tags:

views:

62

answers:

1
+1  Q: 

How can I pass a User model into a form field (django)?

Basically, I need to use the User's password hash to encrypt some data via a custom model field. Check out the snippet I used here: Django Encryption.

I tried this:

class MyClass(models.Model):
    owner = models.ForeignKey(User)
    product_id = EncryptedCharField(max_length=255, user_field=owner)

.................................................................................

    def formfield(self, **kwargs):
        defaults = {'max_length': self.max_length, 'user_field': self.user_field}
        defaults.update(kwargs)
        return super(EncryptedCharField, self).formfield(**defaults))

But when I try to use user_field, I get a ForeignKey instance (of course!): 

user_field = kwargs.get('user_field')
cipher = user_field.password[:32]

Any help is appreciated!

+1  A: 

maybe something like this - override the save() method where you can call encrypt method.

for decrypt you can use signal post_init, so every time you instantiate the model from the database the product_id field is decrypted automatically

class MyClass(models.Model):
    user_field = models.ForeignKey(User)
    product_id = EncryptedCharField()
    ...other fields...

    def save(self):
        self.product_id._encrypt(product_id, self.user_field)
        super(MyClass,self).save()

    def decrypt(self):
        if self.product_id != None:
            user = self.user_field
            self.product_id._decrypt(user=user)

def post_init_handler(sender_class, model_instance):
    if isinstance(model_instance, MyClass):
        model_instance.decrypt()

from django.core.signals import post_init
post_init_connect.connect(post_init_handler)


obj = MyClass(user_field=request.user) 
#post_init will be fired but your decrypt method will have
#nothing to decrypt, so it won't garble your input
#you'll either have to remember not to pass value of crypted fields 
#with the constructor, or enforce it with either pre_init method 
#or carefully overriding __init__() method - 
#which is not recommended officially

#decrypt will do real decryption work when you load object form the database

obj.product_id = 'blah'
obj.save() #field will be encrypted

maybe there is a more elegant "pythonic" way of doing this

Evgeny  2009-11-16 18:04:22
First of all, thanks for the reply! Hopefully I can come up with something that resembles this. But, do you any basic example on how one would accomplish that with a signal? I've got very limited knowledge on signals as a whole...
Bryan  2009-11-16 18:26:57
added the signal handler, cheers.
Evgeny  2009-11-16 18:44:34
THANKS! Wow, I am really impressed. I'll definitely be giving this a spin later. Thanks again!
Bryan  2009-11-16 18:53:11

related questions

How to implement password protection for individual files?
Encrypting appSettings in web.config
Usefulness of SQL Server "with encryption" statement
How can I use a key blob generated from Win32 CryptoAPI in my .NET application?
CodeReview: Tiny Encryption Algorithm for arbitrary sized data
Simple encryption implementation in C
Which hard disk encryption software to choose?
Passing untampered data from Flash app to server?
How do I prevent replay attacks?
Is there a best .NET algorithm for credit card encryption?
Encrypt data from users in web applications
How to encrypt one message for multiple recipients?
Two-way password encryption without ssl
What's the answer to this Microsoft PDC challenge?
GPG: How does key signing work and how is it done?
Secure Online Highscore Lists for Non-Web Games
Programmatically encrypting a config-file in .NET
How do I use 3des encryption/decryption in Java?
Encryption in C# Web-Services
Suitable alternative to CryptEncrypt
Can a proxy server cache SSL GETs? If not, would response body encryption suffice?
C# - CryptographicException: Padding is invalid and cannot be removed
How can I encode xml files to xfdl (base64-gzip)?
How do I add SSL to a .net application that uses httplistener - it will *not* be running on IIS
Encrypting Passwords