##// END OF EJS Templates
fix(encryption): rely on default config based strict mode if not explicitly given into function params
super-admin -
r5376:63f7e8c6 default
parent child Browse files
Show More
@@ -1,3 +1,21 b''
1 # Copyright (C) 2011-2023 RhodeCode GmbH
2 #
3 # This program is free software: you can redistribute it and/or modify
4 # it under the terms of the GNU Affero General Public License, version 3
5 # (only), as published by the Free Software Foundation.
6 #
7 # This program is distributed in the hope that it will be useful,
8 # but WITHOUT ANY WARRANTY; without even the implied warranty of
9 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 # GNU General Public License for more details.
11 #
12 # You should have received a copy of the GNU Affero General Public License
13 # along with this program. If not, see <http://www.gnu.org/licenses/>.
14 #
15 # This program is dual-licensed. If you wish to learn more about the
16 # RhodeCode Enterprise Edition, including its added features, Support services,
17 # and proprietary license terms, please see https://rhodecode.com/licenses/
18
1 from rhodecode.lib.str_utils import safe_bytes
19 from rhodecode.lib.str_utils import safe_bytes
2 from rhodecode.lib.encrypt import encrypt_data, validate_and_decrypt_data
20 from rhodecode.lib.encrypt import encrypt_data, validate_and_decrypt_data
3 from rhodecode.lib.encrypt2 import Encryptor
21 from rhodecode.lib.encrypt2 import Encryptor
@@ -9,6 +27,10 b' def get_default_algo():'
9 import rhodecode
27 import rhodecode
10 return rhodecode.CONFIG.get('rhodecode.encrypted_values.algorithm') or 'aes'
28 return rhodecode.CONFIG.get('rhodecode.encrypted_values.algorithm') or 'aes'
11
29
30 def get_strict_mode():
31 import rhodecode
32 return rhodecode.ConfigGet().get_bool('rhodecode.encrypted_values.strict') or False
33
12
34
13 def encrypt_value(value: bytes, enc_key: bytes, algo: str = ''):
35 def encrypt_value(value: bytes, enc_key: bytes, algo: str = ''):
14 if not algo:
36 if not algo:
@@ -29,7 +51,12 b' def encrypt_value(value: bytes, enc_key:'
29 return value
51 return value
30
52
31
53
32 def decrypt_value(value: bytes, enc_key: bytes, algo: str = '', strict_mode: bool = False):
54 def decrypt_value(value: bytes, enc_key: bytes, algo: str = '', strict_mode: bool | None = None):
55
56 if strict_mode is None:
57 # we use config value rather then explicit True/False
58 strict_mode = get_strict_mode()
59
33 enc_key = safe_bytes(enc_key)
60 enc_key = safe_bytes(enc_key)
34 value = safe_bytes(value)
61 value = safe_bytes(value)
35
62
@@ -199,9 +199,7 b' class EncryptedTextValue(TypeDecorator):'
199 if not value:
199 if not value:
200 return value
200 return value
201
201
202 enc_strict_mode = rhodecode.ConfigGet().get_bool('rhodecode.encrypted_values.strict', missing=True)
202 bytes_val = enc_utils.decrypt_value(value, enc_key=ENCRYPTION_KEY)
203
204 bytes_val = enc_utils.decrypt_value(value, enc_key=ENCRYPTION_KEY, strict_mode=enc_strict_mode)
205
203
206 return safe_str(bytes_val)
204 return safe_str(bytes_val)
207
205
@@ -897,14 +895,12 b' class User(Base, BaseModel):'
897
895
898 def get_2fa_recovery_codes(self):
896 def get_2fa_recovery_codes(self):
899 encrypted_recovery_codes = self.user_data.get('recovery_codes_2fa', [])
897 encrypted_recovery_codes = self.user_data.get('recovery_codes_2fa', [])
900 strict_mode = ConfigGet().get_bool('rhodecode.encrypted_values.strict', missing=True)
901
898
902 recovery_codes = list(map(
899 recovery_codes = list(map(
903 lambda val: safe_str(
900 lambda val: safe_str(
904 enc_utils.decrypt_value(
901 enc_utils.decrypt_value(
905 val,
902 val,
906 enc_key=ENCRYPTION_KEY,
903 enc_key=ENCRYPTION_KEY
907 strict_mode=strict_mode
908 )),
904 )),
909 encrypted_recovery_codes))
905 encrypted_recovery_codes))
910 return recovery_codes
906 return recovery_codes
@@ -925,9 +921,8 b' class User(Base, BaseModel):'
925 """
921 """
926 secret_2fa = self.user_data.get('secret_2fa')
922 secret_2fa = self.user_data.get('secret_2fa')
927 if secret_2fa:
923 if secret_2fa:
928 strict_mode = ConfigGet().get_bool('rhodecode.encrypted_values.strict', missing=True)
929 return safe_str(
924 return safe_str(
930 enc_utils.decrypt_value(secret_2fa, enc_key=ENCRYPTION_KEY, strict_mode=strict_mode))
925 enc_utils.decrypt_value(secret_2fa, enc_key=ENCRYPTION_KEY))
931 return ''
926 return ''
932
927
933 @secret_2fa.setter
928 @secret_2fa.setter
General Comments 0
You need to be logged in to leave comments. Login now