def rebuild_access_tokens(old_key):
"""Rebuild the access token field when the SECRET_KEY is changed.
Fixes users' login
:param old_key: the old SECRET_KEY.
"""
current_app.logger.info('rebuilding RemoteToken.access_token...')
rebuild_encrypted_properties(old_key, RemoteToken, ['access_token'])
def rebuild_access_tokens(old_key):
"""Rebuild the access token field when the SECRET_KEY is changed.
Fixes users' login
:param old_key: the old SECRET_KEY.
"""
current_app.logger.info('rebuilding RemoteToken.access_token...')
rebuild_encrypted_properties(old_key, RemoteToken, ['access_token'])
def rebuild_access_tokens(old_key):
"""Rebuild the access_token field when the SECRET_KEY is changed.
Needed to fix the access tokens used in the REST API calls.
:param old_key: the old SECRET_KEY.
"""
current_app.logger.info('rebuilding Token.access_token...')
rebuild_encrypted_properties(old_key, Token,
['access_token', 'refresh_token'])
def test_rebuild_encrypted_properties(db, app):
old_secret_key = "SECRET_KEY_1"
new_secret_key = "SECRET_KEY_2"
app.secret_key = old_secret_key
def _secret_key():
return app.config.get('SECRET_KEY').encode('utf-8')
class Demo(db.Model):
__tablename__ = 'demo'
pk = db.Column(sa.Integer, primary_key=True)
et = db.Column(
EncryptedType(type_in=db.Unicode, key=_secret_key), nullable=False
)
InvenioDB(app, entry_point_group=False, db=db)
with app.app_context():
db.create_all()
d1 = Demo(et="something")
db.session.add(d1)
db.session.commit()
app.secret_key = new_secret_key
with app.app_context():
with pytest.raises(UnicodeDecodeError):
db.session.query(Demo).all()
with pytest.raises(AttributeError):
rebuild_encrypted_properties(old_secret_key, Demo, ['nonexistent'])
assert app.secret_key == new_secret_key
with app.app_context():
with pytest.raises(UnicodeDecodeError):
db.session.query(Demo).all()
rebuild_encrypted_properties(old_secret_key, Demo, ['et'])
d1_after = db.session.query(Demo).first()
assert d1_after.et == "something"
with app.app_context():
db.drop_all()