def rebuild_access_tokens(old_key): """Rebuild the access token field when the SECRET_KEY is changed. Fixes users' login :param old_key: the old SECRET_KEY. """ current_app.logger.info('rebuilding RemoteToken.access_token...') rebuild_encrypted_properties(old_key, RemoteToken, ['access_token'])
def rebuild_access_tokens(old_key): """Rebuild the access_token field when the SECRET_KEY is changed. Needed to fix the access tokens used in the REST API calls. :param old_key: the old SECRET_KEY. """ current_app.logger.info('rebuilding Token.access_token...') rebuild_encrypted_properties(old_key, Token, ['access_token', 'refresh_token'])
def test_rebuild_encrypted_properties(db, app): old_secret_key = "SECRET_KEY_1" new_secret_key = "SECRET_KEY_2" app.secret_key = old_secret_key def _secret_key(): return app.config.get('SECRET_KEY').encode('utf-8') class Demo(db.Model): __tablename__ = 'demo' pk = db.Column(sa.Integer, primary_key=True) et = db.Column( EncryptedType(type_in=db.Unicode, key=_secret_key), nullable=False ) InvenioDB(app, entry_point_group=False, db=db) with app.app_context(): db.create_all() d1 = Demo(et="something") db.session.add(d1) db.session.commit() app.secret_key = new_secret_key with app.app_context(): with pytest.raises(UnicodeDecodeError): db.session.query(Demo).all() with pytest.raises(AttributeError): rebuild_encrypted_properties(old_secret_key, Demo, ['nonexistent']) assert app.secret_key == new_secret_key with app.app_context(): with pytest.raises(UnicodeDecodeError): db.session.query(Demo).all() rebuild_encrypted_properties(old_secret_key, Demo, ['et']) d1_after = db.session.query(Demo).first() assert d1_after.et == "something" with app.app_context(): db.drop_all()