apikeys: add UUID field to avoid displaying key

apikeys/admin.py

@@ -1,4 +1,4 @@
-# SPDX-FileCopyrightText: 2022 Tim Hawes <[email protected]>
+# SPDX-FileCopyrightText: 2022-2024 Tim Hawes <[email protected]>
 #
 # SPDX-License-Identifier: MIT
 
@@ -9,5 +9,5 @@
 
 @admin.register(APIKey)
 class APIKeyAdmin(admin.ModelAdmin):
-    list_display = ("key", "description", "enabled", "expires")
-    list_display_links = ("key",)
+    list_display = ("uuid", "description", "enabled", "expires")
+    list_display_links = ("uuid",)

apikeys/migrations/0003_apikey_uuid.py

@@ -0,0 +1,18 @@
+# Generated by Django 4.2.13 on 2024-06-07 13:23
+
+from django.db import migrations, models
+import uuid
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("apikeys", "0002_alter_apikey_description"),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name="apikey",
+            name="uuid",
+            field=models.UUIDField(default=uuid.uuid4, editable=False, null=True),
+        ),
+    ]

apikeys/migrations/0004_auto_20240607_1423.py

@@ -0,0 +1,21 @@
+# Generated by Django 4.2.13 on 2024-06-07 13:23
+
+from django.db import migrations
+import uuid
+
+
+def gen_uuid(apps, schema_editor):
+    ApiKey = apps.get_model("apikeys", "ApiKey")
+    for row in ApiKey.objects.all():
+        row.uuid = uuid.uuid4()
+        row.save(update_fields=["uuid"])
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("apikeys", "0003_apikey_uuid"),
+    ]
+
+    operations = [
+        migrations.RunPython(gen_uuid, reverse_code=migrations.RunPython.noop),
+    ]

apikeys/migrations/0005_auto_20240607_1423.py

@@ -0,0 +1,18 @@
+# Generated by Django 4.2.13 on 2024-06-07 13:23
+
+from django.db import migrations, models
+import uuid
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("apikeys", "0004_auto_20240607_1423"),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name="apikey",
+            name="uuid",
+            field=models.UUIDField(default=uuid.uuid4, editable=False, unique=True),
+        ),
+    ]

apikeys/models.py

@@ -1,8 +1,9 @@
-# SPDX-FileCopyrightText: 2022 Tim Hawes <[email protected]>
+# SPDX-FileCopyrightText: 2022-2024 Tim Hawes <[email protected]>
 #
 # SPDX-License-Identifier: MIT
 
 import random
+import uuid
 
 from django.contrib.auth.models import AnonymousUser, Permission
 from django.db import models
@@ -17,6 +18,7 @@ def generate_key():
 
 
 class APIKey(models.Model):
+    uuid = models.UUIDField(unique=True, default=uuid.uuid4, editable=False)
     key = models.CharField(
         max_length=128,
         unique=True,
@@ -33,20 +35,24 @@ class APIKey(models.Model):
     class Meta:
         verbose_name = "API key"
 
+    def __str__(self):
+        return str(self.uuid)
+
 
 class APIUser(AnonymousUser):
     _apikey = None
     _permissions = set()
 
     def __str__(self):
-        return f"APIUser #{self._apikey.id}"
+        return f"APIUser #{self._apikey.uuid}"
 
     def __init__(self, apikey):
         self._apikey = apikey
         perms = apikey.permissions.values_list(
             "content_type__app_label", "codename"
         ).order_by()
         setattr(self, "_permissions", {f"{ct}.{name}" for ct, name in perms})
+        print(self)
 
     def get_user_permissions(self):
         return self._permissions

hackdb/management/commands/export_hacklab_loggable.py

@@ -1,4 +1,4 @@
-# SPDX-FileCopyrightText: 2022 Tim Hawes <[email protected]>
+# SPDX-FileCopyrightText: 2022-2024 Tim Hawes <[email protected]>
 #
 # SPDX-License-Identifier: MIT
 
@@ -126,7 +126,7 @@ def handle(self, *args, **options):
         for group in Group.objects.order_by("name"):
             output["groups"].append(group_to_dict(group))
 
-        for apikey in APIKey.objects.order_by("key"):
+        for apikey in APIKey.objects.order_by("uuid"):
             output["apikeys"].append(apikey_to_dict(apikey))
 
         json.dump(output, sys.stdout, indent=2, sort_keys=True)

hackdb/management/commands/privilege_audit.py

@@ -1,4 +1,4 @@
-# SPDX-FileCopyrightText: 2022 Tim Hawes <[email protected]>
+# SPDX-FileCopyrightText: 2022-2024 Tim Hawes <[email protected]>
 #
 # SPDX-License-Identifier: MIT
 
@@ -42,7 +42,7 @@ def handle(self, *args, **options):
             for permission in apikey.permissions.all():
                 output.append(str(permission))
             if output:
-                print(f"apikey {apikey.key} {apikey.description}")
+                print(f"apikey {apikey} {apikey.description}")
                 for line in output:
                     print(f"- {line}")
                 print()