From 8d7fa9eeab891532a1e03ffedf64adbb2c63f99e Mon Sep 17 00:00:00 2001 From: Pengwius Date: Tue, 19 Jan 2021 12:38:11 +0100 Subject: [PATCH 1/2] Generating and saveing key --- app/views.py | 5 +++++ requirements.txt | 1 + wulkanowy/settings.py | 2 ++ 3 files changed, 8 insertions(+) diff --git a/app/views.py b/app/views.py index 048e133..dfeef35 100644 --- a/app/views.py +++ b/app/views.py @@ -1,4 +1,6 @@ from requests import get +from cryptography.fernet import Fernet +from django.contrib.sessions.backends.db import SessionStore from django.http import HttpResponse, JsonResponse from django.shortcuts import render import json @@ -48,6 +50,8 @@ def login(request, *args, **kwargs): else: request.session['is_logged'] = True data_response = {'success': True, 'data': sender_return} + key = Fernet.generate_key() + request.session[request.session.session_key] = key.decode('utf-8') return JsonResponse(data_response) def grades(request, *args, **kwargs): @@ -57,6 +61,7 @@ def grades(request, *args, **kwargs): register_r = data['data']['register_r'] oun = data['data']['oun'] s = data['data']['s'] + print(request.session[request.session.session_key].encode('utf-8')) grades = get_grades(register_id, register_r, oun, s) return JsonResponse(grades) else: diff --git a/requirements.txt b/requirements.txt index ae20cab..e1abe1e 100644 --- a/requirements.txt +++ b/requirements.txt @@ -3,3 +3,4 @@ bs4==0.0.1 Django==3.1.3 python-dotenv==0.15.0 requests==2.24.0 +cryptography==3.2.1 \ No newline at end of file diff --git a/wulkanowy/settings.py b/wulkanowy/settings.py index fd6326c..2476657 100644 --- a/wulkanowy/settings.py +++ b/wulkanowy/settings.py @@ -58,6 +58,8 @@ MIDDLEWARE = [ 'django.middleware.clickjacking.XFrameOptionsMiddleware', ] +SESSION_ENGINE = 'django.contrib.sessions.backends.cached_db' + SESSION_EXPIRE_AT_BROWSER_CLOSE = True SESSION_COOKIE_AGE = 1200 From 0bcff5104394ddb74681e80ca29fd3a538d2e4e9 Mon Sep 17 00:00:00 2001 From: Pengwius Date: Wed, 20 Jan 2021 09:27:26 +0100 Subject: [PATCH 2/2] Encrypting and decrypting cookies from Vulcan --- app/decrypt.py | 9 +++++++++ app/views.py | 45 +++++++++++++++++++++++++++++++++++++++++---- 2 files changed, 50 insertions(+), 4 deletions(-) create mode 100644 app/decrypt.py diff --git a/app/decrypt.py b/app/decrypt.py new file mode 100644 index 0000000..edbb5b6 --- /dev/null +++ b/app/decrypt.py @@ -0,0 +1,9 @@ +import json +from cryptography.fernet import Fernet + +def decrypt_cookies(s, key): + s = bytes(s, 'utf-8') + key = Fernet(key) + s = key.decrypt(s) + s = json.loads(s.decode('utf-8')) + return s \ No newline at end of file diff --git a/app/views.py b/app/views.py index dfeef35..9db07e0 100644 --- a/app/views.py +++ b/app/views.py @@ -19,6 +19,7 @@ from .API.homeworks import get_homeworks from .API.mobile_access import get_registered_devices, register_device from .API.school_data import get_school_data from .API.dashboard import get_dashboard +from .decrypt import decrypt_cookies #views def default_view(request, *args, **kwargs): @@ -48,10 +49,17 @@ def login(request, *args, **kwargs): 'success': False } else: + key = Fernet.generate_key() + rkey = Fernet(key) + + request.session[request.session.session_key] = key.decode('utf-8') + sender_return['s'] = json.dumps(sender_return['s']) + sender_return['s'] = sender_return['s'].encode() + sender_return['s'] = rkey.encrypt(sender_return['s']) + sender_return['s'] = sender_return['s'].decode('utf-8') + request.session['is_logged'] = True data_response = {'success': True, 'data': sender_return} - key = Fernet.generate_key() - request.session[request.session.session_key] = key.decode('utf-8') return JsonResponse(data_response) def grades(request, *args, **kwargs): @@ -61,7 +69,8 @@ def grades(request, *args, **kwargs): register_r = data['data']['register_r'] oun = data['data']['oun'] s = data['data']['s'] - print(request.session[request.session.session_key].encode('utf-8')) + key = bytes(request.session[request.session.session_key], 'utf-8') + s = decrypt_cookies(s, key) grades = get_grades(register_id, register_r, oun, s) return JsonResponse(grades) else: @@ -74,6 +83,8 @@ def timetable(request, *args, **kwargs): register_r = data['data']['register_r'] oun = data['data']['oun'] s = data['data']['s'] + key = bytes(request.session[request.session.session_key], 'utf-8') + s = decrypt_cookies(s, key) date = data['data']['date'] timetable = get_timetable(register_id, register_r, oun, s, date) return JsonResponse(timetable) @@ -87,6 +98,8 @@ def exams(request, *args, **kwargs): register_r = data['data']['register_r'] oun = data['data']['oun'] s = data['data']['s'] + key = bytes(request.session[request.session.session_key], 'utf-8') + s = decrypt_cookies(s, key) date = data['data']['date'] school_year = data['data']['school_year'] exams = get_exams(register_id, register_r, oun, s, date, school_year) @@ -101,6 +114,8 @@ def homeworks(request, *args, **kwargs): register_r = data['data']['register_r'] oun = data['data']['oun'] s = data['data']['s'] + key = bytes(request.session[request.session.session_key], 'utf-8') + s = decrypt_cookies(s, key) date = data['data']['date'] school_year = data['data']['school_year'] homeworks = get_homeworks(register_id, register_r, oun, s, date, school_year) @@ -115,6 +130,8 @@ def attendance(request, *args, **kwargs): register_r = data['data']['register_r'] oun = data['data']['oun'] s = data['data']['s'] + key = bytes(request.session[request.session.session_key], 'utf-8') + s = decrypt_cookies(s, key) date = data['data']['date'] attendance = get_attendance(register_id, register_r, oun, s, date) return JsonResponse(attendance, safe=False) @@ -128,6 +145,8 @@ def notes(request, *args, **kwargs): register_r = data['data']['register_r'] oun = data['data']['oun'] s = data['data']['s'] + key = bytes(request.session[request.session.session_key], 'utf-8') + s = decrypt_cookies(s, key) notes = get_notes(register_id, register_r, oun, s) return JsonResponse(notes) else: @@ -140,6 +159,8 @@ def registered_devices(request, *args, **kwargs): register_r = data['data']['register_r'] oun = data['data']['oun'] s = data['data']['s'] + key = bytes(request.session[request.session.session_key], 'utf-8') + s = decrypt_cookies(s, key) registered = get_registered_devices(register_id, register_r, oun, s) return JsonResponse(registered) else: @@ -152,6 +173,8 @@ def register_device_(request, *args, **kwargs): register_r = data['data']['register_r'] oun = data['data']['oun'] s = data['data']['s'] + key = bytes(request.session[request.session.session_key], 'utf-8') + s = decrypt_cookies(s, key) register_data = register_device(register_id, register_r, oun, s) return JsonResponse(register_data) else: @@ -164,6 +187,8 @@ def received_messages(request, *args, **kwargs): register_r = data['data']['register_r'] oun = data['data']['oun'] s = data['data']['s'] + key = bytes(request.session[request.session.session_key], 'utf-8') + s = decrypt_cookies(s, key) date = data['data']['date'] school_year = data['data']['school_year'] symbol = data['data']['symbol'] @@ -179,6 +204,8 @@ def sent_messages(request, *args, **kwargs): register_r = data['data']['register_r'] oun = data['data']['oun'] s = data['data']['s'] + key = bytes(request.session[request.session.session_key], 'utf-8') + s = decrypt_cookies(s, key) date = data['data']['date'] school_year = data['data']['school_year'] symbol = data['data']['symbol'] @@ -194,6 +221,8 @@ def deleted_messages(request, *args, **kwargs): register_r = data['data']['register_r'] oun = data['data']['oun'] s = data['data']['s'] + key = bytes(request.session[request.session.session_key], 'utf-8') + s = decrypt_cookies(s, key) date = data['data']['date'] school_year = data['data']['school_year'] symbol = data['data']['symbol'] @@ -209,6 +238,8 @@ def recipients(request, *args, **kwargs): register_r = data['data']['register_r'] oun = data['data']['oun'] s = data['data']['s'] + key = bytes(request.session[request.session.session_key], 'utf-8') + s = decrypt_cookies(s, key) date = data['data']['date'] school_year = data['data']['school_year'] symbol = data['data']['symbol'] @@ -224,6 +255,8 @@ def school_data(request, *args, **kwargs): register_r = data['data']['register_r'] oun = data['data']['oun'] s = data['data']['s'] + key = bytes(request.session[request.session.session_key], 'utf-8') + s = decrypt_cookies(s, key) school_data = get_school_data(register_id, register_r, oun, s) return JsonResponse(school_data) else: @@ -235,6 +268,8 @@ def dashboard(request, *args, **kwargs): register_id = data['data']['register_id'] register_r = data['data']['register_r'] s = data['data']['s'] + key = bytes(request.session[request.session.session_key], 'utf-8') + s = decrypt_cookies(s, key) diary_url = data['data']['diary_url'] symbol = data['data']['symbol'] dashboard = get_dashboard(register_id, register_r, s, diary_url, symbol) @@ -250,6 +285,8 @@ def send(request, *args, **kwargs): register_r = cookies_data['data']['register_r'] oun = cookies_data['data']['oun'] s = cookies_data['data']['s'] + key = bytes(request.session[request.session.session_key], 'utf-8') + s = decrypt_cookies(s, key) date = cookies_data['data']['date'] school_year = cookies_data['data']['school_year'] symbol = cookies_data['data']['symbol'] @@ -257,4 +294,4 @@ def send(request, *args, **kwargs): send = send_message(register_id, register_r, oun, s, date, school_year, symbol, send_data) return JsonResponse(send, safe=False) else: - return redirect('../') + return redirect('../') \ No newline at end of file