-
-
Notifications
You must be signed in to change notification settings - Fork 218
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
adds back migration for reencryption of password field
- Loading branch information
Showing
2 changed files
with
52 additions
and
0 deletions.
There are no files selected for viewing
51 changes: 51 additions & 0 deletions
51
corehq/apps/email/migrations/0003_emailsettings_password_cbc.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,51 @@ | ||
| # Generated by Django 4.2.16 on 2024-11-19 20:16 | ||
|
|
||
| from django.db import migrations | ||
|
|
||
| from corehq.motech.const import ALGO_AES, ALGO_AES_CBC | ||
| from corehq.util.django_migrations import skip_on_fresh_install | ||
| from corehq.motech.utils import reencrypt_ecb_to_cbc_mode, reencrypt_cbc_to_ecb_mode | ||
|
|
||
|
|
||
| @skip_on_fresh_install | ||
| def copy_and_reencrypt_password_to_password_cbc(apps, schema_editor): | ||
| EmailSettings = apps.get_model('email', 'EmailSettings') | ||
|
|
||
| email_settings_to_update = EmailSettings.objects.exclude( | ||
| password__startswith=f'${ALGO_AES_CBC}$' | ||
| ) | ||
|
|
||
| for email_settings in email_settings_to_update: | ||
| if email_settings.password.startswith(f'${ALGO_AES}$'): | ||
| prefix = f'${ALGO_AES}$' | ||
| else: | ||
| prefix = None | ||
| email_settings.password = reencrypt_ecb_to_cbc_mode(email_settings.password, prefix) | ||
| email_settings.save() | ||
|
|
||
|
|
||
| def revert_password_cbc_to_password(apps, schema_editor): | ||
| EmailSettings = apps.get_model('email', 'EmailSettings') | ||
|
|
||
| email_settings_to_update = EmailSettings.objects.exclude( | ||
| password__startswith=f'${ALGO_AES}$' | ||
| ) | ||
|
|
||
| for email_settings in email_settings_to_update: | ||
| if email_settings.password.startswith(f'${ALGO_AES_CBC}$'): | ||
| prefix = f'${ALGO_AES_CBC}$' | ||
| else: | ||
| prefix = None | ||
| email_settings.password = reencrypt_cbc_to_ecb_mode(email_settings.password, prefix) | ||
| email_settings.save() | ||
|
|
||
|
|
||
| class Migration(migrations.Migration): | ||
|
|
||
| dependencies = [ | ||
| ('email', '0002_emailsettings_return_path_email'), | ||
| ] | ||
|
|
||
| operations = [ | ||
| migrations.RunPython(copy_and_reencrypt_password_to_password_cbc, revert_password_cbc_to_password), | ||
| ] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters