def decrypted_extra_vars(self): ''' Decrypts fields marked as passwords in survey. ''' if self.survey_passwords: extra_vars = json.loads(self.extra_vars) for key in self.survey_passwords: value = extra_vars.get(key) if value and isinstance( value, str) and value.startswith('$encrypted$'): extra_vars[key] = decrypt_value( get_encryption_key('value', pk=None), value) return json.dumps(extra_vars) else: return self.extra_vars
def _accept_or_ignore_variables(self, data, errors=None, _exclude_errors=(), extra_passwords=None): survey_is_enabled = (self.survey_enabled and self.survey_spec) extra_vars = data.copy() if errors is None: errors = {} rejected = {} accepted = {} if survey_is_enabled: # Check for data violation of survey rules survey_errors = [] for survey_element in self.survey_spec.get("spec", []): key = survey_element.get('variable', None) value = data.get(key, None) validate_required = 'required' not in _exclude_errors if extra_passwords and key in extra_passwords and is_encrypted(value): element_errors = self._survey_element_validation(survey_element, { key: decrypt_value(get_encryption_key('value', pk=None), value) }, validate_required=validate_required) else: element_errors = self._survey_element_validation( survey_element, data, validate_required=validate_required) if element_errors: survey_errors += element_errors if key is not None and key in extra_vars: rejected[key] = extra_vars.pop(key) elif key in extra_vars: accepted[key] = extra_vars.pop(key) if survey_errors: errors['variables_needed_to_start'] = survey_errors if self.ask_variables_on_launch: # We can accept all variables accepted.update(extra_vars) extra_vars = {} if extra_vars: # Leftover extra_vars, keys provided that are not allowed rejected.update(extra_vars) # ignored variables does not block manual launch if 'prompts' not in _exclude_errors: errors['extra_vars'] = [_('Variables {list_of_keys} are not allowed on launch. Check the Prompt on Launch setting '+ 'on the Job Template to include Extra Variables.').format( list_of_keys=', '.join(extra_vars.keys()))] return (accepted, rejected, errors)
def test_oauth_application_encryption(admin, organization, post): response = post( reverse('api:o_auth2_application_list'), { 'name': 'test app', 'organization': organization.pk, 'client_type': 'confidential', 'authorization_grant_type': 'password', }, admin, expect=201 ) pk = response.data.get('id') secret = response.data.get('client_secret') with connection.cursor() as cursor: encrypted = cursor.execute( 'SELECT client_secret FROM main_oauth2application WHERE id={}'.format(pk) ).fetchone()[0] assert encrypted.startswith('$encrypted$') assert decrypt_value(get_encryption_key('value', pk=None), encrypted) == secret
class TestSurveyReversibilityValue: ''' Tests to enforce the contract with survey password question encrypted values ''' _key = encryption.get_encryption_key('value', None) def test_encrypt_empty_string(self): assert encryption.encrypt_value('') == '' # the reverse, decryption, does not work def test_encrypt_encryption_key(self): assert encryption.encrypt_value('$encrypted$') == '$encrypted$' # the reverse, decryption, does not work def test_encrypt_empty_string_twice(self): # Encryption is idempotent val = encryption.encrypt_value('foobar') val2 = encryption.encrypt_value(val) assert encryption.decrypt_value(self._key, val2) == 'foobar'
def from_db_value(self, value, expression, connection, context): if value and value.startswith('$encrypted$'): return decrypt_value(get_encryption_key('value', pk=None), value) return value