django-fernet-encrypted-fields/encrypted_fields/fields.py

from __future__ import annotations

import base64
import json
from typing import Any

from cryptography.fernet import Fernet, InvalidToken, MultiFernet
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
from django.conf import settings
from django.core.validators import MaxValueValidator, MinValueValidator
from django.db import models
from django.db.backends.base.base import BaseDatabaseWrapper
from django.db.backends.base.operations import BaseDatabaseOperations
from django.db.models.expressions import Expression
from django.utils.functional import cached_property

_TypeAny = Any


class EncryptedFieldMixin:
    @cached_property
    def keys(self) -> list[bytes]:
        keys = []
        salt_keys = (
            settings.SALT_KEY
            if isinstance(settings.SALT_KEY, list)
            else [settings.SALT_KEY]
        )
        secret_keys = [settings.SECRET_KEY] + getattr(settings, "SECRET_KEY_FALLBACKS", list())
        for secret_key in secret_keys:
            for salt_key in salt_keys:
                salt = bytes(salt_key, "utf-8")
                kdf = PBKDF2HMAC(
                    algorithm=hashes.SHA256(),
                    length=32,
                    salt=salt,
                    iterations=100_000,
                    backend=default_backend(),
                )
                keys.append(
                    base64.urlsafe_b64encode(
                        kdf.derive(secret_key.encode("utf-8"))
                    )
                )
        return keys

    @cached_property
    def f(self) -> Fernet | MultiFernet:
        if len(self.keys) == 1:
            return Fernet(self.keys[0])
        return MultiFernet([Fernet(k) for k in self.keys])

    def get_internal_type(self) -> str:
        """
        To treat everything as text
        """
        return "TextField"

    def get_prep_value(self, value: _TypeAny) -> _TypeAny:
        value = super().get_prep_value(value)
        if value:
            if not isinstance(value, str):
                value = str(value)
            return self.f.encrypt(bytes(value, "utf-8")).decode("utf-8")
        return None

    def get_db_prep_value(
        self,
        value: _TypeAny,
        connection: BaseDatabaseWrapper,  # noqa: ARG002
        prepared: bool = False,  # noqa: FBT001, FBT002
    ) -> _TypeAny:
        if not prepared:
            value = self.get_prep_value(value)
        return value

    def from_db_value(
        self,
        value: _TypeAny,
        expression: Expression,  # noqa: ARG002
        connection: BaseDatabaseWrapper,  # noqa: ARG002
    ) -> _TypeAny:
        return self.to_python(value)

    def to_python(self, value: _TypeAny) -> _TypeAny:
        if (
            value is None
            or not isinstance(value, str)
            or hasattr(self, "_already_decrypted")
        ):
            return value
        try:
            value = self.f.decrypt(bytes(value, "utf-8")).decode("utf-8")
        except InvalidToken:
            pass
        except UnicodeEncodeError:
            pass
        return super().to_python(value)

    def clean(self, value: _TypeAny, model_instance: models.Field) -> _TypeAny:
        """
        Create and assign a semaphore so that to_python method will not try
        to decrypt an already decrypted value during cleaning of a form
        """
        self._already_decrypted = True
        ret = super().clean(value, model_instance)
        del self._already_decrypted
        return ret


class EncryptedCharField(EncryptedFieldMixin, models.CharField):
    pass


class EncryptedTextField(EncryptedFieldMixin, models.TextField):
    pass


class EncryptedDateTimeField(EncryptedFieldMixin, models.DateTimeField):
    pass


class EncryptedIntegerField(EncryptedFieldMixin, models.IntegerField):
    @cached_property
    def validators(self) -> list[MinValueValidator | MaxValueValidator]:
        # These validators can't be added at field initialization time since
        # they're based on values retrieved from `connection`.
        validators_ = [*self.default_validators, *self._validators]
        internal_type = models.IntegerField().get_internal_type()
        min_value, max_value = BaseDatabaseOperations.integer_field_ranges[
            internal_type
        ]
        if min_value is not None and not any(
            (
                isinstance(validator, MinValueValidator)
                and (
                    validator.limit_value()
                    if callable(validator.limit_value)
                    else validator.limit_value
                )
                >= min_value
            )
            for validator in validators_
        ):
            validators_.append(MinValueValidator(min_value))
        if max_value is not None and not any(
            (
                isinstance(validator, MaxValueValidator)
                and (
                    validator.limit_value()
                    if callable(validator.limit_value)
                    else validator.limit_value
                )
                <= max_value
            )
            for validator in validators_
        ):
            validators_.append(MaxValueValidator(max_value))
        return validators_


class EncryptedDateField(EncryptedFieldMixin, models.DateField):
    pass


class EncryptedFloatField(EncryptedFieldMixin, models.FloatField):
    pass


class EncryptedEmailField(EncryptedFieldMixin, models.EmailField):
    pass


class EncryptedBooleanField(EncryptedFieldMixin, models.BooleanField):
    pass


class EncryptedJSONField(EncryptedFieldMixin, models.JSONField):
    def _encrypt_values(self, value: _TypeAny) -> _TypeAny:
        if isinstance(value, dict):
            return {key: self._encrypt_values(data) for key, data in value.items()}
        if isinstance(value, list):
            return [self._encrypt_values(data) for data in value]
        value = str(value)
        return self.f.encrypt(bytes(value, "utf-8")).decode("utf-8")

    def _decrypt_values(self, value: _TypeAny) -> _TypeAny:
        if value is None:
            return value
        if isinstance(value, dict):
            return {key: self._decrypt_values(data) for key, data in value.items()}
        if isinstance(value, list):
            return [self._decrypt_values(data) for data in value]
        value = str(value)
        return self.f.decrypt(bytes(value, "utf-8")).decode("utf-8")

    def get_prep_value(self, value: _TypeAny) -> str:
        return json.dumps(self._encrypt_values(value=value), cls=self.encoder)

    def get_internal_type(self) -> str:
        return "JSONField"

    def to_python(self, value: _TypeAny) -> _TypeAny:
        if (
            value is None
            or not isinstance(value, str)
            or hasattr(self, "_already_decrypted")
        ):
            return value
        try:
            value = self._decrypt_values(value=json.loads(value))
        except InvalidToken:
            pass
        except UnicodeEncodeError:
            pass
        return super().to_python(value)
Fix lint error 2025-01-06 02:16:57 +00:00			`from __future__ import annotations`

first commit 2021-09-30 14:27:19 +00:00			`import base64`
Add support for encrypted JSON fields 2023-07-18 04:55:25 +00:00			`import json`
Fix lint error 2025-01-06 02:16:57 +00:00			`from typing import Any`
Fix EncryptedIntegerField 2022-05-06 13:38:10 +00:00
Fix lint error 2025-01-06 02:16:57 +00:00			`from cryptography.fernet import Fernet, InvalidToken, MultiFernet`
first commit 2021-09-30 14:27:19 +00:00			`from cryptography.hazmat.backends import default_backend`
			`from cryptography.hazmat.primitives import hashes`
			`from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC`
Fix EncryptedIntegerField 2022-05-06 13:38:10 +00:00			`from django.conf import settings`
Fix lint error 2025-01-06 02:16:57 +00:00			`from django.core.validators import MaxValueValidator, MinValueValidator`
first commit 2021-09-30 14:27:19 +00:00			`from django.db import models`
Fix lint error 2025-01-06 02:16:57 +00:00			`from django.db.backends.base.base import BaseDatabaseWrapper`
Fix EncryptedIntegerField and testcase 2022-05-06 23:23:24 +00:00			`from django.db.backends.base.operations import BaseDatabaseOperations`
Fix lint error 2025-01-06 02:16:57 +00:00			`from django.db.models.expressions import Expression`
Adding in support for multiple SALTs thus allowing them to be rotated This commit adds in support for the SALT to be rotated by defining a list of salts within settings.py where the newer salts are added to the start. The first key will be used to encrypt all new data, and decryption of existing values will be attempted with all given keys in order. This is useful for key rotation: place a new key at the head of the list for use with all new or changed data, but existing values encrypted with old keys will still be accessible This is based of django-fernet-fields which is a dead package but has some useful features such as this to allow the salt to be rotated in the future for a stronger salt. ``` SALT_KEY = [ 'my-newer-salt', 'the-original-salt' ] ``` 2021-12-08 11:12:44 +00:00			`from django.utils.functional import cached_property`
first commit 2021-09-30 14:27:19 +00:00
Fix lint error 2025-01-06 02:16:57 +00:00			`_TypeAny = Any`


			`class EncryptedFieldMixin:`
Adding in support for multiple SALTs thus allowing them to be rotated This commit adds in support for the SALT to be rotated by defining a list of salts within settings.py where the newer salts are added to the start. The first key will be used to encrypt all new data, and decryption of existing values will be attempted with all given keys in order. This is useful for key rotation: place a new key at the head of the list for use with all new or changed data, but existing values encrypted with old keys will still be accessible This is based of django-fernet-fields which is a dead package but has some useful features such as this to allow the salt to be rotated in the future for a stronger salt. ``` SALT_KEY = [ 'my-newer-salt', 'the-original-salt' ] ``` 2021-12-08 11:12:44 +00:00			`@cached_property`
Fix lint error 2025-01-06 02:16:57 +00:00			`def keys(self) -> list[bytes]:`
Adding in support for multiple SALTs thus allowing them to be rotated This commit adds in support for the SALT to be rotated by defining a list of salts within settings.py where the newer salts are added to the start. The first key will be used to encrypt all new data, and decryption of existing values will be attempted with all given keys in order. This is useful for key rotation: place a new key at the head of the list for use with all new or changed data, but existing values encrypted with old keys will still be accessible This is based of django-fernet-fields which is a dead package but has some useful features such as this to allow the salt to be rotated in the future for a stronger salt. ``` SALT_KEY = [ 'my-newer-salt', 'the-original-salt' ] ``` 2021-12-08 11:12:44 +00:00			`keys = []`
setup github actions with black, flake8, testing and coverage 2022-04-21 12:15:59 +00:00			`salt_keys = (`
			`settings.SALT_KEY`
			`if isinstance(settings.SALT_KEY, list)`
			`else [settings.SALT_KEY]`
			`)`
Fixed getting SECRET_KEY_FALLBACKS for django <4.1 2025-02-18 14:26:33 +00:00			`secret_keys = [settings.SECRET_KEY] + getattr(settings, "SECRET_KEY_FALLBACKS", list())`
Added ability to use Django's SECRET_KEY_FALLBACKS to rotate secret key 2025-02-18 14:11:15 +00:00			`for secret_key in secret_keys:`
			`for salt_key in salt_keys:`
			`salt = bytes(salt_key, "utf-8")`
			`kdf = PBKDF2HMAC(`
			`algorithm=hashes.SHA256(),`
			`length=32,`
			`salt=salt,`
			`iterations=100_000,`
			`backend=default_backend(),`
			`)`
			`keys.append(`
			`base64.urlsafe_b64encode(`
			`kdf.derive(secret_key.encode("utf-8"))`
			`)`
setup github actions with black, flake8, testing and coverage 2022-04-21 12:15:59 +00:00			`)`
Adding in support for multiple SALTs thus allowing them to be rotated This commit adds in support for the SALT to be rotated by defining a list of salts within settings.py where the newer salts are added to the start. The first key will be used to encrypt all new data, and decryption of existing values will be attempted with all given keys in order. This is useful for key rotation: place a new key at the head of the list for use with all new or changed data, but existing values encrypted with old keys will still be accessible This is based of django-fernet-fields which is a dead package but has some useful features such as this to allow the salt to be rotated in the future for a stronger salt. ``` SALT_KEY = [ 'my-newer-salt', 'the-original-salt' ] ``` 2021-12-08 11:12:44 +00:00			`return keys`
first commit 2021-09-30 14:27:19 +00:00
Adding in support for multiple SALTs thus allowing them to be rotated This commit adds in support for the SALT to be rotated by defining a list of salts within settings.py where the newer salts are added to the start. The first key will be used to encrypt all new data, and decryption of existing values will be attempted with all given keys in order. This is useful for key rotation: place a new key at the head of the list for use with all new or changed data, but existing values encrypted with old keys will still be accessible This is based of django-fernet-fields which is a dead package but has some useful features such as this to allow the salt to be rotated in the future for a stronger salt. ``` SALT_KEY = [ 'my-newer-salt', 'the-original-salt' ] ``` 2021-12-08 11:12:44 +00:00			`@cached_property`
Fix lint error 2025-01-06 02:16:57 +00:00			`def f(self) -> Fernet \| MultiFernet:`
Adding in support for multiple SALTs thus allowing them to be rotated This commit adds in support for the SALT to be rotated by defining a list of salts within settings.py where the newer salts are added to the start. The first key will be used to encrypt all new data, and decryption of existing values will be attempted with all given keys in order. This is useful for key rotation: place a new key at the head of the list for use with all new or changed data, but existing values encrypted with old keys will still be accessible This is based of django-fernet-fields which is a dead package but has some useful features such as this to allow the salt to be rotated in the future for a stronger salt. ``` SALT_KEY = [ 'my-newer-salt', 'the-original-salt' ] ``` 2021-12-08 11:12:44 +00:00			`if len(self.keys) == 1:`
			`return Fernet(self.keys[0])`
			`return MultiFernet([Fernet(k) for k in self.keys])`
first commit 2021-09-30 14:27:19 +00:00
Fix lint error 2025-01-06 02:16:57 +00:00			`def get_internal_type(self) -> str:`
first commit 2021-09-30 14:27:19 +00:00			`"""`
			`To treat everything as text`
			`"""`
setup github actions with black, flake8, testing and coverage 2022-04-21 12:15:59 +00:00			`return "TextField"`
first commit 2021-09-30 14:27:19 +00:00
Fix lint error 2025-01-06 02:16:57 +00:00			`def get_prep_value(self, value: _TypeAny) -> _TypeAny:`
Fix get_prep_value and to_python function 2022-05-06 13:55:52 +00:00			`value = super().get_prep_value(value)`
first commit 2021-09-30 14:27:19 +00:00			`if value:`
			`if not isinstance(value, str):`
			`value = str(value)`
setup github actions with black, flake8, testing and coverage 2022-04-21 12:15:59 +00:00			`return self.f.encrypt(bytes(value, "utf-8")).decode("utf-8")`
first commit 2021-09-30 14:27:19 +00:00			`return None`

Fix lint error 2025-01-06 02:16:57 +00:00			`def get_db_prep_value(`
			`self,`
			`value: _TypeAny,`
			`connection: BaseDatabaseWrapper, # noqa: ARG002`
			`prepared: bool = False, # noqa: FBT001, FBT002`
			`) -> _TypeAny:`
first commit 2021-09-30 14:27:19 +00:00			`if not prepared:`
			`value = self.get_prep_value(value)`
			`return value`

Fix lint error 2025-01-06 02:16:57 +00:00			`def from_db_value(`
			`self,`
			`value: _TypeAny,`
			`expression: Expression, # noqa: ARG002`
			`connection: BaseDatabaseWrapper, # noqa: ARG002`
			`) -> _TypeAny:`
first commit 2021-09-30 14:27:19 +00:00			`return self.to_python(value)`

Fix lint error 2025-01-06 02:16:57 +00:00			`def to_python(self, value: _TypeAny) -> _TypeAny:`
setup github actions with black, flake8, testing and coverage 2022-04-21 12:15:59 +00:00			`if (`
			`value is None`
			`or not isinstance(value, str)`
			`or hasattr(self, "_already_decrypted")`
			`):`
first commit 2021-09-30 14:27:19 +00:00			`return value`
Fix get_prep_value and to_python function 2022-05-06 13:55:52 +00:00			`try:`
			`value = self.f.decrypt(bytes(value, "utf-8")).decode("utf-8")`
			`except InvalidToken:`
			`pass`
			`except UnicodeEncodeError:`
			`pass`
Fix lint error 2025-01-06 02:16:57 +00:00			`return super().to_python(value)`
first commit 2021-09-30 14:27:19 +00:00
Fix lint error 2025-01-06 02:16:57 +00:00			`def clean(self, value: _TypeAny, model_instance: models.Field) -> _TypeAny:`
Bug fix for #4 This is a bug fix for issue #4 where Django Admin raises an exception when saving Encrypted fields as the value is not encrypted at the time of the clean process. This PR sets a semaphore property which is checked within the to_python method allowing the decryption to be skipped. It then removes the semaphore property to clean up the field 2021-12-17 17:29:10 +00:00			`"""`
Fix lint error 2025-01-06 02:16:57 +00:00			`Create and assign a semaphore so that to_python method will not try`
			`to decrypt an already decrypted value during cleaning of a form`
Bug fix for #4 This is a bug fix for issue #4 where Django Admin raises an exception when saving Encrypted fields as the value is not encrypted at the time of the clean process. This PR sets a semaphore property which is checked within the to_python method allowing the decryption to be skipped. It then removes the semaphore property to clean up the field 2021-12-17 17:29:10 +00:00			`"""`
			`self._already_decrypted = True`
			`ret = super().clean(value, model_instance)`
			`del self._already_decrypted`
			`return ret`

first commit 2021-09-30 14:27:19 +00:00
			`class EncryptedCharField(EncryptedFieldMixin, models.CharField):`
			`pass`


			`class EncryptedTextField(EncryptedFieldMixin, models.TextField):`
			`pass`


			`class EncryptedDateTimeField(EncryptedFieldMixin, models.DateTimeField):`
			`pass`


			`class EncryptedIntegerField(EncryptedFieldMixin, models.IntegerField):`
Fix #10 2022-05-06 00:38:20 +00:00			`@cached_property`
Fix lint error 2025-01-06 02:16:57 +00:00			`def validators(self) -> list[MinValueValidator \| MaxValueValidator]:`
Fix EncryptedIntegerField and testcase 2022-05-06 23:23:24 +00:00			`# These validators can't be added at field initialization time since`
			# they're based on values retrieved from `connection`.
			`validators_ = [self.default_validators, self._validators]`
			`internal_type = models.IntegerField().get_internal_type()`
Fix lint error 2025-01-06 02:16:57 +00:00			`min_value, max_value = BaseDatabaseOperations.integer_field_ranges[`
			`internal_type`
			`]`
Fix EncryptedIntegerField and testcase 2022-05-06 23:23:24 +00:00			`if min_value is not None and not any(`
			`(`
Fix lint error 2025-01-06 02:16:57 +00:00			`isinstance(validator, MinValueValidator)`
Fix EncryptedIntegerField and testcase 2022-05-06 23:23:24 +00:00			`and (`
			`validator.limit_value()`
			`if callable(validator.limit_value)`
			`else validator.limit_value`
			`)`
			`>= min_value`
			`)`
			`for validator in validators_`
			`):`
Fix lint error 2025-01-06 02:16:57 +00:00			`validators_.append(MinValueValidator(min_value))`
Fix EncryptedIntegerField and testcase 2022-05-06 23:23:24 +00:00			`if max_value is not None and not any(`
			`(`
Fix lint error 2025-01-06 02:16:57 +00:00			`isinstance(validator, MaxValueValidator)`
Fix EncryptedIntegerField and testcase 2022-05-06 23:23:24 +00:00			`and (`
			`validator.limit_value()`
			`if callable(validator.limit_value)`
			`else validator.limit_value`
			`)`
			`<= max_value`
			`)`
			`for validator in validators_`
			`):`
Fix lint error 2025-01-06 02:16:57 +00:00			`validators_.append(MaxValueValidator(max_value))`
Fix EncryptedIntegerField and testcase 2022-05-06 23:23:24 +00:00			`return validators_`
first commit 2021-09-30 14:27:19 +00:00

			`class EncryptedDateField(EncryptedFieldMixin, models.DateField):`
			`pass`


			`class EncryptedFloatField(EncryptedFieldMixin, models.FloatField):`
			`pass`


			`class EncryptedEmailField(EncryptedFieldMixin, models.EmailField):`
			`pass`


			`class EncryptedBooleanField(EncryptedFieldMixin, models.BooleanField):`
			`pass`
Add support for encrypted JSON fields 2023-07-18 04:55:25 +00:00

			`class EncryptedJSONField(EncryptedFieldMixin, models.JSONField):`
Fix lint error 2025-01-06 02:16:57 +00:00			`def _encrypt_values(self, value: _TypeAny) -> _TypeAny:`
Add support for encrypted JSON fields 2023-07-18 04:55:25 +00:00			`if isinstance(value, dict):`
			`return {key: self._encrypt_values(data) for key, data in value.items()}`
Fix lint error 2025-01-06 02:16:57 +00:00			`if isinstance(value, list):`
			`return [self._encrypt_values(data) for data in value]`
			`value = str(value)`
Add support for encrypted JSON fields 2023-07-18 04:55:25 +00:00			`return self.f.encrypt(bytes(value, "utf-8")).decode("utf-8")`

Fix lint error 2025-01-06 02:16:57 +00:00			`def _decrypt_values(self, value: _TypeAny) -> _TypeAny:`
Add support for encrypted JSON fields 2023-07-18 04:55:25 +00:00			`if value is None:`
			`return value`
			`if isinstance(value, dict):`
			`return {key: self._decrypt_values(data) for key, data in value.items()}`
Fix lint error 2025-01-06 02:16:57 +00:00			`if isinstance(value, list):`
			`return [self._decrypt_values(data) for data in value]`
			`value = str(value)`
Add support for encrypted JSON fields 2023-07-18 04:55:25 +00:00			`return self.f.decrypt(bytes(value, "utf-8")).decode("utf-8")`

Fix lint error 2025-01-06 02:16:57 +00:00			`def get_prep_value(self, value: _TypeAny) -> str:`
Add support for encrypted JSON fields 2023-07-18 04:55:25 +00:00			`return json.dumps(self._encrypt_values(value=value), cls=self.encoder)`

Fix lint error 2025-01-06 02:16:57 +00:00			`def get_internal_type(self) -> str:`
Add support for encrypted JSON fields 2023-07-18 04:55:25 +00:00			`return "JSONField"`

Fix lint error 2025-01-06 02:16:57 +00:00			`def to_python(self, value: _TypeAny) -> _TypeAny:`
Add support for encrypted JSON fields 2023-07-18 04:55:25 +00:00			`if (`
			`value is None`
			`or not isinstance(value, str)`
			`or hasattr(self, "_already_decrypted")`
			`):`
			`return value`
			`try:`
			`value = self._decrypt_values(value=json.loads(value))`
			`except InvalidToken:`
			`pass`
			`except UnicodeEncodeError:`
			`pass`
Fix lint error 2025-01-06 02:16:57 +00:00			`return super().to_python(value)`