rhodecode-enterprise-ce Files · rhodecode/lib/enc_utils.py

fix(users-creation): fixed reported error for emails as dict not label

super-admin - - Load All Authors

File last commit:

r5376:63f7e8c6 default


                r5451:2003323d

default

Download file

             enc_utils.py
        
                    76 lines
            
             | 2.6 KiB
            
                | text/x-python
            
             |
                PythonLexer
            
             / rhodecode / lib / enc_utils.py
          
                    History
                
                 |
                  Source
                 | Raw
                 |Copy content
                 |Copy permalink

        super-admin
    
fix(encryption): rely on default config based strict mode if not explicitly given into function params

              r5376
            
      # Copyright (C) 2011-2023 RhodeCode GmbH

      #

      # This program is free software: you can redistribute it and/or modify

      # it under the terms of the GNU Affero General Public License, version 3

      # (only), as published by the Free Software Foundation.

      #

      # This program is distributed in the hope that it will be useful,

      # but WITHOUT ANY WARRANTY; without even the implied warranty of

      # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

      # GNU General Public License for more details.

      #

      # You should have received a copy of the GNU Affero General Public License

      # along with this program.  If not, see <http://www.gnu.org/licenses/>.

      #

      # This program is dual-licensed. If you wish to learn more about the

      # RhodeCode Enterprise Edition, including its added features, Support services,

      # and proprietary license terms, please see https://rhodecode.com/licenses/

        super-admin
    
encryption: unified and rewrote encryption modules to be consistent no matter what algo is used....

              r4995
            
      from rhodecode.lib.str_utils import safe_bytes

      from rhodecode.lib.encrypt import encrypt_data, validate_and_decrypt_data

      from rhodecode.lib.encrypt2 import Encryptor

      ALLOWED_ALGOS = ['aes', 'fernet']

      def get_default_algo():

          import rhodecode

          return rhodecode.CONFIG.get('rhodecode.encrypted_values.algorithm') or 'aes'

        super-admin
    
fix(encryption): rely on default config based strict mode if not explicitly given into function params

              r5376
            
      def get_strict_mode():

          import rhodecode

          return rhodecode.ConfigGet().get_bool('rhodecode.encrypted_values.strict') or False

        super-admin
    
encryption: unified and rewrote encryption modules to be consistent no matter what algo is used....

              r4995
            
      def encrypt_value(value: bytes, enc_key: bytes, algo: str = ''):

          if not algo:

              # not explicit algo, just use what's set by config

              algo = get_default_algo()

        super-admin
    
libs: removed utf8 markers

              r5054
            
        super-admin
    
encryption: unified and rewrote encryption modules to be consistent no matter what algo is used....

              r4995
            
          if algo not in ALLOWED_ALGOS:

              ValueError(f'Bad encryption algorithm, should be {ALLOWED_ALGOS}, got: {algo}')

          enc_key = safe_bytes(enc_key)

          value = safe_bytes(value)

          if algo == 'aes':

              return encrypt_data(value, enc_key=enc_key)

          if algo == 'fernet':

              return Encryptor(enc_key).encrypt(value)

          return value

        super-admin
    
fix(encryption): rely on default config based strict mode if not explicitly given into function params

              r5376
            
      def decrypt_value(value: bytes, enc_key: bytes, algo: str = '', strict_mode: bool | None = None):

          if strict_mode is None:

              # we use config value rather then explicit True/False

              strict_mode = get_strict_mode()

        super-admin
    
fix(encryptor): use a failsafe mechanism of detecting old algo for encryption to NOT crash the app when switching to fernet

              r5363
            
          enc_key = safe_bytes(enc_key)

          value = safe_bytes(value)

        super-admin
    
encryption: unified and rewrote encryption modules to be consistent no matter what algo is used....

              r4995
            
          if not algo:

              # not explicit algo, just use what's set by config

        super-admin
    
fix(encryptor): use a failsafe mechanism of detecting old algo for encryption to NOT crash the app when switching to fernet

              r5363
            
              algo = Encryptor.detect_enc_algo(value) or get_default_algo()

        super-admin
    
encryption: unified and rewrote encryption modules to be consistent no matter what algo is used....

              r4995
            
          if algo not in ALLOWED_ALGOS:

              ValueError(f'Bad encryption algorithm, should be {ALLOWED_ALGOS}, got: {algo}')

          safe = not strict_mode

          if algo == 'aes':

              return validate_and_decrypt_data(value, enc_key, safe=safe)

          if algo == 'fernet':

              return Encryptor(enc_key).decrypt(value, safe=safe)

          return value

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

super-admin fix(encryption): rely on default config based strict mode if not explicitly given into function params	r5376	# Copyright (C) 2011-2023 RhodeCode GmbH
		#
		# This program is free software: you can redistribute it and/or modify
		# it under the terms of the GNU Affero General Public License, version 3
		# (only), as published by the Free Software Foundation.
		#
		# This program is distributed in the hope that it will be useful,
		# but WITHOUT ANY WARRANTY; without even the implied warranty of
		# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
		# GNU General Public License for more details.
		#
		# You should have received a copy of the GNU Affero General Public License
		# along with this program. If not, see <http://www.gnu.org/licenses/>.
		#
		# This program is dual-licensed. If you wish to learn more about the
		# RhodeCode Enterprise Edition, including its added features, Support services,
		# and proprietary license terms, please see https://rhodecode.com/licenses/

super-admin encryption: unified and rewrote encryption modules to be consistent no matter what algo is used....	r4995	from rhodecode.lib.str_utils import safe_bytes
		from rhodecode.lib.encrypt import encrypt_data, validate_and_decrypt_data
		from rhodecode.lib.encrypt2 import Encryptor

		ALLOWED_ALGOS = ['aes', 'fernet']


		def get_default_algo():
		import rhodecode
		return rhodecode.CONFIG.get('rhodecode.encrypted_values.algorithm') or 'aes'

super-admin fix(encryption): rely on default config based strict mode if not explicitly given into function params	r5376	def get_strict_mode():
		import rhodecode
		return rhodecode.ConfigGet().get_bool('rhodecode.encrypted_values.strict') or False

super-admin encryption: unified and rewrote encryption modules to be consistent no matter what algo is used....	r4995
		def encrypt_value(value: bytes, enc_key: bytes, algo: str = ''):
		if not algo:
		# not explicit algo, just use what's set by config
		algo = get_default_algo()
super-admin libs: removed utf8 markers	r5054
super-admin encryption: unified and rewrote encryption modules to be consistent no matter what algo is used....	r4995	if algo not in ALLOWED_ALGOS:
		ValueError(f'Bad encryption algorithm, should be {ALLOWED_ALGOS}, got: {algo}')

		enc_key = safe_bytes(enc_key)
		value = safe_bytes(value)

		if algo == 'aes':
		return encrypt_data(value, enc_key=enc_key)
		if algo == 'fernet':
		return Encryptor(enc_key).encrypt(value)

		return value


super-admin fix(encryption): rely on default config based strict mode if not explicitly given into function params	r5376	def decrypt_value(value: bytes, enc_key: bytes, algo: str = '', strict_mode: bool \| None = None):

		if strict_mode is None:
		# we use config value rather then explicit True/False
		strict_mode = get_strict_mode()

super-admin fix(encryptor): use a failsafe mechanism of detecting old algo for encryption to NOT crash the app when switching to fernet	r5363	enc_key = safe_bytes(enc_key)
		value = safe_bytes(value)
super-admin encryption: unified and rewrote encryption modules to be consistent no matter what algo is used....	r4995
		if not algo:
		# not explicit algo, just use what's set by config
super-admin fix(encryptor): use a failsafe mechanism of detecting old algo for encryption to NOT crash the app when switching to fernet	r5363	algo = Encryptor.detect_enc_algo(value) or get_default_algo()
super-admin encryption: unified and rewrote encryption modules to be consistent no matter what algo is used....	r4995	if algo not in ALLOWED_ALGOS:
		ValueError(f'Bad encryption algorithm, should be {ALLOWED_ALGOS}, got: {algo}')

		safe = not strict_mode

		if algo == 'aes':
		return validate_and_decrypt_data(value, enc_key, safe=safe)
		if algo == 'fernet':
		return Encryptor(enc_key).decrypt(value, safe=safe)

		return value