Merge pull request #48 from peterfarrell/issue_47

Add support to hash fields to optionally base hash value off another field value

Author: Kévin Etienne

README.md

@@ -140,7 +140,9 @@ class MyModelManager(managers.PGPManager):
 
 class MyModel(models.Model):
     digest_field = fields.TextDigestField()
+    digest_with_original_field = fields.TextDigestField(original='pgp_sym_field')
     hmac_field = fields.TextHMACField()
+    hmac_with_original_field = fields.TextHMACField(original='pgp_sym_field')
 
     integer_pgp_pub_field = fields.IntegerPGPPublicKeyField()
     pgp_pub_field = fields.TextPGPPublicKeyField()
@@ -161,6 +163,21 @@ Example:
 >>> MyModel.objects.create(value='Value to be encrypted...')
 ```
 
+Hash fields can have hashes auto updated if you use the `original` attribute. This
+attribute allows you to indicate another field name to base the hash value on.
+
+```python
+
+class User(models.Models):
+    first_name = fields.TextPGPSymmetricKeyField(max_length=20, verbose_name='First Name')
+    first_name_hashed = fields.TextHMACField(original='first_name') 
+```
+
+In the above example, if you specify the optional original attribute it would 
+take the unencrypted value from the first_name model field as the input value 
+to create the hash. If you did not specify an original attribute, the field 
+would work as it does now and would remain backwards compatible.
+
 #### Decryption using custom model managers
 
 If you use the bundled `PGPManager` with your custom model manager, all encrypted 

pgcrypto/mixins.py

@@ -20,6 +20,18 @@ class HashMixin:
 
     `HashMixin` uses 'pgcrypto' to encrypt data in a postgres database.
     """
+    def __init__(self, original=None, *args, **kwargs):
+        self.original = original
+
+        super(HashMixin, self).__init__(*args, **kwargs)
+
+    def pre_save(self, model_instance, add):
+        if self.original:
+            original_value = getattr(model_instance, self.original)
+            setattr(model_instance, self.attname, original_value)
+
+        return super(HashMixin, self).pre_save(model_instance, add)
+
     def get_placeholder(self, value=None, compiler=None, connection=None):
         """
         Tell postgres to encrypt this field with a hashing function.

tests/models.py

@@ -10,7 +10,9 @@ class EncryptedModelManager(managers.PGPManager):
 class EncryptedModel(models.Model):
     """Dummy model used for tests to check the fields."""
     digest_field = fields.TextDigestField(blank=True, null=True)
+    digest_with_original_field = fields.TextDigestField(blank=True, null=True, original='pgp_sym_field')
     hmac_field = fields.TextHMACField(blank=True, null=True)
+    hmac_with_original_field = fields.TextHMACField(blank=True, null=True, original='pgp_sym_field')
 
     email_pgp_pub_field = fields.EmailPGPPublicKeyField(blank=True, null=True)
     integer_pgp_pub_field = fields.IntegerPGPPublicKeyField(blank=True, null=True)

tests/test_fields.py

@@ -73,7 +73,9 @@ def test_fields(self):
         expected = (
             'id',
             'digest_field',
+            'digest_with_original_field',
             'hmac_field',
+            'hmac_with_original_field',
             'email_pgp_pub_field',
             'integer_pgp_pub_field',
             'pgp_pub_field',
@@ -199,6 +201,15 @@ def test_digest_lookup(self):
 
         self.assertCountEqual(queryset, [expected])
 
+    def test_digest_with_original_lookup(self):
+        """Assert we can filter a digest value."""
+        value = 'bonjour'
+        expected = EncryptedModelFactory.create(pgp_sym_field=value)
+        EncryptedModelFactory.create()
+
+        queryset = EncryptedModel.objects.filter(digest_with_original_field__hash_of=value)
+        self.assertCountEqual(queryset, [expected])
+
     def test_hmac_lookup(self):
         """Assert we can filter a digest value."""
         value = 'bonjour'
@@ -208,6 +219,15 @@ def test_hmac_lookup(self):
         queryset = EncryptedModel.objects.filter(hmac_field__hash_of=value)
         self.assertCountEqual(queryset, [expected])
 
+    def test_hmac_with_original_lookup(self):
+        """Assert we can filter a digest value."""
+        value = 'bonjour'
+        expected = EncryptedModelFactory.create(pgp_sym_field=value)
+        EncryptedModelFactory.create()
+
+        queryset = EncryptedModel.objects.filter(hmac_with_original_field__hash_of=value)
+        self.assertCountEqual(queryset, [expected])
+
     def test_default_lookup(self):
         """Assert default lookup can be called."""
         queryset = EncryptedModel.objects.filter(hmac_field__isnull=True)