Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

EmailSettings password encryption improvement [Migration] #35492

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
+52 −0
Open

EmailSettings password encryption improvement [Migration] #35492

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
51 changes: 51 additions & 0 deletions corehq/apps/email/migrations/0003_emailsettings_password_cbc.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
# Generated by Django 4.2.16 on 2024-11-19 20:16

from django.db import migrations

from corehq.motech.const import ALGO_AES, ALGO_AES_CBC
from corehq.util.django_migrations import skip_on_fresh_install
from corehq.motech.utils import reencrypt_ecb_to_cbc_mode, reencrypt_cbc_to_ecb_mode


@skip_on_fresh_install
def copy_and_reencrypt_password_to_password_cbc(apps, schema_editor):
EmailSettings = apps.get_model('email', 'EmailSettings')

email_settings_to_update = EmailSettings.objects.exclude(
password__startswith=f'${ALGO_AES_CBC}$'
)

for email_settings in email_settings_to_update:
if email_settings.password.startswith(f'${ALGO_AES}$'):
prefix = f'${ALGO_AES}$'
else:
prefix = None
email_settings.password = reencrypt_ecb_to_cbc_mode(email_settings.password, prefix)
email_settings.save()


def revert_password_cbc_to_password(apps, schema_editor):
EmailSettings = apps.get_model('email', 'EmailSettings')

email_settings_to_update = EmailSettings.objects.exclude(
password__startswith=f'${ALGO_AES}$'
)

for email_settings in email_settings_to_update:
if email_settings.password.startswith(f'${ALGO_AES_CBC}$'):
prefix = f'${ALGO_AES_CBC}$'
else:
prefix = None
email_settings.password = reencrypt_cbc_to_ecb_mode(email_settings.password, prefix)
email_settings.save()


class Migration(migrations.Migration):

dependencies = [
('email', '0002_emailsettings_return_path_email'),
]

operations = [
migrations.RunPython(copy_and_reencrypt_password_to_password_cbc, revert_password_cbc_to_password),
]
1 change: 1 addition & 0 deletions migrations.lock
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -419,6 +419,7 @@ dropbox
email
0001_initial
0002_emailsettings_return_path_email
0003_emailsettings_password_cbc
enterprise
0001_initial
0002_enterprisepermissions_account_unique
Expand Down
Loading