The previous nomcom.fields.EncryptedTextField relied on initial cleartext content having the same type as ciphertext. Under Python3, that's not the case (ciphertext has type bytes). Rewrote the nomcom app and tests to handle capture of comments and encryption to the Feedback.comments ciphertext differently.

 - Legacy-Id: 16350

Author: levkowetz

ietf/nomcom/factories.py

@@ -1,3 +1,4 @@
+# Copyright The IETF Trust 2015-2019, All Rights Reserved
 import factory
 import random
 
@@ -164,9 +165,13 @@ class Meta:
 
     nomcom = factory.SubFactory(NomComFactory)
     subject = factory.Faker('sentence')
-    comments = factory.Faker('paragraph')
     type_id = 'comment'
 
+    @factory.post_generation
+    def comments(obj, create, extracted, **kwargs):
+        comment_text = factory.Faker('paragraph').generate()
+        obj.comments = obj.nomcom.encrypt(comment_text)
+
 class TopicFactory(factory.DjangoModelFactory):
     class Meta:
         model = Topic

ietf/nomcom/forms.py

@@ -293,7 +293,7 @@ def save(self, commit=True):
 
         # Complete nomination data
         feedback = Feedback.objects.create(nomcom=self.nomcom,
-                                           comments=qualifications,
+                                           comments=self.nomcom.encrypt(qualifications),
                                            type=FeedbackTypeName.objects.get(slug='nomina'),
                                            user=self.user)
         feedback.positions.add(position)
@@ -408,7 +408,7 @@ def save(self, commit=True):
 
         # Complete nomination data
         feedback = Feedback.objects.create(nomcom=self.nomcom,
-                                           comments=qualifications,
+                                           comments=self.nomcom.encrypt(qualifications),
                                            type=FeedbackTypeName.objects.get(slug='nomina'),
                                            user=self.user)
         feedback.positions.add(position)
@@ -451,7 +451,7 @@ class Meta:
 
 class FeedbackForm(forms.ModelForm):
     nominator_email = forms.CharField(label='Commenter email',required=False)
-    comments = forms.CharField(label='Comments', widget=forms.Textarea(), strip=False)
+    comment_text = forms.CharField(label='Comments', widget=forms.Textarea(), strip=False)
     confirmation = forms.BooleanField(label='Email comments back to me as confirmation (if selected, your comments will be emailed to you in cleartext when you press Save).',
                                       required=False)
 
@@ -484,13 +484,13 @@ def clean(self):
             if not NomineePosition.objects.accepted().filter(nominee=self.nominee,
                                                         position=self.position):
                 msg = "There isn't a accepted nomination for %s on the %s position" % (self.nominee, self.position)
-                self._errors["comments"] = self.error_class([msg])
+                self._errors["comment_text"] = self.error_class([msg])
         return self.cleaned_data
 
     def save(self, commit=True):
         feedback = super(FeedbackForm, self).save(commit=False)
         confirmation = self.cleaned_data['confirmation']
-        comments = self.cleaned_data['comments']
+        comment_text = self.cleaned_data['comment_text']
         nomcom_template_path = '/nomcom/%s/' % self.nomcom.group.acronym
 
         author = None
@@ -508,6 +508,7 @@ def save(self, commit=True):
         feedback.nomcom = self.nomcom
         feedback.user = self.user
         feedback.type = FeedbackTypeName.objects.get(slug='comment')
+        feedback.comments = self.nomcom.encrypt(comment_text)
         feedback.save()
         if self.nominee and self.position:
             feedback.positions.add(self.position)
@@ -526,7 +527,7 @@ def save(self, commit=True):
                 elif self.topic:
                     about = self.topic.subject
                 context = {'about': about,
-                           'comments': comments,
+                           'comments': comment_text,
                            'year': self.nomcom.year(),
                        }
                 path = nomcom_template_path + FEEDBACK_RECEIPT_TEMPLATE
@@ -537,7 +538,6 @@ class Meta:
         model = Feedback
         fields = (
                   'nominator_email',
-                  'comments',
                   'confirmation',
                  )
 
@@ -554,8 +554,9 @@ def save(self, commit=True):
 
 class QuestionnaireForm(forms.ModelForm):
 
-    comments = forms.CharField(label='Questionnaire response from this candidate',
+    comment_text = forms.CharField(label='Questionnaire response from this candidate',
                                widget=forms.Textarea(), strip=False)
+
     def __init__(self, *args, **kwargs):
         self.nomcom = kwargs.pop('nomcom', None)
         self.user = kwargs.pop('user', None)
@@ -565,6 +566,7 @@ def __init__(self, *args, **kwargs):
 
     def save(self, commit=True):
         feedback = super(QuestionnaireForm, self).save(commit=False)
+        comment_text = self.cleaned_data['comment_text']
         (position, nominee) = self.cleaned_data['nominee']
 
         author = get_user_email(self.user)
@@ -575,14 +577,15 @@ def save(self, commit=True):
         feedback.nomcom = self.nomcom
         feedback.user = self.user
         feedback.type = FeedbackTypeName.objects.get(slug='questio')
+        feedback.comments = self.nomcom.encrypt(comment_text)
         feedback.save()
         self.save_m2m()
         feedback.nominees.add(nominee)
         feedback.positions.add(position)
 
     class Meta:
         model = Feedback
-        fields = ( 'comments', )
+        fields = []
 
 class NomComTemplateForm(DBTemplateForm):
     content = forms.CharField(label="Text", widget=forms.Textarea(attrs={'cols': '120', 'rows':'40', }), strip=False)

ietf/nomcom/models.py

@@ -11,20 +11,20 @@
 
 import debug                            # pyflakes:ignore
 
-from ietf.nomcom.fields import EncryptedTextField
 from ietf.person.models import Person,Email
 from ietf.group.models import Group
 from ietf.name.models import NomineePositionStateName, FeedbackTypeName, TopicAudienceName
 from ietf.dbtemplate.models import DBTemplate
 
-from ietf.nomcom.managers import NomineePositionManager, NomineeManager, \
-                                 PositionManager, FeedbackManager
+from ietf.nomcom.managers import (NomineePositionManager, NomineeManager, 
+                                  PositionManager, FeedbackManager, )
 from ietf.nomcom.utils import (initialize_templates_for_group,
                                initialize_questionnaire_for_position,
                                initialize_requirements_for_position,
                                initialize_description_for_topic,
                                delete_nomcom_templates)
 from ietf.utils.models import ForeignKey
+from ietf.utils.pipe import pipe
 from ietf.utils.storage import NoLocationMigrationFileSystemStorage
 
 
@@ -79,6 +79,21 @@ def year(self):
     def pending_email_count(self):
         return self.feedback_set.filter(type__isnull=True).count()
 
+    def encrypt(self, cleartext:str) -> bytes:
+        try:
+            cert_file = self.public_key.path
+        except ValueError as e:
+            raise ValueError("Trying to read the NomCom public key: " + str(e))
+
+        command = "%s smime -encrypt -in /dev/stdin %s" % (settings.OPENSSL_COMMAND, cert_file)
+        code, out, error = pipe(command, cleartext.encode())
+        if code != 0:
+            log("openssl error: %s:\n  Error %s: %s" %(command, code, error))
+        if not error:
+            return out
+        else:
+            raise EncryptedException(error)
+
 
 def delete_nomcom(sender, **kwargs):
     nomcom = kwargs.get('instance', None)
@@ -250,7 +265,7 @@ class Feedback(models.Model):
     nominees = models.ManyToManyField('Nominee', blank=True)
     topics = models.ManyToManyField('Topic', blank=True)
     subject = models.TextField(verbose_name='Subject', blank=True)
-    comments = EncryptedTextField(verbose_name='Comments')
+    comments = models.BinaryField(verbose_name='Comments')
     type = ForeignKey(FeedbackTypeName, blank=True, null=True)
     user = ForeignKey(User, editable=False, blank=True, null=True, on_delete=models.SET_NULL)
     time = models.DateTimeField(auto_now_add=True)

ietf/nomcom/resources.py

@@ -129,7 +129,7 @@ class Meta:
             "id": ALL,
             "author": ALL,
             "subject": ALL,
-            "comments": ALL,
+            # "comments": ALL,
             "time": ALL,
             "nomcom": ALL_WITH_RELATIONS,
             "type": ALL_WITH_RELATIONS,