From 340d2215a79aedee4bf8c7deb0523dd7cd8f11b4 Mon Sep 17 00:00:00 2001
From: Till Prochaska <1512805+tillprochaska@users.noreply.github.com>
Date: Mon, 20 Jan 2025 11:56:57 +0100
Subject: [PATCH] Do not delete API key to enable rollbacks to previous
 version.

The `api_key` column will be removed in the next version at which point all plaintext API keys will be deleted.
---
 aleph/logic/api_keys.py      | 1 -
 aleph/tests/test_api_keys.py | 7 ++++++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/aleph/logic/api_keys.py b/aleph/logic/api_keys.py
index 96f960f3f5..a8b1c05764 100644
--- a/aleph/logic/api_keys.py
+++ b/aleph/logic/api_keys.py
@@ -129,7 +129,6 @@ def hash_plaintext_api_keys():
     for index, partition in enumerate(results.partitions()):
         for role in partition:
             role.api_key_digest = hash_api_key(role.api_key)
-            role.api_key = None
             db.session.add(role)
             log.info(f"Hashing API key: {role}")
         log.info(f"Comitting partition {index}")
diff --git a/aleph/tests/test_api_keys.py b/aleph/tests/test_api_keys.py
index 111b7f7912..1f155c930e 100644
--- a/aleph/tests/test_api_keys.py
+++ b/aleph/tests/test_api_keys.py
@@ -211,7 +211,12 @@ def test_hash_plaintext_api_keys(self):
         hash_plaintext_api_keys()
 
         db.session.refresh(user_1)
-        assert user_1.api_key is None
+
+        # Do not delete the plaintext API key to allow for version rollbacks.
+        # `api_key` column will be removed in the next version at which point all
+        # plaintext keys will be deleted.
+        assert user_1.api_key == "1234567890"
+
         assert user_1.api_key_digest == hash_api_key("1234567890")
 
         db.session.refresh(user_2)