Show More
| @@ -1,3 +1,21 b'' | |||||
|
|
1 | # Copyright (C) 2011-2023 RhodeCode GmbH | |||
|
|
2 | # | |||
|
|
3 | # This program is free software: you can redistribute it and/or modify | |||
|
|
4 | # it under the terms of the GNU Affero General Public License, version 3 | |||
|
|
5 | # (only), as published by the Free Software Foundation. | |||
|
|
6 | # | |||
|
|
7 | # This program is distributed in the hope that it will be useful, | |||
|
|
8 | # but WITHOUT ANY WARRANTY; without even the implied warranty of | |||
|
|
9 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |||
|
|
10 | # GNU General Public License for more details. | |||
|
|
11 | # | |||
|
|
12 | # You should have received a copy of the GNU Affero General Public License | |||
|
|
13 | # along with this program. If not, see <http://www.gnu.org/licenses/>. | |||
|
|
14 | # | |||
|
|
15 | # This program is dual-licensed. If you wish to learn more about the | |||
|
|
16 | # RhodeCode Enterprise Edition, including its added features, Support services, | |||
|
|
17 | # and proprietary license terms, please see https://rhodecode.com/licenses/ | |||
|
|
18 | ||||
| 1 | from rhodecode.lib.str_utils import safe_bytes |
|
19 | from rhodecode.lib.str_utils import safe_bytes | |
| 2 | from rhodecode.lib.encrypt import encrypt_data, validate_and_decrypt_data |
|
20 | from rhodecode.lib.encrypt import encrypt_data, validate_and_decrypt_data | |
| 3 | from rhodecode.lib.encrypt2 import Encryptor |
|
21 | from rhodecode.lib.encrypt2 import Encryptor | |
| @@ -9,6 +27,10 b' def get_default_algo():' | |||||
| 9 | import rhodecode |
|
27 | import rhodecode | |
| 10 | return rhodecode.CONFIG.get('rhodecode.encrypted_values.algorithm') or 'aes' |
|
28 | return rhodecode.CONFIG.get('rhodecode.encrypted_values.algorithm') or 'aes' | |
| 11 |
|
29 | |||
|
|
30 | def get_strict_mode(): | |||
|
|
31 | import rhodecode | |||
|
|
32 | return rhodecode.ConfigGet().get_bool('rhodecode.encrypted_values.strict') or False | |||
|
|
33 | ||||
| 12 |
|
34 | |||
| 13 | def encrypt_value(value: bytes, enc_key: bytes, algo: str = ''): |
|
35 | def encrypt_value(value: bytes, enc_key: bytes, algo: str = ''): | |
| 14 | if not algo: |
|
36 | if not algo: | |
| @@ -29,7 +51,12 b' def encrypt_value(value: bytes, enc_key:' | |||||
| 29 | return value |
|
51 | return value | |
| 30 |
|
52 | |||
| 31 |
|
53 | |||
| 32 |
def decrypt_value(value: bytes, enc_key: bytes, algo: str = '', strict_mode: bool = |
|
54 | def decrypt_value(value: bytes, enc_key: bytes, algo: str = '', strict_mode: bool | None = None): | |
|
|
55 | ||||
|
|
56 | if strict_mode is None: | |||
|
|
57 | # we use config value rather then explicit True/False | |||
|
|
58 | strict_mode = get_strict_mode() | |||
|
|
59 | ||||
| 33 | enc_key = safe_bytes(enc_key) |
|
60 | enc_key = safe_bytes(enc_key) | |
| 34 | value = safe_bytes(value) |
|
61 | value = safe_bytes(value) | |
| 35 |
|
62 | |||
| @@ -199,9 +199,7 b' class EncryptedTextValue(TypeDecorator):' | |||||
| 199 | if not value: |
|
199 | if not value: | |
| 200 | return value |
|
200 | return value | |
| 201 |
|
201 | |||
| 202 | enc_strict_mode = rhodecode.ConfigGet().get_bool('rhodecode.encrypted_values.strict', missing=True) |
|
202 | bytes_val = enc_utils.decrypt_value(value, enc_key=ENCRYPTION_KEY) | |
| 203 |
|
||||
| 204 | bytes_val = enc_utils.decrypt_value(value, enc_key=ENCRYPTION_KEY, strict_mode=enc_strict_mode) |
|
|||
| 205 |
|
203 | |||
| 206 | return safe_str(bytes_val) |
|
204 | return safe_str(bytes_val) | |
| 207 |
|
205 | |||
| @@ -897,14 +895,12 b' class User(Base, BaseModel):' | |||||
| 897 |
|
895 | |||
| 898 | def get_2fa_recovery_codes(self): |
|
896 | def get_2fa_recovery_codes(self): | |
| 899 | encrypted_recovery_codes = self.user_data.get('recovery_codes_2fa', []) |
|
897 | encrypted_recovery_codes = self.user_data.get('recovery_codes_2fa', []) | |
| 900 | strict_mode = ConfigGet().get_bool('rhodecode.encrypted_values.strict', missing=True) |
|
|||
| 901 |
|
898 | |||
| 902 | recovery_codes = list(map( |
|
899 | recovery_codes = list(map( | |
| 903 | lambda val: safe_str( |
|
900 | lambda val: safe_str( | |
| 904 | enc_utils.decrypt_value( |
|
901 | enc_utils.decrypt_value( | |
| 905 | val, |
|
902 | val, | |
| 906 |
enc_key=ENCRYPTION_KEY |
|
903 | enc_key=ENCRYPTION_KEY | |
| 907 | strict_mode=strict_mode |
|
|||
| 908 | )), |
|
904 | )), | |
| 909 | encrypted_recovery_codes)) |
|
905 | encrypted_recovery_codes)) | |
| 910 | return recovery_codes |
|
906 | return recovery_codes | |
| @@ -925,9 +921,8 b' class User(Base, BaseModel):' | |||||
| 925 | """ |
|
921 | """ | |
| 926 | secret_2fa = self.user_data.get('secret_2fa') |
|
922 | secret_2fa = self.user_data.get('secret_2fa') | |
| 927 | if secret_2fa: |
|
923 | if secret_2fa: | |
| 928 | strict_mode = ConfigGet().get_bool('rhodecode.encrypted_values.strict', missing=True) |
|
|||
| 929 | return safe_str( |
|
924 | return safe_str( | |
| 930 |
enc_utils.decrypt_value(secret_2fa, enc_key=ENCRYPTION_KEY |
|
925 | enc_utils.decrypt_value(secret_2fa, enc_key=ENCRYPTION_KEY)) | |
| 931 | return '' |
|
926 | return '' | |
| 932 |
|
927 | |||
| 933 | @secret_2fa.setter |
|
928 | @secret_2fa.setter | |
General Comments 0
You need to be logged in to leave comments.
Login now