netbox-community-netbox/netbox/secrets/forms.py

from __future__ import unicode_literals

from Crypto.Cipher import PKCS1_OAEP
from Crypto.PublicKey import RSA

from django import forms
from django.db.models import Count

from dcim.models import Device
from utilities.forms import BootstrapMixin, BulkEditForm, FilterChoiceField, FlexibleModelChoiceField, SlugField
from .models import Secret, SecretRole, UserKey


def validate_rsa_key(key, is_secret=True):
    """
    Validate the format and type of an RSA key.
    """
    try:
        key = RSA.importKey(key)
    except ValueError:
        raise forms.ValidationError("Invalid RSA key. Please ensure that your key is in PEM (base64) format.")
    except Exception as e:
        raise forms.ValidationError("Invalid key detected: {}".format(e))
    if is_secret and not key.has_private():
        raise forms.ValidationError("This looks like a public key. Please provide your private RSA key.")
    elif not is_secret and key.has_private():
        raise forms.ValidationError("This looks like a private key. Please provide your public RSA key.")
    try:
        PKCS1_OAEP.new(key)
    except:
        raise forms.ValidationError("Error validating RSA key. Please ensure that your key supports PKCS#1 OAEP.")


#
# Secret roles
#

class SecretRoleForm(BootstrapMixin, forms.ModelForm):
    slug = SlugField()

    class Meta:
        model = SecretRole
        fields = ['name', 'slug']


#
# Secrets
#

class SecretForm(BootstrapMixin, forms.ModelForm):
    plaintext = forms.CharField(max_length=65535, required=False, label='Plaintext',
                                widget=forms.PasswordInput(attrs={'class': 'requires-session-key'}))
    plaintext2 = forms.CharField(max_length=65535, required=False, label='Plaintext (verify)',
                                 widget=forms.PasswordInput())

    class Meta:
        model = Secret
        fields = ['role', 'name', 'plaintext', 'plaintext2']

    def clean(self):

        if self.cleaned_data['plaintext'] != self.cleaned_data['plaintext2']:
            raise forms.ValidationError({
                'plaintext2': "The two given plaintext values do not match. Please check your input."
            })


class SecretCSVForm(forms.ModelForm):
    device = FlexibleModelChoiceField(
        queryset=Device.objects.all(),
        to_field_name='name',
        help_text='Device name or ID',
        error_messages={
            'invalid_choice': 'Device not found.',
        }
    )
    role = forms.ModelChoiceField(
        queryset=SecretRole.objects.all(),
        to_field_name='name',
        help_text='Name of assigned role',
        error_messages={
            'invalid_choice': 'Invalid secret role.',
        }
    )
    plaintext = forms.CharField(
        help_text='Plaintext secret data'
    )

    class Meta:
        model = Secret
        fields = ['device', 'role', 'name', 'plaintext']
        help_texts = {
            'name': 'Name or username',
        }

    def save(self, *args, **kwargs):
        s = super(SecretCSVForm, self).save(*args, **kwargs)
        s.plaintext = str(self.cleaned_data['plaintext'])
        return s


class SecretBulkEditForm(BootstrapMixin, BulkEditForm):
    pk = forms.ModelMultipleChoiceField(queryset=Secret.objects.all(), widget=forms.MultipleHiddenInput)
    role = forms.ModelChoiceField(queryset=SecretRole.objects.all(), required=False)
    name = forms.CharField(max_length=100, required=False)

    class Meta:
        nullable_fields = ['name']


class SecretFilterForm(BootstrapMixin, forms.Form):
    q = forms.CharField(required=False, label='Search')
    role = FilterChoiceField(
        queryset=SecretRole.objects.annotate(filter_count=Count('secrets')),
        to_field_name='slug'
    )


#
# UserKeys
#

class UserKeyForm(BootstrapMixin, forms.ModelForm):

    class Meta:
        model = UserKey
        fields = ['public_key']
        help_texts = {
            'public_key': "Enter your public RSA key. Keep the private one with you; you'll need it for decryption.",
        }

    def clean_public_key(self):
        key = self.cleaned_data['public_key']

        # Validate the RSA key format.
        validate_rsa_key(key, is_secret=False)

        return key


class ActivateUserKeyForm(forms.Form):
    _selected_action = forms.ModelMultipleChoiceField(queryset=UserKey.objects.all(), label='User Keys')
    secret_key = forms.CharField(label='Your private key', widget=forms.Textarea(attrs={'class': 'vLargeTextField'}))
Import unicode_literals 2017-05-24 11:33:11 -04:00			`from __future__ import unicode_literals`

Initial push to public repo 2016-03-01 11:23:03 -05:00			`from Crypto.Cipher import PKCS1_OAEP`
			`from Crypto.PublicKey import RSA`

			`from django import forms`
Reimplemented FilterChoiceField 2016-09-20 11:08:25 -04:00			`from django.db.models import Count`
Initial push to public repo 2016-03-01 11:23:03 -05:00
Changed Secret parent from a GenericForeignKey to ForeignKey(Device) 2016-03-21 11:42:42 -04:00			`from dcim.models import Device`
Converted device fields to use FlexibleModelChoiceField; misc cleanup 2017-06-07 15:51:11 -04:00			`from utilities.forms import BootstrapMixin, BulkEditForm, FilterChoiceField, FlexibleModelChoiceField, SlugField`
Initial push to public repo 2016-03-01 11:23:03 -05:00			`from .models import Secret, SecretRole, UserKey`


			`def validate_rsa_key(key, is_secret=True):`
			`"""`
			`Validate the format and type of an RSA key.`
			`"""`
			`try:`
			`key = RSA.importKey(key)`
			`except ValueError:`
			`raise forms.ValidationError("Invalid RSA key. Please ensure that your key is in PEM (base64) format.")`
			`except Exception as e:`
			`raise forms.ValidationError("Invalid key detected: {}".format(e))`
			`if is_secret and not key.has_private():`
			`raise forms.ValidationError("This looks like a public key. Please provide your private RSA key.")`
			`elif not is_secret and key.has_private():`
			`raise forms.ValidationError("This looks like a private key. Please provide your public RSA key.")`
			`try:`
			`PKCS1_OAEP.new(key)`
			`except:`
			`raise forms.ValidationError("Error validating RSA key. Please ensure that your key supports PKCS#1 OAEP.")`


Added CBVs for SecretRoles 2016-05-16 12:07:12 -04:00			`#`
			`# Secret roles`
			`#`

Standardized inheritance order of BootstrapMixin 2016-12-21 14:15:18 -05:00			`class SecretRoleForm(BootstrapMixin, forms.ModelForm):`
Added JS for SlugField autofill 2016-05-20 15:32:17 -04:00			`slug = SlugField()`
Added CBVs for SecretRoles 2016-05-16 12:07:12 -04:00
			`class Meta:`
			`model = SecretRole`
			`fields = ['name', 'slug']`


Initial push to public repo 2016-03-01 11:23:03 -05:00			`#`
			`# Secrets`
			`#`

Standardized inheritance order of BootstrapMixin 2016-12-21 14:15:18 -05:00			`class SecretForm(BootstrapMixin, forms.ModelForm):`
Fixes #486: Prompt for secret key only if updating a secret's value 2016-08-18 16:43:41 -04:00			`plaintext = forms.CharField(max_length=65535, required=False, label='Plaintext',`
Fixes #1132: Prompt user to unlock session key when importing secrets 2017-05-03 11:47:28 -04:00			`widget=forms.PasswordInput(attrs={'class': 'requires-session-key'}))`
Closes #652: Use password input controls when editing secrets 2016-10-31 12:30:50 -04:00			`plaintext2 = forms.CharField(max_length=65535, required=False, label='Plaintext (verify)',`
			`widget=forms.PasswordInput())`
Initial push to public repo 2016-03-01 11:23:03 -05:00
			`class Meta:`
			`model = Secret`
			`fields = ['role', 'name', 'plaintext', 'plaintext2']`

			`def clean(self):`
Attributed all model ValidationErrors to specific fields (where appropriate) 2016-10-21 15:39:13 -04:00
			`if self.cleaned_data['plaintext'] != self.cleaned_data['plaintext2']:`
			`raise forms.ValidationError({`
			`'plaintext2': "The two given plaintext values do not match. Please check your input."`
			`})`
Initial push to public repo 2016-03-01 11:23:03 -05:00

Converted secrets import view to new scheme 2017-06-02 17:23:41 -04:00			`class SecretCSVForm(forms.ModelForm):`
Converted device fields to use FlexibleModelChoiceField; misc cleanup 2017-06-07 15:51:11 -04:00			`device = FlexibleModelChoiceField(`
Converted secrets import view to new scheme 2017-06-02 17:23:41 -04:00			`queryset=Device.objects.all(),`
			`to_field_name='name',`
Converted device fields to use FlexibleModelChoiceField; misc cleanup 2017-06-07 15:51:11 -04:00			`help_text='Device name or ID',`
Converted secrets import view to new scheme 2017-06-02 17:23:41 -04:00			`error_messages={`
			`'invalid_choice': 'Device not found.',`
			`}`
			`)`
			`role = forms.ModelChoiceField(`
			`queryset=SecretRole.objects.all(),`
			`to_field_name='name',`
			`help_text='Name of assigned role',`
			`error_messages={`
			`'invalid_choice': 'Invalid secret role.',`
			`}`
			`)`
			`plaintext = forms.CharField(`
			`help_text='Plaintext secret data'`
			`)`
Initial push to public repo 2016-03-01 11:23:03 -05:00
			`class Meta:`
			`model = Secret`
Changed Secret parent from a GenericForeignKey to ForeignKey(Device) 2016-03-21 11:42:42 -04:00			`fields = ['device', 'role', 'name', 'plaintext']`
Converted device fields to use FlexibleModelChoiceField; misc cleanup 2017-06-07 15:51:11 -04:00			`help_texts = {`
			`'name': 'Name or username',`
			`}`
Initial push to public repo 2016-03-01 11:23:03 -05:00
Changed Secret parent from a GenericForeignKey to ForeignKey(Device) 2016-03-21 11:42:42 -04:00			`def save(self, args, *kwargs):`
Converted secrets import view to new scheme 2017-06-02 17:23:41 -04:00			`s = super(SecretCSVForm, self).save(args, *kwargs)`
Changed Secret parent from a GenericForeignKey to ForeignKey(Device) 2016-03-21 11:42:42 -04:00			`s.plaintext = str(self.cleaned_data['plaintext'])`
			`return s`
Initial push to public repo 2016-03-01 11:23:03 -05:00
Changed Secret parent from a GenericForeignKey to ForeignKey(Device) 2016-03-21 11:42:42 -04:00
Standardized inheritance order of BootstrapMixin 2016-12-21 14:15:18 -05:00			`class SecretBulkEditForm(BootstrapMixin, BulkEditForm):`
Initial push to public repo 2016-03-01 11:23:03 -05:00			`pk = forms.ModelMultipleChoiceField(queryset=Secret.objects.all(), widget=forms.MultipleHiddenInput)`
Added headers to all bulk edit tables 2016-09-28 17:20:16 -04:00			`role = forms.ModelChoiceField(queryset=SecretRole.objects.all(), required=False)`
Initial push to public repo 2016-03-01 11:23:03 -05:00			`name = forms.CharField(max_length=100, required=False)`

#527: Initial work to allow nullifying fields during bulk edit 2016-09-30 16:17:41 -04:00			`class Meta:`
			`nullable_fields = ['name']`

Initial push to public repo 2016-03-01 11:23:03 -05:00
Standardized inheritance order of BootstrapMixin 2016-12-21 14:15:18 -05:00			`class SecretFilterForm(BootstrapMixin, forms.Form):`
Closes #841: Merged search and filter forms on all object lists 2017-01-24 12:05:39 -05:00			`q = forms.CharField(required=False, label='Search')`
Closes #927: Upgrade to django-filter 1.0 2017-03-01 13:09:19 -05:00			`role = FilterChoiceField(`
			`queryset=SecretRole.objects.annotate(filter_count=Count('secrets')),`
			`to_field_name='slug'`
			`)`
Initial push to public repo 2016-03-01 11:23:03 -05:00

			`#`
			`# UserKeys`
			`#`

Standardized inheritance order of BootstrapMixin 2016-12-21 14:15:18 -05:00			`class UserKeyForm(BootstrapMixin, forms.ModelForm):`
Initial push to public repo 2016-03-01 11:23:03 -05:00
			`class Meta:`
			`model = UserKey`
			`fields = ['public_key']`
			`help_texts = {`
			`'public_key': "Enter your public RSA key. Keep the private one with you; you'll need it for decryption.",`
			`}`

			`def clean_public_key(self):`
			`key = self.cleaned_data['public_key']`

			`# Validate the RSA key format.`
			`validate_rsa_key(key, is_secret=False)`

			`return key`


			`class ActivateUserKeyForm(forms.Form):`
			`_selected_action = forms.ModelMultipleChoiceField(queryset=UserKey.objects.all(), label='User Keys')`
			`secret_key = forms.CharField(label='Your private key', widget=forms.Textarea(attrs={'class': 'vLargeTextField'}))`