,4 +1,4 @@
# Generated by Django 5.1.4 on 2025-01-15 18:24
# Generated by Django 5.1.4 on 2025-01-31 22:09
from django.db import migrations, models
@@ -14,9 +14,8 @@ class Migration(migrations.Migration):
migrations.CreateModel(
name='MasterHash',
fields=[
('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
('id', models.CharField(default='1', max_length=10, primary_key=True, serialize=False)),
('hash', models.BinaryField()),
('created_at', models.DateTimeField(auto_now_add=True)),
],
),
migrations.CreateModel(
@@ -26,12 +25,10 @@ class Migration(migrations.Migration):
('site', models.CharField(max_length=255)),
('username', models.CharField(max_length=255)),
('password', models.TextField()),
('client_id', models.CharField(max_length=255)),
('topic', models.CharField(max_length=255)),
('role', models.CharField(max_length=255)),
('acls', models.JSONField()),
('status', models.CharField(max_length=255)),
('slug', models.SlugField(default='', null=True)),
('client_id', models.CharField(blank=True, max_length=255)),
('topic', models.CharField(blank=True, max_length=255)),
('status', models.CharField(blank=True, max_length=255)),
('slug', models.SlugField(blank=True, unique=True)),
('created_at', models.DateTimeField(auto_now_add=True)),
],
options={

23
wallet_api/models.py
View File

@@ -1,4 +1,5 @@
from django.db import models
from django.utils.text import slugify
# Create your models here.
@@ -6,14 +7,17 @@ class PasswordEntry(models.Model):
site = models.CharField(max_length=255)
username = models.CharField(max_length=255)
password = models.TextField()
client_id = models.CharField(max_length=255)
topic = models.CharField(max_length=255)
role = models.CharField(max_length=255)
acls = models.JSONField()
status = models.CharField(max_length=255)
slug = models.SlugField(default="", null=True)
client_id = models.CharField(max_length=255, blank=True)
topic = models.CharField(max_length=255, blank=True)
status = models.CharField(max_length=255, blank=True)
slug = models.SlugField(unique=True, blank=True)
created_at = models.DateTimeField(auto_now_add=True)
def save(self, *args, **kwargs):
if not self.slug:
self.slug = slugify(self.username, self.site) # Automatically generate slug from the title
super().save(*args, **kwargs)
class Meta:
unique_together = ('site', 'username', 'client_id')
@@ -21,5 +25,8 @@ class PasswordEntry(models.Model):
return self.username
class MasterHash(models.Model):
hash = models.BinaryField()
created_at = models.DateTimeField(auto_now_add=True)
id = models.CharField(primary_key=True, max_length=10, default="1") # Unica riga con ID fisso
hash = models.BinaryField() # Hash bcrypt della master password
def __str__(self):
return f"MasterHash(id={self.id})"

32
wallet_api/mqtt.py
View File

@@ -1,32 +0,0 @@
import paho.mqtt.client as mqtt
MQTT_SERVER="10.211.114.214"
MQTT_PORT=1883
MQTT_KEEPALIVE=60
MQTT_USER="pippo"
MQTT_PASSWORD="batt1l0"
MQTT_DS_TOPIC="$CONTROL/dynamic-security/v1"
def on_connect(mqtt_client, userdata, flags, rc, properties):
if rc == 0:
print('Connected successfully. Properties:', properties)
mqtt_client.subscribe(MQTT_TOPIC)
else:
print('Bad connection. Code:', rc)
def on_disconnect(mqtt_client, obj, flags, rc, properties):
print('disconnected. Code:', rc)
def on_message(mqtt_client, userdata, msg):
print(f'Received message on topic: {msg.topic} with payload: {msg.payload}')
client = mqtt.Client(mqtt.CallbackAPIVersion.VERSION2, protocol=mqtt.MQTTv5)
client.on_connect = on_connect
client.on_disconnect = on_disconnect
client.on_message = on_message
client.username_pw_set(MQTT_USER, MQTT_PASSWORD)
client.connect(
host=MQTT_SERVER,
port=MQTT_PORT,
keepalive=MQTT_KEEPALIVE
)

58
wallet_api/mqtt_service.py Normal file
View File

@@ -0,0 +1,58 @@
import paho.mqtt.client as mqtt
import json
import time
from dotenv import dotenv_values
class MosquittoDynamicSecurity:
def __init__(self):
config = dotenv_values(".env")
self.broker_url = config["MQTT_HOST"]
self.broker_port = config["MQTT_PORT"]
self.broker_keepalive = config["MQTT_KEEPALIVE"]
self.user = config["MQTT_USER"]
self.password = config["MQTT_PASSWORD"]
self.topic = config["MQTT_DS_TOPIC"]
self.resp_topic = config["MQTT_DS_RESP_TOPIC"]
self.response = None
self.client = mqtt.Client(mqtt.CallbackAPIVersion.VERSION2, protocol=mqtt.MQTTv5)
self.client.on_connect = self.on_connect
self.client.on_disconnect = self.on_disconnect
self.client.on_message = self.on_message
def on_disconnect(self, mqtt_client, obj, flags, rc, properties):
print('Disconnesso da Mosquitto con codice:', rc)
def on_connect(self, client, userdata, flags, rc, properties):
if rc == 0:
print("Connesso a Mosquitto con codice:", rc)
# Sottoscriviti al topic di risposta
client.subscribe(self.resp_topic)
else:
print("Errore di connessione a Mosquitto con codice:", rc)
def on_message(self, client, userdata, msg):
print('Response:', msg.payload.decode())
# Memorizza la risposta
self.response = msg.payload.decode()
def send_command(self, command):
# Pubblica il comando sul topic di controllo
self.client.username_pw_set(self.user, self.password)
self.client.connect(self.broker_url, int(self.broker_port), int(self.broker_keepalive))
self.client.loop_start()
time.sleep(0.2)
self.client.publish(self.topic, json.dumps(command))
# Attendi la risposta (timeout di 5 secondi)
start_time = time.time()
while self.response is None and time.time() - start_time < 5:
time.sleep(0.2)
self.client.loop_stop()
self.client.disconnect()
if self.response:
return json.loads(self.response)
else:
return {"error": "Timeout: nessuna risposta da Mosquitto"}

39
wallet_api/templates/base.html
View File

@@ -1,39 +0,0 @@
{% load static %}
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<!-- Bootstrap CSS -->
<link
href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/css/bootstrap.min.css"
rel="stylesheet"
integrity="sha384-QWTKZyjpPEjISv5WaRU9OFeRpok6YctnYmDr5pNlyT2bRjXh0JMhjY6hW+ALEwIH"
crossorigin="anonymous"
/>
<script src="{% static 'js/htmx.min.js' %}" defer></script>
<title>{% if title %}: {{title}} {% endif %}</title>
{% block extra_head %} {% endblock extra_head %} {% block extra_script %}
{%endblock extra_script %}
</head>
<body>
{% block container %}
<main role="main" class="container mt-4">
{% block content %} {% endblock content %}
</main>
{% endblock container %} {% block footer %} {% endblock footer %}
<!-- Bootstrap Javascript -->
<script
src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/js/bootstrap.min.js"
integrity="sha384-0pUGZvbkm6XF6gxjEnlmuGrJXVbNuzT9qBBavbLwCsOGabYfZo0T0to5eqruptLy"
crossorigin="anonymous"
></script>
{% block body_script %} {% endblock body_script %}
</body>
</html>

48
wallet_api/templates/wallet_api/add_user.html
View File

@@ -1,48 +0,0 @@
{% extends "base.html" %} {% load static %} {% block content %}
<h1>Add User</h1>
<form hx-post="/create_user" hx-target="#content">
<div class="mb-3">
<label for="site" class="form-label">Site</label>
<input type="text" class="form-control" id="site" name="site" required />
</div>
<div class="mb-3">
<label for="username" class="form-label">Username</label>
<input
type="text"
class="form-control"
id="username"
name="username"
required
/>
</div>
<div class="mb-3">
<label for="clientId" class="form-label">Client ID</label>
<input
type="text"
class="form-control"
id="clientId"
name="clientId"
required
/>
</div>
<div class="mb-3">
<label for="topic" class="form-label">Topic</label>
<input type="text" class="form-control" id="topic" name="topic" required />
</div>
<div class="mb-3">
<label for="role" class="form-label">Role</label>
<input type="text" class="form-control" id="role" name="role" required />
</div>
<div class="mb-3">
<label for="password" class="form-label">Password</label>
<input
type="password"
class="form-control"
id="password"
name="password"
required
/>
</div>
<button type="submit" class="btn btn-primary">Create</button>
</form>
{% endblock content %}

62
wallet_api/templates/wallet_api/edit_user.html
View File

@@ -1,62 +0,0 @@
{% extends "base.html" %} {% load static %} {% block content %}
<h1>Edit User</h1>
<form hx-post="/update_user" hx-target="#content">
<input type="hidden" name="id" value="{{ user.id }}" />
<div class="mb-3">
<label for="site" class="form-label">Site</label>
<input
type="text"
class="form-control"
id="site"
name="site"
value="{{ user.site }}"
required
/>
</div>
<div class="mb-3">
<label for="username" class="form-label">Username</label>
<input
type="text"
class="form-control"
id="username"
name="username"
value="{{ user.username }}"
required
/>
</div>
<div class="mb-3">
<label for="clientId" class="form-label">Client ID</label>
<input
type="text"
class="form-control"
id="clientId"
name="clientId"
value="{{ user.client_id }}"
required
/>
</div>
<div class="mb-3">
<label for="topic" class="form-label">Topic</label>
<input
type="text"
class="form-control"
id="topic"
name="topic"
value="{{ user.topic }}"
required
/>
</div>
<div class="mb-3">
<label for="role" class="form-label">Role</label>
<input
type="text"
class="form-control"
id="role"
name="role"
value="{{ user.role }}"
required
/>
</div>
<button type="submit" class="btn btn-primary">Update</button>
</form>
{% endblock content %}

64
wallet_api/templates/wallet_api/list_users.html
View File

@@ -1,64 +0,0 @@
{% extends "base.html" %} {% load static %} {% block content %}
<h1>List Mosquitto Users</h1>
<button class="btn btn-primary mb-3" hx-get="/add_user" hx-target="#content">
Add User
</button>
<table class="table table-striped">
<thead>
<tr>
<th>Site</th>
<th>Username</th>
<th>Client ID</th>
<th>Topic</th>
<th>Role</th>
<th>Actions</th>
</tr>
</thead>
<tbody>
{% for user in users %}
<tr>
<td>{{user.site}}</td>
<td>
<a
href="/wallet/user/edit/{{user.id}}"
hx-get="/wallet/user/edit/{{user.id}}"
hx-target="#content"
>{{user.username}}</a
>
</td>
<td>{{user.client_id}}</td>
<td>{{user.topic}}</td>
<td>
<a
href="/wallet/user/role/{{user.role}}"
hx-get="/wallet/user/role/{{user.role}}"
hx-target="#content"
>{{user.role}}</a
>
</td>
<td>
{% if user.status == "enabled" %}
<button
class="btn btn-danger btn-sm"
hx-post="/wallet/user/disable/{{user.id}}"
hx-target="#user-list"
>
Disable
</button>
{% else %}
<button
class="btn btn-warning btn-sm"
hx-post="/wallet/user/enable/{{user.id}}"
hx-target="#user-list"
>
Enable
</button>
{% endif %}
</td>
</tr>
{% empty %}
<i> No users </i>
{% endfor %}
</tbody>
</table>
{% endblock content %}

20
wallet_api/templates/wallet_api/role_info.html
View File

@@ -1,20 +0,0 @@
{% extends "base.html" %} {% load static %} {% block content %}
<h1>Role Permissions</h1>
<table class="table table-striped">
<thead>
<tr>
<th>Permission</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<!-- Role permissions will be dynamically loaded here -->
{{#each permissions}}
<tr>
<td>{{ this.permission }}</td>
<td>{{ this.description }}</td>
</tr>
{{/each}}
</tbody>
</table>
{% endblock content %}

12
wallet_api/urls.py
View File

@@ -2,13 +2,15 @@ from django.urls import path
from . import views
urlpatterns = [
path('', views.home_view, name="home"),
path('add/', views.add_password_api, name='add_user'),
path('disable/', views.disable_password_api, name='disable_user'),
path('get/', views.get_password_api, name='get_password'),
path('list/', views.list_sites_api, name='list_sites'),
path('user/list/', views.list_users, name='list_users'),
path('user/add/', views.add_user, name='add_user'),
path('user/edit/<int:user_id>', views.edit_user, name='edit_user'),
path('user/role/<str:role>', views.view_role, name='view_role'),
path('publish', views.publish_message, name='publish'),
path('user/list/', views.list_users, name='list_users'),
path('user/create_user/', views.create_user, name='create_user'),
path('user/edit/<slug:slug>', views.edit_user, name='edit_user'),
path('user/disable/<slug:slug>', views.disable_user, name='disable_user'),
path('user/enable/<slug:slug>', views.enable_user, name='enable_user'),
path('user/role/<str:role>', views.view_role, name='view_role'),
]

2
wallet_api/utils.py
View File

@@ -15,7 +15,7 @@ def save_master_hash(hash):
# Carica l'hash della master password
def load_master_hash():
try:
entry = MasterHash.objects.get(id="1")
entry = MasterHash.objects.get()
return entry.hash
except Exception as e:
return None

76
wallet_api/utils_new.py Normal file
View File

@@ -0,0 +1,76 @@
import bcrypt
import base64
import hashlib
import json
from cryptography.fernet import Fernet
from .models import MasterHash
from django.http import JsonResponse
# 1. Salva l'hash della master password e la chiave principale cifrata
def save_master_data(hashed_password, encrypted_data_key):
entry, created = MasterHash.objects.get_or_create(id="1")
entry.hash = hashed_password
entry.encrypted_data_key = encrypted_data_key
entry.save()
# 2. Carica i dati della master password
def load_master_data():
try:
entry = MasterHash.objects.get(id="1")
return entry.hash, entry.encrypted_data_key
except Exception:
return None, None
# 3. Autenticazione della master password
def authenticate(master_password):
stored_hash, encrypted_data_key = load_master_data()
if stored_hash is None:
hashed_password = bcrypt.hashpw(master_password.encode(), bcrypt.gensalt())
key = Fernet.generate_key() # Genera una chiave principale
derived_key = derive_key(master_password) # Deriva la chiave dalla master password
encrypted_data_key = encrypt_password(key.decode(), derived_key) # Cifra la chiave principale
save_master_data(hashed_password, encrypted_data_key)
return True, key
# Controlla se la password inserita è corretta
if bcrypt.checkpw(master_password.encode(), stored_hash.tobytes()):
derived_key = derive_key(master_password)
decrypted_data_key = decrypt_password(encrypted_data_key, derived_key) # Decifra la chiave principale
return True, decrypted_data_key.encode()
return False, None
# 4. Funzione per cambiare la master password
def change_master_password(old_password, new_password):
authenticated, data_key = authenticate(old_password)
if not authenticated:
return False # Fallisce se la vecchia password non è corretta
# Deriviamo la nuova chiave dalla nuova master password
new_derived_key = derive_key(new_password)
# Cifriamo la chiave principale con la nuova chiave derivata
new_encrypted_data_key = encrypt_password(data_key.decode(), new_derived_key)
# Creiamo il nuovo hash della nuova master password
new_hashed_password = bcrypt.hashpw(new_password.encode(), bcrypt.gensalt())
# Aggiorniamo il database con i nuovi dati
save_master_data(new_hashed_password, new_encrypted_data_key)
return True # Cambio password riuscito
# 5. Deriva una chiave da una password
def derive_key(master_password):
hash = hashlib.sha256(master_password.encode()).digest()
return base64.urlsafe_b64encode(hash)
# 6. Cifra una password con una chiave
def encrypt_password(password, key):
cipher = Fernet(key)
return cipher.encrypt(password.encode()).decode()
# 7. Decifra una password con una chiave
def decrypt_password(encrypted_password, key):
cipher = Fernet(key)
return cipher.decrypt(encrypted_password.encode()).decode()

165
wallet_api/views.py
View File

@@ -1,15 +1,25 @@
from django.http import JsonResponse
from django.shortcuts import render
from django.shortcuts import render, redirect, get_object_or_404
from django.contrib import messages
from django.http import JsonResponse, HttpResponse
from django.views.decorators.csrf import csrf_exempt
from .models import PasswordEntry, MasterHash
from .utils import authenticate, derive_key, encrypt_password, decrypt_password
from dotenv import dotenv_values
import json
import threading
import paho.mqtt.client as mqtt
import paho.mqtt.publish as publish
from dotenv import dotenv_values
from .models import PasswordEntry
from .utils import authenticate, derive_key, encrypt_password, decrypt_password
from .mqtt_service import MosquittoDynamicSecurity
config = dotenv_values(".env")
authenticate(config['MASTER_PASSWORD'])
def home_view(request):
return render(request, 'home.html')
@csrf_exempt
def publish_message(request):
@@ -25,45 +35,122 @@ def publish_message(request):
def list_users(request):
users = PasswordEntry.objects.all()
lock_users = threading.Lock()
return render(request, 'wallet_api/list_users.html', {'users': users})
def edit_user(request, user_id):
user = PasswordEntry.objects.filter(id=user_id).first()
def create_user(request):
if request.method == 'POST':
site = request.POST.get('site')
username = request.POST.get('username')
client_id = request.POST.get('clientId')
topic = request.POST.get('topic')
password = request.POST.get('password')
# Comando per creare un utente
command = {
"commands":
[
{
"command": "createClient",
"username": username,
"password": password
}
]
}
# Invia il comando a Mosquitto
mqtt_service = MosquittoDynamicSecurity()
response = mqtt_service.send_command(command)
if "error" not in response["responses"][0]:
key = derive_key(config['MASTER_PASSWORD'])
encrypted_password = encrypt_password(password, key)
PasswordEntry.objects.create(
site=site,
username=username,
password=encrypted_password,
client_id=client_id,
topic=topic,
status='enabled'
)
messages.success(request, 'Utente creato con successo!') # Messaggio di successo
return redirect('list_users') # Reindirizza alla lista degli utenti
else:
messages.warning(request, f'Errore durante la creazione dell\'utente: {response["responses"][0]["error"]}') # Messaggio di errore
return render(request, 'wallet_api/create_user.html', {'response': response}) # Rimani sulla stessa vista
# Se la richiesta non è POST, mostra il form di creazione utente
return render(request, 'wallet_api/create_user.html')
def edit_user(request, slug):
user = PasswordEntry.objects.filter(slug=slug).first()
return render(request, 'wallet_api/edit_user.html', {'user': user})
def add_user(request):
return render(request, 'wallet_api/add_user.html')
def disable_user(request, slug):
user = PasswordEntry.objects.filter(slug=slug).values('id','username')
print(user.first())
# Comando per creare un utente
command = {
"commands":
[
{
"command": "disableClient",
"username": user.first()["username"]
}
]
}
# Invia il comando a Mosquitto
mqtt_service = MosquittoDynamicSecurity()
response = mqtt_service.send_command(command)
if "error" not in response["responses"][0]:
PasswordEntry.objects.update(
status='disabled'
)
messages.success(request, 'Utente disabilitato con successo!') # Messaggio di successo
if request.htmx:
return render(request, 'partials/enable_user.html')
return redirect('list_users') # Reindirizza alla lista degli utenti
else:
messages.warning(request, f'Errore durante la disabilitazione dell\'utente: {response["responses"][0]["error"]}') # Messaggio di errore
return redirect('list_users') # Reindirizza alla lista degli utenti
def enable_user(request, slug):
user = PasswordEntry.objects.filter(slug=slug).values('id','username')
print(user.first())
# Comando per creare un utente
command = {
"commands":
[
{
"command": "enableClient",
"username": user.first()["username"]
}
]
}
# Invia il comando a Mosquitto
mqtt_service = MosquittoDynamicSecurity()
response = mqtt_service.send_command(command)
if "error" not in response["responses"][0]:
PasswordEntry.objects.update(
status='enabled'
)
messages.success(request, 'Utente abilitato con successo!') # Messaggio di successo
return redirect('list_users') # Reindirizza alla lista degli utenti
else:
messages.warning(request, f'Errore durante la abilitazione dell\'utente: {response["responses"][0]["error"]}') # Messaggio di errore
return redirect('list_users') # Reindirizza alla lista degli utenti
def view_role(request, role):
return render(request, 'wallet_api/role_info.html', {'role': role })
@csrf_exempt
def disable_password_api(request):
if request.method == 'POST':
data = json.loads(request.body)
master_password = data.get('master_password')
site = data.get('site')
username = data.get('username')
password = data.get('password')
client_id = data.get('client_id')
topic = data.get('topic')
if not authenticate(master_password):
return JsonResponse({"error": "Master password errata"}, status=403)
key = derive_key(master_password)
encrypted_password = encrypt_password(password, key)
PasswordEntry.objects.create(
site=site,
username=username,
password=encrypted_password,
client_id=client_id,
topic=topic
)
return JsonResponse({"message": "Password aggiunta con successo"})
@csrf_exempt
def get_password_api(request):
if request.method == 'POST':
@@ -122,8 +209,6 @@ def add_password_api(request):
username=username,
password=encrypted_password,
client_id=client_id,
topic=topic,
role='',
acls='{}'
topic=topic
)
return JsonResponse({"message": "Password aggiunta con successo"})