##// END OF EJS Templates
rhodecode-enterprise-ce
RSS
fix(encryption): rely on default config based strict mode if not explicitly given into function params
super-admin -
r5376:63f7e8c6 default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -1,3 +1,21 b''
1 # Copyright (C) 2011-2023 RhodeCode GmbH
2 #
3 # This program is free software: you can redistribute it and/or modify
4 # it under the terms of the GNU Affero General Public License, version 3
5 # (only), as published by the Free Software Foundation.
6 #
7 # This program is distributed in the hope that it will be useful,
8 # but WITHOUT ANY WARRANTY; without even the implied warranty of
9 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 # GNU General Public License for more details.
11 #
12 # You should have received a copy of the GNU Affero General Public License
13 # along with this program. If not, see <http://www.gnu.org/licenses/>.
14 #
15 # This program is dual-licensed. If you wish to learn more about the
16 # RhodeCode Enterprise Edition, including its added features, Support services,
17 # and proprietary license terms, please see https://rhodecode.com/licenses/
18
1 19 from rhodecode.lib.str_utils import safe_bytes
2 20 from rhodecode.lib.encrypt import encrypt_data, validate_and_decrypt_data
3 21 from rhodecode.lib.encrypt2 import Encryptor
@@ -9,6 +27,10 b' def get_default_algo():'
9 27 import rhodecode
10 28 return rhodecode.CONFIG.get('rhodecode.encrypted_values.algorithm') or 'aes'
11 29
30 def get_strict_mode():
31 import rhodecode
32 return rhodecode.ConfigGet().get_bool('rhodecode.encrypted_values.strict') or False
33
12 34
13 35 def encrypt_value(value: bytes, enc_key: bytes, algo: str = ''):
14 36 if not algo:
@@ -29,7 +51,12 b' def encrypt_value(value: bytes, enc_key:'
29 51 return value
30 52
31 53
32 def decrypt_value(value: bytes, enc_key: bytes, algo: str = '', strict_mode: bool = False):
54 def decrypt_value(value: bytes, enc_key: bytes, algo: str = '', strict_mode: bool | None = None):
55
56 if strict_mode is None:
57 # we use config value rather then explicit True/False
58 strict_mode = get_strict_mode()
59
33 60 enc_key = safe_bytes(enc_key)
34 61 value = safe_bytes(value)
35 62
Show file before | Show file after | Hide comments
@@ -199,9 +199,7 b' class EncryptedTextValue(TypeDecorator):'
199 199 if not value:
200 200 return value
201 201
202 enc_strict_mode = rhodecode.ConfigGet().get_bool('rhodecode.encrypted_values.strict', missing=True)
203
204 bytes_val = enc_utils.decrypt_value(value, enc_key=ENCRYPTION_KEY, strict_mode=enc_strict_mode)
202 bytes_val = enc_utils.decrypt_value(value, enc_key=ENCRYPTION_KEY)
205 203
206 204 return safe_str(bytes_val)
207 205
@@ -897,14 +895,12 b' class User(Base, BaseModel):'
897 895
898 896 def get_2fa_recovery_codes(self):
899 897 encrypted_recovery_codes = self.user_data.get('recovery_codes_2fa', [])
900 strict_mode = ConfigGet().get_bool('rhodecode.encrypted_values.strict', missing=True)
901 898
902 899 recovery_codes = list(map(
903 900 lambda val: safe_str(
904 901 enc_utils.decrypt_value(
905 902 val,
906 enc_key=ENCRYPTION_KEY,
907 strict_mode=strict_mode
903 enc_key=ENCRYPTION_KEY
908 904 )),
909 905 encrypted_recovery_codes))
910 906 return recovery_codes
@@ -925,9 +921,8 b' class User(Base, BaseModel):'
925 921 """
926 922 secret_2fa = self.user_data.get('secret_2fa')
927 923 if secret_2fa:
928 strict_mode = ConfigGet().get_bool('rhodecode.encrypted_values.strict', missing=True)
929 924 return safe_str(
930 enc_utils.decrypt_value(secret_2fa, enc_key=ENCRYPTION_KEY, strict_mode=strict_mode))
925 enc_utils.decrypt_value(secret_2fa, enc_key=ENCRYPTION_KEY))
931 926 return ''
932 927
933 928 @secret_2fa.setter
General Comments 0
You need to be logged in to leave comments. Login now