Revision 1da8bd42
Added by Dominic Cleal about 7 years ago
| app/models/concerns/encrypt_value.rb | ||
|---|---|---|
|
str_encrypted = "#{ENCRYPTION_PREFIX}#{encryptor.encrypt_and_sign(str)}"
|
||
|
str = str_encrypted
|
||
|
rescue => e
|
||
|
puts_and_logs("At least one field encryption failed: #{e}") unless @@encrypt_err_reported
|
||
|
puts_and_logs("At least one field encryption failed: #{e}") unless defined?(@@encrypt_err_reported) && @@encrypt_err_reported
|
||
|
@@encrypt_err_reported = true
|
||
|
end
|
||
|
str
|
||
| ... | ... | |
|
str_decrypted = encryptor.decrypt_and_verify(str_no_prefix)
|
||
|
str = str_decrypted
|
||
|
rescue ActiveSupport::MessageVerifier::InvalidSignature
|
||
|
puts_and_logs("At least one field decryption failed, check ENCRYPTION_KEY") unless @@decrypt_err_reported
|
||
|
puts_and_logs("At least one field decryption failed, check ENCRYPTION_KEY") unless defined?(@@decrypt_err_reported) && @@decrypt_err_reported
|
||
|
@@decrypt_err_reported = true
|
||
|
end
|
||
|
str
|
||
|
end
|
||
|
|
||
|
def self.reset_warnings
|
||
|
@@decrypt_err_reported = false
|
||
|
@@encrypt_err_reported = false
|
||
|
end
|
||
|
|
||
|
private
|
||
|
|
||
|
def puts_and_logs(msg, level = Logger::WARN)
|
||
| test/unit/encryptable_test.rb | ||
|---|---|---|
|
assert compute_resource.is_decryptable?(encrypted_str)
|
||
|
end
|
||
|
|
||
|
test "encrypt unsuccessfully logs error once" do
|
||
|
EncryptValue.reset_warnings
|
||
|
compute_resource = cr_with_encryption_key
|
||
|
ActiveSupport::MessageEncryptor.any_instance.expects(:encrypt_and_sign).twice.raises('Encryption error')
|
||
|
compute_resource.expects(:puts_and_logs).once
|
||
|
encrypted_str = compute_resource.encrypt_field('secret')
|
||
|
assert_equal 'secret', encrypted_str
|
||
|
compute_resource.encrypt_field('secret')
|
||
|
end
|
||
|
|
||
|
test "decrypt successfully" do
|
||
|
compute_resource = cr_with_encryption_key
|
||
|
plain_str = "secretpassword"
|
||
| ... | ... | |
|
assert_equal plain_str, decrypted_str
|
||
|
end
|
||
|
|
||
|
test "decrypt unsuccessfully logs error once" do
|
||
|
EncryptValue.reset_warnings
|
||
|
compute_resource = stub_encryption_key(FactoryGirl.build(:ec2_cr, password: 'encrypted-invalid'))
|
||
|
compute_resource.expects(:puts_and_logs).once
|
||
|
decrypted_str = compute_resource.password
|
||
|
assert_equal 'encrypted-invalid', decrypted_str
|
||
|
compute_resource.password
|
||
|
end
|
||
|
|
||
|
test "encrypt_field returns nil if password is nil" do
|
||
|
compute_resource = cr_with_encryption_key
|
||
|
encrypted_str = compute_resource.encrypt_field(nil)
|
||
Also available in: Unified diff
refs #19534 - check EncryptValue class variables are defined
bed4594 added class variables to record logging state, but failed to
check it was defined before accessing them, causing exceptions when
decryption failed. Tests added for this new behaviour.