1459 login problems intermittent#1489
Merged
Merged
Conversation
TOMTOOKIT_FIELD_ENCRYPTION_KEY is used as the master encryption key to encrypt/decrypt each User's encrypted_data_encryption_key, which is saved in the Profile model.
This is the user-specific, envelope-encrypted (by the master cipher), Data Encryption Field (DEK). It is created with the user's Profile and encrypted with the master cipher (created with the master TOMTOOLKIT_FIELD_ENCRYPTION_KEY). If that master key changes, then each user's Profile.encrypted_dek must be re-encrypted, but that user's encrypted-data itself doesn't have to change.
the (way better) envelope encryption scheme doesn't save anything to the session
(I gather that) the term of art in envelope encryption is to wrap(encrypt) and unwrap(decrypt) the secret encryption keys (with the TOMTOOLKIT_FIELD_ENCRYPTION_KEY-created cipher in our case). This commit removes that conceptual jargon in favor of what's literally going on: encrypting and decrypting.
Shorten the comment and add a note explaining that BinaryField is excluded by Django's model_to_dict(), which is why encrypted_dek intentionally does not appear on the user Profile card.
This warning isn't needed with the new ecryption scheme.
Add a check in TomCommonConfig.ready() that raises ImproperlyConfigured if the encryption key is missing. This prevents the TOM from starting in a half-configured state where logins would crash when the signal tries to generate a DEK. The error message includes step-by-step instructions for generating and configuring the key.
Naming Rationale: The new name is more descriptive because in the "envelope encryption" scheme, the TOMTOOLKIT_DEK_ENCRYPTION_KEY is the encryption key that encrypts and decrypts the user's DEK (data encryption key). So it's the user-DEK encryptiion key for TOM Toolkit.
Fingel
approved these changes
Apr 1, 2026
There were some straggling references to the "field" encryption key that are now changed to "DEK" encryption key (including the name of the key rotation management command).
jchate6
requested changes
Apr 13, 2026
jchate6
left a comment
jchate6
left a comment
Contributor
There was a problem hiding this comment.
Let's talk about this before we publish it.
Contributor
Preferred changes:
|
Contributor
|
We should add some docs about the new password partial @Fingel just merged along with the changes here. |
There is now one single DEK for all the encrypted fields and it is derived from the Django `settings.SECRET_KEY`. All changes in this commit simplify the encryption scheme implementation accordingly.
jchate6
requested changes
May 21, 2026
Contributor
There was a problem hiding this comment.
I'd like to more reliably understand how to implement this.
See TOMToolkit/tom_demoapp#28
…in-problems-intermittent
This is all for compatibiligy with `ModelView` an `ModelForm` classes. It gets complicated with a bunch of hide-the-plaintext logic.
You can't just clear out the value and submit because a cleared-out FormField is interpreted as "leave the value un-altered". So, the checkbox does this instead.
This add flags that indicate the state of the Form field and the clear-the-field checkbox, which can't be passed through normally because of how we interpret empty fields (i.e. empty means leave unaltered).
jchate6
previously requested changes
Jun 8, 2026
github-project-automation
Bot
moved this from Needs Review
to Merged (to dev)
in TOM Toolkit
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
We now derive the encryption cipher from the
settings.SECRET_KEY. TheEncryptableModelMixinclass is no longer necessary because the encryption is not user-specific. Updated docs explain it all.closes #1459