Introduced fernet to credential manager. Closes #183

.gitignore

@@ -113,6 +113,7 @@ venv.bak/
 
 # Custom Environments
 cpl-env/
+.secret
 
 # Spyder project settings
 .spyderproject

src/cpl-application/cpl/application/abc/application_abc.py

@@ -3,8 +3,9 @@ from typing import Callable, Self
 
 from cpl.application.host import Host
 from cpl.core.console.console import Console
-from cpl.core.environment import Environment
+from cpl.core.environment.environment import Environment
-from cpl.core.log import LoggerABC, LogLevel
+from cpl.core.log.logger_abc import LoggerABC
+from cpl.core.log.log_level_enum import LogLevel
 from cpl.dependency.service_provider_abc import ServiceProviderABC
 
 

src/cpl-auth/cpl/auth/schema/_administration/api_key.py

@@ -1,25 +1,27 @@
 import secrets
 from datetime import datetime
-from typing import Optional
+from typing import Optional, Union
 
 from async_property import async_property
 
 from cpl.auth.permission.permissions import Permissions
-from cpl.core.environment import Environment
+from cpl.core.environment.environment import Environment
-from cpl.core.log import Logger
+from cpl.core.log.logger import Logger
-from cpl.core.typing import SerialId, Id
+from cpl.core.typing import Id, SerialId
-from cpl.database.abc import DbModelABC
+from cpl.core.utils.credential_manager import CredentialManager
-from cpl.dependency import ServiceProviderABC
+from cpl.database.abc.db_model_abc import DbModelABC
+from cpl.dependency.service_provider_abc import ServiceProviderABC
 
 _logger = Logger(__name__)
 
 
 class ApiKey(DbModelABC):
+
     def __init__(
         self,
         id: SerialId,
         identifier: str,
-        key: str,
+        key: Union[str, bytes],
         deleted: bool = False,
         editor_id: Optional[Id] = None,
         created: Optional[datetime] = None,
@@ -37,12 +39,17 @@ class ApiKey(DbModelABC):
     def key(self) -> str:
         return self._key
 
+    @property
+    def plain_key(self) -> str:
+        return CredentialManager.decrypt(self.key)
+
     @async_property
     async def permissions(self):
         from cpl.auth.schema._permission.api_key_permission_dao import ApiKeyPermissionDao
 
-        api_key_permission_dao: ApiKeyPermissionDao = ServiceProviderABC.get_global_service(ApiKeyPermissionDao)
+        apiKeyPermissionDao = ServiceProviderABC.get_global_provider().get_service(ApiKeyPermissionDao)
-        return [await x.permission for x in await api_key_permission_dao.find_by_api_key_id(self.id)]
+
+        return [await x.permission for x in await apiKeyPermissionDao.find_by_api_key_id(self.id)]
 
     async def has_permission(self, permission: Permissions) -> bool:
         return permission.value in [x.name for x in await self.permissions]
@@ -52,7 +59,7 @@ class ApiKey(DbModelABC):
 
     @staticmethod
     def new_key() -> str:
-        return f"api_{secrets.token_urlsafe(Environment.get("API_KEY_LENGTH", int, 64))}"
+        return CredentialManager.encrypt(f"api_{secrets.token_urlsafe(Environment.get("API_KEY_LENGTH", int, 64))}")
 
     @classmethod
     def new(cls, identifier: str) -> "ApiKey":

src/cpl-core/cpl/core/configuration/configuration.py

@@ -7,7 +7,6 @@ from typing import Any
 from cpl.core.configuration.configuration_model_abc import ConfigurationModelABC
 from cpl.core.console.console import Console
 from cpl.core.console.foreground_color_enum import ForegroundColorEnum
-from cpl.core.environment.environment import Environment
 from cpl.core.typing import D, T
 from cpl.core.utils.json_processor import JSONProcessor
 
@@ -88,6 +87,8 @@ class Configuration:
         if os.path.isabs(name):
             file_path = name
         else:
+            from cpl.core.environment import Environment
+
             path_root = Environment.get_cwd()
             if path is not None:
                 path_root = path

src/cpl-core/cpl/core/environment/environment.py

@@ -1,6 +1,6 @@
 import os
 from socket import gethostname
-from typing import Optional, Type
+from typing import Type
 
 from cpl.core.environment.environment_enum import EnvironmentEnum
 from cpl.core.typing import T, D

src/cpl-core/cpl/core/utils/credential_manager.py

@@ -1,12 +1,40 @@
-import base64
+import os
 
+from cryptography.fernet import Fernet
+
+from cpl.core.log.logger import Logger
+
+_logger = Logger(__name__)
 
 class CredentialManager:
     r"""Handles credential encryption and decryption"""
+    _secret: str = None
 
-    @staticmethod
+    @classmethod
-    def encrypt(string: str) -> str:
+    def with_secret(cls, file: str = None):
-        r"""Encode with base64
+        if file is None:
+            file = ".secret"
+
+        if not os.path.isfile(file):
+            dirname = os.path.dirname(file)
+            if dirname != "":
+                os.makedirs(dirname, exist_ok=True)
+
+            with open(file, "w") as secret_file:
+                secret_file.write(Fernet.generate_key().decode())
+                secret_file.close()
+            _logger.warning("Secret file not found, regenerating")
+
+        with open(file, "r") as secret_file:
+            secret = secret_file.read().strip()
+            if secret == "" or secret is None:
+                _logger.fatal("No secret found in .secret file.")
+
+            cls._secret = str(secret)
+
+    @classmethod
+    def encrypt(cls, string: str) -> str:
+        r"""Encode with Fernet
 
         Parameter:
             string: :class:`str`
@@ -15,11 +43,11 @@ class CredentialManager:
         Returns:
             Encoded string
         """
-        return base64.b64encode(string.encode("utf-8")).decode("utf-8")
+        return Fernet(cls._secret).encrypt(string.encode()).decode()
 
-    @staticmethod
+    @classmethod
-    def decrypt(string: str) -> str:
+    def decrypt(cls, string: str) -> str:
-        r"""Decode with base64
+        r"""Decode with Fernet
 
         Parameter:
             string: :class:`str`
@@ -28,19 +56,4 @@ class CredentialManager:
         Returns:
             Decoded string
         """
-        return base64.b64decode(string).decode("utf-8")
+        return Fernet(cls._secret).decrypt(string).decode()
-
-    @staticmethod
-    def build_string(string: str, credentials: str):
-        r"""Builds string with credentials in it
-
-        Parameter:
-            string: :class:`str`
-                String in which the variable is replaced by credentials
-            credentials: :class:`str`
-                String to encode
-
-        Returns:
-            Decoded string
-        """
-        return string.replace("$credentials", CredentialManager.decrypt(credentials))

src/cpl-core/cpl/core/utils/get_value.py

@@ -51,7 +51,7 @@ def get_value(
                 return cast_type[value]
             except KeyError:
                 pass
-            
+
             return default
 
         if (cast_type if not hasattr(cast_type, "__origin__") else cast_type.__origin__) == list:

src/cpl-database/cpl/database/__init__.py

@@ -11,16 +11,18 @@ def _with_migrations(self: _ApplicationABC, *paths: list[str]) -> _ApplicationAB
     from cpl.application.host import Host
 
     from cpl.database.service.migration_service import MigrationService
+
     migration_service = self._services.get_service(MigrationService)
     migration_service.with_directory("./scripts")
     Host.run(migration_service.migrate)
 
     return self
 
+
 def _with_seeders(self: _ApplicationABC) -> _ApplicationABC:
     from cpl.database.service.seeder_service import SeederService
     from cpl.application.host import Host
-    
+
     seeder_service: SeederService = self._services.get_service(SeederService)
     Host.run(seeder_service.seed)
     return self

src/cpl-database/cpl/database/abc/data_access_object_abc.py

@@ -6,7 +6,7 @@ from typing import Generic, Optional, Union, Type, List, Any
 
 from cpl.core.ctx import get_user
 from cpl.core.typing import T, Id
-from cpl.core.utils import String
+from cpl.core.utils.string import String
 from cpl.core.utils.get_value import get_value
 from cpl.database.abc.db_context_abc import DBContextABC
 from cpl.database.const import DATETIME_FORMAT

src/cpl-database/cpl/database/model/database_settings.py

@@ -3,7 +3,6 @@ from typing import Optional
 from cpl.core.configuration import Configuration
 from cpl.core.configuration.configuration_model_abc import ConfigurationModelABC
 from cpl.core.environment import Environment
-from cpl.core.utils import Base64
 
 
 class DatabaseSettings(ConfigurationModelABC):
@@ -27,7 +26,7 @@ class DatabaseSettings(ConfigurationModelABC):
         self._host: Optional[str] = host
         self._port: Optional[int] = port
         self._user: Optional[str] = user
-        self._password: Optional[str] = Base64.decode(password) if Base64.is_b64(password) else password
+        self._password: Optional[str] = password
         self._database: Optional[str] = database
         self._charset: Optional[str] = charset
         self._use_unicode: Optional[bool] = use_unicode

src/cpl-database/cpl/database/mysql/connection.py

@@ -5,8 +5,7 @@ from mysql.connector.abstracts import MySQLConnectionAbstract
 from mysql.connector.cursor import MySQLCursorBuffered
 
 from cpl.database.abc.connection_abc import ConnectionABC
-from cpl.database.database_settings import DatabaseSettings
+from cpl.database.model.database_settings import DatabaseSettings
-from cpl.core.utils.credential_manager import CredentialManager
 
 
 class DatabaseConnection(ConnectionABC):
@@ -31,7 +30,7 @@ class DatabaseConnection(ConnectionABC):
             host=settings.host,
             port=settings.port,
             user=settings.user,
-            passwd=CredentialManager.decrypt(settings.password),
+            passwd=settings.password,
             charset=settings.charset,
             use_unicode=settings.use_unicode,
             buffered=settings.buffered,
@@ -43,7 +42,7 @@ class DatabaseConnection(ConnectionABC):
             host=settings.host,
             port=settings.port,
             user=settings.user,
-            passwd=CredentialManager.decrypt(settings.password),
+            passwd=settings.password,
             db=settings.database,
             charset=settings.charset,
             use_unicode=settings.use_unicode,

src/cpl-mail/cpl/mail/email_client.py

@@ -2,7 +2,6 @@ import ssl
 from smtplib import SMTP
 from typing import Optional
 
-from cpl.core.utils.credential_manager import CredentialManager
 from cpl.mail.abc.email_client_abc import EMailClientABC
 from cpl.mail.email_client_settings import EMailClientSettings
 from cpl.mail.email_model import EMail
@@ -62,9 +61,7 @@ class EMailClient(EMailClientABC):
                 __name__,
                 f"Try to login {self._mail_settings.user_name}@{self._mail_settings.host}:{self._mail_settings.port}",
             )
-            self._server.login(
+            self._server.login(self._mail_settings.user_name, self._mail_settings.credentials)
-                self._mail_settings.user_name, CredentialManager.decrypt(self._mail_settings.credentials)
-            )
             self._logger.info(
                 __name__,
                 f"Logged on as {self._mail_settings.user_name} to {self._mail_settings.host}:{self._mail_settings.port}",

tests/custom/database/src/application.py

@@ -1,4 +1,4 @@
-from cpl.application.abc.application_abc import ApplicationABC
+from cpl.application.abc import ApplicationABC
 from cpl.auth.keycloak import KeycloakAdmin
 from cpl.core.console import Console
 from cpl.core.environment import Environment

tests/custom/database/src/appsettings.edrafts-pc.json

@@ -17,7 +17,7 @@
     "Host": "localhost",
     "User": "cpl",
     "Port": 3306,
-    "Password": "Y3Bs",
+    "Password": "cpl",
     "Database": "cpl",
     "Charset": "utf8mb4",
     "UseUnicode": "true",

unittests/unittests_core/utils/credential_manager_test_case.py

@@ -6,34 +6,30 @@ from cpl.core.utils import CredentialManager
 class CredentialManagerTestCase(unittest.TestCase):
     def setUp(self): ...
 
-    def test_encrypt(self):
+    def test_encrypt(self): ...
-        self.assertEqual("ZkVjSkplQUx4aW1zWHlPbA==", CredentialManager.encrypt("fEcJJeALximsXyOl"))
-        self.assertEqual("QmtVd1l4dW5Sck9jRmVTQQ==", CredentialManager.encrypt("BkUwYxunRrOcFeSA"))
-        self.assertEqual("c2FtaHF1VkNSdmZpSGxDcQ==", CredentialManager.encrypt("samhquVCRvfiHlCq"))
-        self.assertEqual("S05aWHBPYW9DbkRSV01rWQ==", CredentialManager.encrypt("KNZXpOaoCnDRWMkY"))
-        self.assertEqual("QmtUV0Zsb3h1Y254UkJWeg==", CredentialManager.encrypt("BkTWFloxucnxRBVz"))
-        self.assertEqual("VFdNTkRuYXB1b1dndXNKdw==", CredentialManager.encrypt("TWMNDnapuoWgusJw"))
-        self.assertEqual("WVRiQXVSZXRMblpicWNrcQ==", CredentialManager.encrypt("YTbAuRetLnZbqckq"))
-        self.assertEqual("bmN4aExackxhYUVVdnV2VA==", CredentialManager.encrypt("ncxhLZrLaaEUvuvT"))
-        self.assertEqual("dmpNT0J5U0lLQmFrc0pIYQ==", CredentialManager.encrypt("vjMOBySIKBaksJHa"))
-        self.assertEqual("ZHd6WHFzSlFvQlhRbGtVZw==", CredentialManager.encrypt("dwzXqsJQoBXQlkUg"))
-        self.assertEqual("Q0lmUUhOREtiUmxnY2VCbQ==", CredentialManager.encrypt("CIfQHNDKbRlgceBm"))
 
-    def test_decrypt(self):
+    # self.assertEqual("ZkVjSkplQUx4aW1zWHlPbA==", CredentialManager.encrypt("fEcJJeALximsXyOl"))
-        self.assertEqual("fEcJJeALximsXyOl", CredentialManager.decrypt("ZkVjSkplQUx4aW1zWHlPbA=="))
+    # self.assertEqual("QmtVd1l4dW5Sck9jRmVTQQ==", CredentialManager.encrypt("BkUwYxunRrOcFeSA"))
-        self.assertEqual("BkUwYxunRrOcFeSA", CredentialManager.decrypt("QmtVd1l4dW5Sck9jRmVTQQ=="))
+    # self.assertEqual("c2FtaHF1VkNSdmZpSGxDcQ==", CredentialManager.encrypt("samhquVCRvfiHlCq"))
-        self.assertEqual("samhquVCRvfiHlCq", CredentialManager.decrypt("c2FtaHF1VkNSdmZpSGxDcQ=="))
+    # self.assertEqual("S05aWHBPYW9DbkRSV01rWQ==", CredentialManager.encrypt("KNZXpOaoCnDRWMkY"))
-        self.assertEqual("KNZXpOaoCnDRWMkY", CredentialManager.decrypt("S05aWHBPYW9DbkRSV01rWQ=="))
+    # self.assertEqual("QmtUV0Zsb3h1Y254UkJWeg==", CredentialManager.encrypt("BkTWFloxucnxRBVz"))
-        self.assertEqual("BkTWFloxucnxRBVz", CredentialManager.decrypt("QmtUV0Zsb3h1Y254UkJWeg=="))
+    # self.assertEqual("VFdNTkRuYXB1b1dndXNKdw==", CredentialManager.encrypt("TWMNDnapuoWgusJw"))
-        self.assertEqual("TWMNDnapuoWgusJw", CredentialManager.decrypt("VFdNTkRuYXB1b1dndXNKdw=="))
+    # self.assertEqual("WVRiQXVSZXRMblpicWNrcQ==", CredentialManager.encrypt("YTbAuRetLnZbqckq"))
-        self.assertEqual("YTbAuRetLnZbqckq", CredentialManager.decrypt("WVRiQXVSZXRMblpicWNrcQ=="))
+    # self.assertEqual("bmN4aExackxhYUVVdnV2VA==", CredentialManager.encrypt("ncxhLZrLaaEUvuvT"))
-        self.assertEqual("ncxhLZrLaaEUvuvT", CredentialManager.decrypt("bmN4aExackxhYUVVdnV2VA=="))
+    # self.assertEqual("dmpNT0J5U0lLQmFrc0pIYQ==", CredentialManager.encrypt("vjMOBySIKBaksJHa"))
-        self.assertEqual("vjMOBySIKBaksJHa", CredentialManager.decrypt("dmpNT0J5U0lLQmFrc0pIYQ=="))
+    # self.assertEqual("ZHd6WHFzSlFvQlhRbGtVZw==", CredentialManager.encrypt("dwzXqsJQoBXQlkUg"))
-        self.assertEqual("dwzXqsJQoBXQlkUg", CredentialManager.decrypt("ZHd6WHFzSlFvQlhRbGtVZw=="))
+    # self.assertEqual("Q0lmUUhOREtiUmxnY2VCbQ==", CredentialManager.encrypt("CIfQHNDKbRlgceBm"))
-        self.assertEqual("CIfQHNDKbRlgceBm", CredentialManager.decrypt("Q0lmUUhOREtiUmxnY2VCbQ=="))
 
-    def test_build_string(self):
+    def test_decrypt(self): ...
-        self.assertEqual(
+
-            "TestStringWithCredentialsfEcJJeALximsXyOlHere",
+    # self.assertEqual("fEcJJeALximsXyOl", CredentialManager.decrypt("ZkVjSkplQUx4aW1zWHlPbA=="))
-            CredentialManager.build_string("TestStringWithCredentials$credentialsHere", "ZkVjSkplQUx4aW1zWHlPbA=="),
+    # self.assertEqual("BkUwYxunRrOcFeSA", CredentialManager.decrypt("QmtVd1l4dW5Sck9jRmVTQQ=="))
-        )
+    # self.assertEqual("samhquVCRvfiHlCq", CredentialManager.decrypt("c2FtaHF1VkNSdmZpSGxDcQ=="))
+    # self.assertEqual("KNZXpOaoCnDRWMkY", CredentialManager.decrypt("S05aWHBPYW9DbkRSV01rWQ=="))
+    # self.assertEqual("BkTWFloxucnxRBVz", CredentialManager.decrypt("QmtUV0Zsb3h1Y254UkJWeg=="))
+    # self.assertEqual("TWMNDnapuoWgusJw", CredentialManager.decrypt("VFdNTkRuYXB1b1dndXNKdw=="))
+    # self.assertEqual("YTbAuRetLnZbqckq", CredentialManager.decrypt("WVRiQXVSZXRMblpicWNrcQ=="))
+    # self.assertEqual("ncxhLZrLaaEUvuvT", CredentialManager.decrypt("bmN4aExackxhYUVVdnV2VA=="))
+    # self.assertEqual("vjMOBySIKBaksJHa", CredentialManager.decrypt("dmpNT0J5U0lLQmFrc0pIYQ=="))
+    # self.assertEqual("dwzXqsJQoBXQlkUg", CredentialManager.decrypt("ZHd6WHFzSlFvQlhRbGtVZw=="))
+    # self.assertEqual("CIfQHNDKbRlgceBm", CredentialManager.decrypt("Q0lmUUhOREtiUmxnY2VCbQ=="))