##// END OF EJS Templates
rhodecode-enterprise-ce
RSS
fix(tests): fixed 2fa tests and password reset broken by accident
fix(tests): fixed 2fa tests and password reset broken by accident
super-admin - - Load All Authors

File last commit:

r5363:7bfb02ec default
r5369:cab08940 default
Show More
enc_utils.py
49 lines | 1.5 KiB | text/x-python | PythonLexer
/ rhodecode / lib / enc_utils.py
History | Annotation | Raw |Copy content |Copy permalink
from rhodecode.lib.str_utils import safe_bytes
from rhodecode.lib.encrypt import encrypt_data, validate_and_decrypt_data
from rhodecode.lib.encrypt2 import Encryptor
ALLOWED_ALGOS = ['aes', 'fernet']
def get_default_algo():
import rhodecode
return rhodecode.CONFIG.get('rhodecode.encrypted_values.algorithm') or 'aes'
def encrypt_value(value: bytes, enc_key: bytes, algo: str = ''):
if not algo:
# not explicit algo, just use what's set by config
algo = get_default_algo()
if algo not in ALLOWED_ALGOS:
ValueError(f'Bad encryption algorithm, should be {ALLOWED_ALGOS}, got: {algo}')
enc_key = safe_bytes(enc_key)
value = safe_bytes(value)
if algo == 'aes':
return encrypt_data(value, enc_key=enc_key)
if algo == 'fernet':
return Encryptor(enc_key).encrypt(value)
return value
def decrypt_value(value: bytes, enc_key: bytes, algo: str = '', strict_mode: bool = False):
enc_key = safe_bytes(enc_key)
value = safe_bytes(value)
if not algo:
# not explicit algo, just use what's set by config
algo = Encryptor.detect_enc_algo(value) or get_default_algo()
if algo not in ALLOWED_ALGOS:
ValueError(f'Bad encryption algorithm, should be {ALLOWED_ALGOS}, got: {algo}')
safe = not strict_mode
if algo == 'aes':
return validate_and_decrypt_data(value, enc_key, safe=safe)
if algo == 'fernet':
return Encryptor(enc_key).decrypt(value, safe=safe)
return value