Skip to content

Commit

Permalink
Temporary change for safety during transition: log error if decrypted…
Browse files Browse the repository at this point in the history 
… key does not match plaintext key and fall back to stored plaintext key
  • Loading branch information
@Jtang-1
Jtang-1 committed Dec 3, 2024
1 parent 4658adb commit 9f08609
Showing 1 changed file with 8 additions and 2 deletions.
10 changes: 8 additions & 2 deletions corehq/apps/users/models.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3125,8 +3125,14 @@ def _generate_key(self):
@property
def plaintext_key(self):
try:
return b64_aes_cbc_decrypt(self.encrypted_key)
except Exception:
decrypted_key = b64_aes_cbc_decrypt(self.encrypted_key)
if decrypted_key == self.key:
return decrypted_key
else:
logging.warning("Decrypted key does not match stored key for %s", self.name)
return self.key
except Exception as e:
logging.exception(f'Error getting decrypted key for {self.name}. {e}')
return self.key

@plaintext_key.setter
Expand Down

0 comments on commit 9f08609

Please sign in to comment.