Improve Longevity of Email Token Solution

.github/workflows/test.yml

@@ -77,6 +77,7 @@ jobs:
           EMAIL_HOST_PASSWORD_SES: ${{ secrets.EMAIL_HOST_PASSWORD_SES }}
           EMAIL_HOST_SES: ${{ secrets.EMAIL_HOST_SES }}
           EMAIL_HOST_USER_SES: ${{ secrets.EMAIL_HOST_USER_SES }}
+          FIELD_ENCRYPTION_KEY: ${{ secrets.FIELD_ENCRYPTION_KEY }}
           OD_API_BASE_URL: ${{ secrets.OD_API_BASE_URL }}
           OD_APPLICATION_ID: ${{ secrets.OD_APPLICATION_ID }}
           OD_APPLICATION_KEY_1: ${{ secrets.OD_APPLICATION_KEY_1 }}

aa_project/settings/base.py

@@ -47,6 +47,7 @@
     'django_otp.plugins.otp_totp',
     'two_factor',
     'axes',
+    'encrypted_model_fields',
 ]
 
 # Project Apps
@@ -274,5 +275,6 @@
 AWS_BASE_BUCKET_ADDRESS = os.environ['AWS_BASE_BUCKET_ADDRESS']
 
 # Email Token Settings
+FIELD_ENCRYPTION_KEY = os.environ['FIELD_ENCRYPTION_KEY']
 EMAIL_CHALLENGE_EXPIRATION_IN_SECS = 60 * 5
 EMAIL_TOKEN_EXPIRATION_IN_SECS = 60 * 60 * 24 * 28

aa_project/settings/dev.py

@@ -109,10 +109,6 @@ def skip_debug_requests(record):
             'level': 'INFO',
             'propagate': False,
         },
-        'django.db.backends': {
-            'handlers': ['console'],
-            'level': 'DEBUG',
-        },
         'two_factor': {
             'handlers': ['console'],
             'level': 'INFO',

apps/users/migrations/0004_emaildevice.py → apps/users/migrations/0004_generate_email_token_model.py

@@ -1,10 +1,11 @@
-# Generated by Django 3.2.5 on 2021-07-27 12:32
+# Generated by Django 3.2.12 on 2022-02-19 20:36
 
 import apps.users.utils
 from django.conf import settings
 from django.db import migrations, models
 import django.db.models.deletion
 import django_otp.util
+import encrypted_model_fields.fields
 
 
 class Migration(migrations.Migration):
@@ -15,18 +16,23 @@ class Migration(migrations.Migration):
     ]
 
     operations = [
+        migrations.AlterField(
+            model_name='profile',
+            name='user',
+            field=models.OneToOneField(on_delete=django.db.models.deletion.CASCADE, primary_key=True, related_name='profile', serialize=False, to=settings.AUTH_USER_MODEL),
+        ),
         migrations.CreateModel(
-            name='EmailDevice',
+            name='EmailToken',
             fields=[
                 ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
                 ('challenge_email_address', models.EmailField(max_length=254)),
-                ('challenge_token_generated', models.CharField(default=django_otp.util.random_hex, help_text='Hex-encoded secret token', max_length=40, validators=[apps.users.utils.token_validator])),
+                ('challenge_token', encrypted_model_fields.fields.EncryptedCharField(default=django_otp.util.random_hex, validators=[apps.users.utils.token_validator])),
                 ('challenge_generation_timestamp', models.DateTimeField(auto_now_add=True, null=True)),
-                ('challenge_expiration_timestamp', models.DateTimeField(default=apps.users.utils.get_challenge_expiration_timestamp, null=True)),
-                ('challenge_token_returned', models.CharField(help_text='Hex-encoded secret token', max_length=40)),
+                ('challenge_expiration_timestamp', models.DateTimeField(blank=True, default=apps.users.utils.get_challenge_expiration_timestamp, null=True)),
                 ('challenge_completed', models.BooleanField(default=False)),
-                ('challenge_completed_timestamp', models.DateTimeField(editable=False, null=True)),
-                ('user', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='user_email_devices', to=settings.AUTH_USER_MODEL)),
+                ('challenge_completed_timestamp', models.DateTimeField(blank=True, null=True)),
+                ('token_expiration_timestamp', models.DateTimeField(blank=True, null=True)),
+                ('user', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='user_email_tokens', to=settings.AUTH_USER_MODEL)),
             ],
         ),
     ]