From dbbd31b804fb124c534943cf0c722dcc66515611 Mon Sep 17 00:00:00 2001
From: Jonathan Tang <Jonahtang738@gmail.com>
Date: Mon, 9 Dec 2024 10:03:51 -0800
Subject: [PATCH] adds back migration for reencryption of password field

---
 .../0003_emailsettings_password_cbc.py        | 51 +++++++++++++++++++
 migrations.lock                               |  1 +
 2 files changed, 52 insertions(+)
 create mode 100644 corehq/apps/email/migrations/0003_emailsettings_password_cbc.py

diff --git a/corehq/apps/email/migrations/0003_emailsettings_password_cbc.py b/corehq/apps/email/migrations/0003_emailsettings_password_cbc.py
new file mode 100644
index 000000000000..acf8d28b3a31
--- /dev/null
+++ b/corehq/apps/email/migrations/0003_emailsettings_password_cbc.py
@@ -0,0 +1,51 @@
+# Generated by Django 4.2.16 on 2024-11-19 20:16
+
+from django.db import migrations
+
+from corehq.motech.const import ALGO_AES, ALGO_AES_CBC
+from corehq.util.django_migrations import skip_on_fresh_install
+from corehq.motech.utils import reencrypt_ecb_to_cbc_mode, reencrypt_cbc_to_ecb_mode
+
+
+@skip_on_fresh_install
+def copy_and_reencrypt_password_to_password_cbc(apps, schema_editor):
+    EmailSettings = apps.get_model('email', 'EmailSettings')
+
+    email_settings_to_update = EmailSettings.objects.exclude(
+        password__startswith=f'${ALGO_AES_CBC}$'
+    )
+
+    for email_settings in email_settings_to_update:
+        if email_settings.password.startswith(f'${ALGO_AES}$'):
+            prefix = f'${ALGO_AES}$'
+        else:
+            prefix = None
+        email_settings.password = reencrypt_ecb_to_cbc_mode(email_settings.password, prefix)
+        email_settings.save()
+
+
+def revert_password_cbc_to_password(apps, schema_editor):
+    EmailSettings = apps.get_model('email', 'EmailSettings')
+
+    email_settings_to_update = EmailSettings.objects.exclude(
+        password__startswith=f'${ALGO_AES}$'
+    )
+
+    for email_settings in email_settings_to_update:
+        if email_settings.password.startswith(f'${ALGO_AES_CBC}$'):
+            prefix = f'${ALGO_AES_CBC}$'
+        else:
+            prefix = None
+        email_settings.password = reencrypt_cbc_to_ecb_mode(email_settings.password, prefix)
+        email_settings.save()
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('email', '0002_emailsettings_return_path_email'),
+    ]
+
+    operations = [
+        migrations.RunPython(copy_and_reencrypt_password_to_password_cbc, revert_password_cbc_to_password),
+    ]
diff --git a/migrations.lock b/migrations.lock
index cf23a0c90a79..e5372d60ff31 100644
--- a/migrations.lock
+++ b/migrations.lock
@@ -419,6 +419,7 @@ dropbox
 email
  0001_initial
  0002_emailsettings_return_path_email
+ 0003_emailsettings_password_cbc
 enterprise
  0001_initial
  0002_enterprisepermissions_account_unique