khaganat-web/pwdb/management/commands/pwdb_rotate_secret_key.py

from django.core.management.base import BaseCommand, CommandError
from pwdb.models import SharedPassword, IV_LENGTH
import secrets


class Command(BaseCommand):
    help = "Re-encrypts all the shared passwords after a secret key rollover"

    def add_arguments(self, parser):
        parser.add_argument("old_key", type=str)

    def handle(self, *args, **options):
        self.stdout.write("Re-encrypting passwords with the new secret key.")
        self.old_key = options["old_key"]
        try:
            for p in SharedPassword.objects.all():
                self.update_password(p)
            self.stdout.write("Done.")
        except ValueError:
            self.stderr.write("Invalid key.")

    def update_password(self, password):
        clear_password = password.decrypt_password(key=self.old_key)
        password.iv = secrets.token_bytes(IV_LENGTH)
        password.set_password(clear_password)
        password.save()
Add an admin command that re-encrypts passwords after a key rollover 2019-07-27 16:29:18 +00:00			`from django.core.management.base import BaseCommand, CommandError`
			`from pwdb.models import SharedPassword, IV_LENGTH`
			`import secrets`


			`class Command(BaseCommand):`
			`help = "Re-encrypts all the shared passwords after a secret key rollover"`

			`def add_arguments(self, parser):`
			`parser.add_argument("old_key", type=str)`

			`def handle(self, args, *options):`
			`self.stdout.write("Re-encrypting passwords with the new secret key.")`
			`self.old_key = options["old_key"]`
			`try:`
			`for p in SharedPassword.objects.all():`
			`self.update_password(p)`
			`self.stdout.write("Done.")`
			`except ValueError:`
			`self.stderr.write("Invalid key.")`

			`def update_password(self, password):`
			`clear_password = password.decrypt_password(key=self.old_key)`
			`password.iv = secrets.token_bytes(IV_LENGTH)`
			`password.set_password(clear_password)`
			`password.save()`