Turn prefix and hashed_key into proper APIKey fields (#62)

florimondmanca · web-flow · commit e91b8eb5c888 · 2019-06-30T14:57:00.000+02:00
* Turn prefix and hashed_key into proper APIKey fields

* Add v1.4 upgrade guide

* Update changelog, remove v from upgrade guide filename
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,6 +7,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+**NOTE**: this release contains migrations. See [Upgrade to v1.4](https://florimondmanca.github.io/djangorestframework-api-key/upgrade/1.4/) for detailed instructions.
+
+### Added
+
+- The `prefix` and `hashed_key` are now stored in dedicated fields on the `APIKey` model.
+
 ## [v1.3.0] - 2019-06-28
 
 **NOTE**: this release contains migrations. In your Django project, run them using:
diff --git a/docs/upgrade/1.4.md b/docs/upgrade/1.4.md
@@ -0,0 +1,33 @@
+# Upgrading to 1.4
+
+## Introduction
+
+The 1.4 release includes a migration that adds and populates the `prefix` and `hashed_key` fields to API keys.
+
+This document lists the steps necessary to upgrade from 1.3.x to 1.4.
+
+## Steps
+
+### 1. Migrate the built-in API key model
+
+The `APIKey` model can be migrated using the migration shipped with this package:
+
+```bash
+python manage.py migrate rest_framework_api_key
+```
+
+### 2. Migrate custom API key models (if applicable)
+
+If you have a custom API key model deriving from `AbstractAPIKey`, you need to **manually add the migration** to your application.
+
+- Copy the migration script below to your app's `migrations/` directory. Be sure to modify `APP_NAME`, `MODEL_NAME` and `DEPENDENCIES` as seems fit. You can name the migration script `xxxx_prefix_hashed_key.py` (replace `xxxx` with the next available migration ID).
+
+```python
+--8<-- "rest_framework_api_key/migrations/0004_prefix_hashed_key.py"
+```
+
+- Apply the migration:
+
+```bash
+python manage.py migrate <my_app>
+```
diff --git a/mkdocs.yml b/mkdocs.yml
@@ -14,6 +14,8 @@ nav:
   - Home: index.md
   - User Guide: guide.md
   - Security: security.md
+  - Upgrade Guides:
+      - "1.4": upgrade/1.4.md
   - Contributing: https://github.com/florimondmanca/djangorestframework-api-key/tree/master/CONTRIBUTING.md
   - Changelog: https://github.com/florimondmanca/djangorestframework-api-key/tree/master/CHANGELOG.md
   - License: https://github.com/florimondmanca/djangorestframework-api-key/tree/master/LICENSE
@@ -22,6 +24,8 @@ markdown_extensions:
   - admonition
   - footnotes
   - pymdownx.superfences
+  - pymdownx.snippets:
+      check_paths: true
   - codehilite:
       guess_lang: false
   - toc:
diff --git a/rest_framework_api_key/admin.py b/rest_framework_api_key/admin.py
@@ -7,8 +7,8 @@
 
 class APIKeyModelAdmin(admin.ModelAdmin):
     list_display = (
-        "name",
         "prefix",
+        "name",
         "created",
         "expiry_date",
         "_has_expired",
diff --git a/rest_framework_api_key/crypto.py b/rest_framework_api_key/crypto.py
@@ -7,6 +7,15 @@
     from .models import APIKey
 
 
+def concatenate(left: str, right: str) -> str:
+    return "{}.{}".format(left, right)
+
+
+def split(concatenated: str) -> Tuple[str, str]:
+    left, _, right = concatenated.partition(".")
+    return left, right
+
+
 class KeyGenerator:
     def __init__(self, prefix_length: int = 8, secret_key_length: int = 32):
         self.prefix_length = prefix_length
@@ -18,16 +27,15 @@ def get_prefix(self) -> str:
     def get_secret_key(self) -> str:
         return get_random_string(self.secret_key_length)
 
-    @staticmethod
-    def concatenate(left: str, right: str) -> str:
-        return "{}.{}".format(left, right)
+    def hash(self, value: str) -> str:
+        return make_password(value)
 
-    def generate(self) -> Tuple[str, str]:
+    def generate(self) -> Tuple[str, str, str]:
         prefix = self.get_prefix()
         secret_key = self.get_secret_key()
-        key = self.concatenate(prefix, secret_key)
-        hashed_key = self.concatenate(prefix, make_password(key))
-        return key, hashed_key
+        key = concatenate(prefix, secret_key)
+        hashed_key = self.hash(key)
+        return key, prefix, hashed_key
 
     def verify(self, key: str, hashed_key: str) -> bool:
         return check_password(key, hashed_key)
diff --git a/rest_framework_api_key/migrations/0004_prefix_hashed_key.py b/rest_framework_api_key/migrations/0004_prefix_hashed_key.py
@@ -0,0 +1,48 @@
+# Generated by Django 2.2.2 on 2019-06-29 10:38
+
+from django.db import migrations, models
+
+APP_NAME = "rest_framework_api_key"
+MODEL_NAME = "apikey"
+DEPENDENCIES = [(APP_NAME, "0003_auto_20190623_1952")]
+
+
+def populate_prefix_hashed_key(apps, schema_editor):
+    model = apps.get_model(APP_NAME, MODEL_NAME)
+
+    for api_key in model.objects.all():
+        prefix, _, hashed_key = api_key.id.partition(".")
+        api_key.prefix = prefix
+        api_key.hashed_key = hashed_key
+        api_key.save()
+
+
+class Migration(migrations.Migration):
+
+    dependencies = DEPENDENCIES
+
+    operations = [
+        migrations.AddField(
+            model_name=MODEL_NAME,
+            name="hashed_key",
+            field=models.CharField(max_length=100, null=True),
+        ),
+        migrations.AddField(
+            model_name=MODEL_NAME,
+            name="prefix",
+            field=models.CharField(max_length=8, unique=True, null=True),
+        ),
+        migrations.RunPython(
+            populate_prefix_hashed_key, migrations.RunPython.noop
+        ),
+        migrations.AlterField(
+            model_name=MODEL_NAME,
+            name="hashed_key",
+            field=models.CharField(max_length=100, editable=False),
+        ),
+        migrations.AlterField(
+            model_name=MODEL_NAME,
+            name="prefix",
+            field=models.CharField(max_length=8, unique=True, editable=False),
+        ),
+    ]
diff --git a/rest_framework_api_key/models.py b/rest_framework_api_key/models.py
@@ -4,15 +4,26 @@
 from django.db import models
 from django.utils import timezone
 
-from .crypto import KeyGenerator
+from .crypto import concatenate, KeyGenerator, split
 
 
 class BaseAPIKeyManager(models.Manager):
     key_generator = KeyGenerator()
 
     def assign_key(self, obj: "AbstractAPIKey") -> str:
-        key, hashed_key = self.key_generator.generate()
-        obj.id = hashed_key
+        try:
+            key, prefix, hashed_key = self.key_generator.generate()
+        except TypeError:  # Compatibility with < 1.4
+            key, hashed_key = self.key_generator.generate()
+            pk = hashed_key
+            prefix, hashed_key = split(hashed_key)
+        else:
+            pk = concatenate(prefix, hashed_key)
+
+        obj.id = pk
+        obj.prefix = prefix
+        obj.hashed_key = hashed_key
+
         return key
 
     def create_key(self, **kwargs) -> Tuple["AbstractAPIKey", str]:
@@ -32,10 +43,8 @@ def is_valid(self, key: str) -> bool:
         queryset = self.get_usable_keys()
 
         try:
-            api_key = queryset.get(
-                id__startswith=prefix
-            )  # type: AbstractAPIKey
-        except (self.model.DoesNotExist, self.model.MultipleObjectsReturned):
+            api_key = queryset.get(prefix=prefix)  # type: AbstractAPIKey
+        except self.model.DoesNotExist:
             return False
 
         if not api_key.is_valid(key):
@@ -57,6 +66,8 @@ class AbstractAPIKey(models.Model):
     id = models.CharField(
         max_length=100, unique=True, primary_key=True, editable=False
     )
+    prefix = models.CharField(max_length=8, unique=True, editable=False)
+    hashed_key = models.CharField(max_length=100, editable=False)
     created = models.DateTimeField(auto_now_add=True, db_index=True)
     name = models.CharField(
         max_length=50,
@@ -94,12 +105,6 @@ def __init__(self, *args, **kwargs):
         # Store the initial value of `revoked` to detect changes.
         self._initial_revoked = self.revoked
 
-    def _prefix(self) -> str:
-        return self.pk.partition(".")[0]
-
-    _prefix.short_description = "Prefix"
-    prefix = property(_prefix)
-
     def _has_expired(self) -> bool:
         if self.expiry_date is None:
             return False
@@ -110,8 +115,7 @@ def _has_expired(self) -> bool:
     has_expired = property(_has_expired)
 
     def is_valid(self, key: str) -> bool:
-        _, _, hashed_key = self.pk.partition(".")
-        return type(self).objects.key_generator.verify(key, hashed_key)
+        return type(self).objects.key_generator.verify(key, self.hashed_key)
 
     def clean(self):
         self._validate_revoked()
diff --git a/tests/legacy/__init__.py b/tests/legacy/__init__.py
diff --git a/tests/legacy/crypto.py b/tests/legacy/crypto.py
@@ -0,0 +1,13 @@
+from typing import Tuple
+from rest_framework_api_key.crypto import concatenate, KeyGenerator
+
+
+class LegacyKeyGenerator(KeyGenerator):
+    """Pre-1.4 key generator."""
+
+    def generate(self) -> Tuple[str, str, str]:
+        prefix = self.get_prefix()
+        secret_key = self.get_secret_key()
+        key = concatenate(prefix, secret_key)
+        hashed_key = concatenate(prefix, self.hash(key))
+        return key, hashed_key
diff --git a/tests/legacy/permissions.py b/tests/legacy/permissions.py
@@ -0,0 +1,6 @@
+from rest_framework_api_key.permissions import HasAPIKey
+from .crypto import LegacyKeyGenerator
+
+
+class HasAPIKeyWithLegacyKeyGenerator(HasAPIKey):
+    key_generator = LegacyKeyGenerator()
diff --git a/tests/project/heroes/migrations/0002_prefix_hashed_key.py b/tests/project/heroes/migrations/0002_prefix_hashed_key.py
@@ -0,0 +1,48 @@
+# Generated by Django 2.2.2 on 2019-06-29 10:38
+
+from django.db import migrations, models
+
+APP_NAME = "heroes"
+MODEL_NAME = "heroapikey"
+DEPENDENCIES = [(APP_NAME, "0001_initial")]
+
+
+def populate_prefix_hashed_key(apps, schema_editor):
+    model = apps.get_model(APP_NAME, MODEL_NAME)
+
+    for api_key in model.objects.all():
+        prefix, _, hashed_key = api_key.id.partition(".")
+        api_key.prefix = prefix
+        api_key.hashed_key = hashed_key
+        api_key.save()
+
+
+class Migration(migrations.Migration):
+
+    dependencies = DEPENDENCIES
+
+    operations = [
+        migrations.AddField(
+            model_name=MODEL_NAME,
+            name="hashed_key",
+            field=models.CharField(max_length=100, null=True),
+        ),
+        migrations.AddField(
+            model_name=MODEL_NAME,
+            name="prefix",
+            field=models.CharField(max_length=8, unique=True, null=True),
+        ),
+        migrations.RunPython(
+            populate_prefix_hashed_key, migrations.RunPython.noop
+        ),
+        migrations.AlterField(
+            model_name=MODEL_NAME,
+            name="hashed_key",
+            field=models.CharField(max_length=100, editable=False),
+        ),
+        migrations.AlterField(
+            model_name=MODEL_NAME,
+            name="prefix",
+            field=models.CharField(max_length=8, unique=True, editable=False),
+        ),
+    ]
diff --git a/tests/test_model.py b/tests/test_model.py
@@ -13,7 +13,8 @@
 
 def test_key_generation():
     api_key, generated_key = APIKey.objects.create_key(name="test")
-    prefix, _, hashed_key = api_key.id.partition(".")
+    prefix = api_key.prefix
+    hashed_key = api_key.hashed_key
 
     assert prefix and hashed_key
 
diff --git a/tests/test_permissions_legacy.py b/tests/test_permissions_legacy.py
@@ -0,0 +1,16 @@
+import pytest
+
+from .legacy.permissions import HasAPIKeyWithLegacyKeyGenerator
+
+pytestmark = pytest.mark.django_db
+
+
+@pytest.fixture(name="view")
+def fixture_view(view_with_permissions):
+    return view_with_permissions(HasAPIKeyWithLegacyKeyGenerator)
+
+
+def test_api_key_granted(create_request, view):
+    request = create_request()
+    response = view(request)
+    assert response.status_code == 200
