def _rehash_pii(intake_user_key): intake_user = intake_user_key.get() iu_dict = intake_user.to_dict() for key in iu_dict.keys(): if key.endswith("_enc"): key_for_hashed = key[:-4] encrypted_value = iu_dict[key] if not encrypted_value: setattr(intake_user, key_for_hashed, None) continue decrypted_value = decrypt_value(encrypted_value) if (isinstance(decrypted_value, str) or isinstance(decrypted_value, unicode)): decrypted_value = decrypted_value.strip() if decrypted_value: setattr(intake_user, key_for_hashed, hash_value(decrypted_value)) else: setattr(intake_user, key_for_hashed, None) intake_user.put()
def check_intakeuser(intake_user, user_data, developer_key, org_key, pre_hashed=False): non_pii = ("date_joined", "date_banned", "reason_banned", "review_count", "transaction_count", "positive_review_percentage") eq_(intake_user.developer, developer_key) eq_(intake_user.org, org_key) # Test that hashing went correctly for key, value in user_data.items(): if key.startswith("date"): value = datetime.datetime.strptime(value, "%Y-%m-%d").date() # print "Key: %s" % key # print "Intake: %s" % getattr(intake_user, key) # print "Test Data: %s" % value if key not in non_pii: # print "Intake Encrypted: %s" % getattr(intake_user, key+"_enc") # print "Intake Decrypt: %s" % cryptography.decrypt_value(getattr(intake_user, key+"_enc")) if pre_hashed: eq_(getattr(intake_user, key+"_enc"), None) else: eq_(cryptography.decrypt_value(getattr(intake_user, key+"_enc")), value) value = cryptography.hash_value(value, pre_hashed=pre_hashed) eq_(getattr(intake_user, key), value)
def dev_decrypt(value): "Jinja2 filter for decrypting values in development" import hashlib if DEVELOPMENT: return decrypt_value(value, aes_key=hashlib.sha256("dev_key").digest()) else: return value