def save(self, *args, **kwargs): encrypted = settings_registry.is_setting_encrypted(self.key) new_instance = not bool(self.pk) # If update_fields has been specified, add our field names to it, # if it hasn't been specified, then we're just doing a normal save. update_fields = kwargs.get('update_fields', []) # When first saving to the database, don't store any encrypted field # value, but instead save it until after the instance is created. # Otherwise, store encrypted value to the database. if encrypted: if new_instance: self._saved_value = self.value self.value = '' else: self.value = encrypt_field(self, 'value') if 'value' not in update_fields: update_fields.append('value') super(Setting, self).save(*args, **kwargs) # After saving a new instance for the first time, set the encrypted # field and save again. if encrypted and new_instance: from awx.main.signals import disable_activity_stream with disable_activity_stream(): self.value = self._saved_value self.save(update_fields=['value'])
def perform_update(self, serializer): settings_qs = self.get_queryset() user = self.request.user if self.category_slug == 'user' else None settings_change_list = [] for key, value in serializer.validated_data.items(): if key == 'LICENSE' or settings_registry.is_setting_read_only(key): continue if settings_registry.is_setting_encrypted(key) and \ isinstance(value, str) and \ value.startswith('$encrypted$'): continue setattr(serializer.instance, key, value) setting = settings_qs.filter(key=key).order_by('pk').first() if not setting: setting = Setting.objects.create(key=key, user=user, value=value) settings_change_list.append(key) elif setting.value != value: setting.value = value setting.save(update_fields=['value']) settings_change_list.append(key) if settings_change_list: connection.on_commit( lambda: handle_setting_changes.delay(settings_change_list))
def replace_aesecb_fernet(apps, schema_editor): from awx.main.utils.encryption import encrypt_field Setting = apps.get_model('conf', 'Setting') for setting in Setting.objects.filter().order_by('pk'): if settings_registry.is_setting_encrypted(setting.key): if should_decrypt_field(setting.value): setting.value = decrypt_field(setting, 'value') setting.value = encrypt_field(setting, 'value') setting.save()
def _settings(self): # don't update memcached, the *actual* value isn't changing post_save.disconnect(on_post_save_setting, sender=Setting) for setting in Setting.objects.filter().order_by('pk'): if settings_registry.is_setting_encrypted(setting.key): setting.value = decrypt_field(setting, 'value', secret_key=self.old_key) setting.value = encrypt_field(setting, 'value', secret_key=self.new_key) setting.save()