Keepass Workflow
Sensitive information is never directly stored in the Frontdown database. Instead, the system only keeps pointers to paths, while the actual data remains encrypted in the Keepass database.
Creation of Keepass Database
At the creation of a new User, a Keepass Database is created and stored in filesystem. This database is encrypted with a randomly generated password. Next an AES key is generated from the random password and the user’s password. This key is then stored in the user’s database.
sequenceDiagram
participant Client
participant API as REST API
participant Keepass as Keepass System
participant DB as Database
Client->>API: Create User (POST /users/)
API->>Keepass: Create Keepass Database
Keepass-->>API: Return Keepass Database
API->>DB: Store Keepass Database
DB-->>API: Confirm Database Stored
API-->>Client: Return response (201 Created)Code Implementation
When a user logs in, the system retrieves the user’s Keepass key from the database and encrypts it with the user’s password. This encrypted key is then returned to the user.
core/managers/user.py
from django.contrib.auth.models import UserManager
from utils.crypto import encrypt_key, generate_random_password
from core.utils.keepass import KeePass
class UserKeepassManager(UserManager):
def create_user(self, username, email=None, password=None, **extra_fields):
# Create a random password for the Keepass database
random_password = generate_random_password()
# Encrypt the user password with the random password
encrypted_key = encrypt_key(password, random_password)
user = self.model(
username=username,
email=email,
keepass_secured_key=encrypted_key,
**extra_fields)
user.set_password(password)
user.save(using=self._db)
keepass = KeePass(user)
if not keepass.exists():
keepass.create(random_password)
# Create a default provider for the user
self.create_user_default_provider(user)
return userLast updated on