##// END OF EJS Templates
d-cache: don't init in includeme so we don't trigger s3 connections on startup of rcstack....
d-cache: don't init in includeme so we don't trigger s3 connections on startup of rcstack. The d-cache will be initied only when needed during first file download

File last commit:

r5376:63f7e8c6 default
r5487:c594e70d default
Show More
enc_utils.py
76 lines | 2.6 KiB | text/x-python | PythonLexer
fix(encryption): rely on default config based strict mode if not explicitly given into function params
r5376 # Copyright (C) 2011-2023 RhodeCode GmbH
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License, version 3
# (only), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
# This program is dual-licensed. If you wish to learn more about the
# RhodeCode Enterprise Edition, including its added features, Support services,
# and proprietary license terms, please see https://rhodecode.com/licenses/
encryption: unified and rewrote encryption modules to be consistent no matter what algo is used....
r4995 from rhodecode.lib.str_utils import safe_bytes
from rhodecode.lib.encrypt import encrypt_data, validate_and_decrypt_data
from rhodecode.lib.encrypt2 import Encryptor
ALLOWED_ALGOS = ['aes', 'fernet']
def get_default_algo():
import rhodecode
return rhodecode.CONFIG.get('rhodecode.encrypted_values.algorithm') or 'aes'
fix(encryption): rely on default config based strict mode if not explicitly given into function params
r5376 def get_strict_mode():
import rhodecode
return rhodecode.ConfigGet().get_bool('rhodecode.encrypted_values.strict') or False
encryption: unified and rewrote encryption modules to be consistent no matter what algo is used....
r4995
def encrypt_value(value: bytes, enc_key: bytes, algo: str = ''):
if not algo:
# not explicit algo, just use what's set by config
algo = get_default_algo()
libs: removed utf8 markers
r5054
encryption: unified and rewrote encryption modules to be consistent no matter what algo is used....
r4995 if algo not in ALLOWED_ALGOS:
ValueError(f'Bad encryption algorithm, should be {ALLOWED_ALGOS}, got: {algo}')
enc_key = safe_bytes(enc_key)
value = safe_bytes(value)
if algo == 'aes':
return encrypt_data(value, enc_key=enc_key)
if algo == 'fernet':
return Encryptor(enc_key).encrypt(value)
return value
fix(encryption): rely on default config based strict mode if not explicitly given into function params
r5376 def decrypt_value(value: bytes, enc_key: bytes, algo: str = '', strict_mode: bool | None = None):
if strict_mode is None:
# we use config value rather then explicit True/False
strict_mode = get_strict_mode()
fix(encryptor): use a failsafe mechanism of detecting old algo for encryption to NOT crash the app when switching to fernet
r5363 enc_key = safe_bytes(enc_key)
value = safe_bytes(value)
encryption: unified and rewrote encryption modules to be consistent no matter what algo is used....
r4995
if not algo:
# not explicit algo, just use what's set by config
fix(encryptor): use a failsafe mechanism of detecting old algo for encryption to NOT crash the app when switching to fernet
r5363 algo = Encryptor.detect_enc_algo(value) or get_default_algo()
encryption: unified and rewrote encryption modules to be consistent no matter what algo is used....
r4995 if algo not in ALLOWED_ALGOS:
ValueError(f'Bad encryption algorithm, should be {ALLOWED_ALGOS}, got: {algo}')
safe = not strict_mode
if algo == 'aes':
return validate_and_decrypt_data(value, enc_key, safe=safe)
if algo == 'fernet':
return Encryptor(enc_key).decrypt(value, safe=safe)
return value