From 044c047ac6dfd59784822db6e226100fb53e8517 Mon Sep 17 00:00:00 2001
From: Ryan Petrello <rpetrell@redhat.com>
Date: Mon, 27 Nov 2017 17:25:45 -0500
Subject: [PATCH] fix a bug in survey password default validation

see: https://github.com/ansible/ansible-tower/issues/7046
see: https://github.com/ansible/ansible-tower/issues/7764
see: https://github.com/ansible/ansible-tower/issues/7784
---
 awx/main/models/mixins.py | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/awx/main/models/mixins.py b/awx/main/models/mixins.py
index 8d2fead0e6..563619a101 100644
--- a/awx/main/models/mixins.py
+++ b/awx/main/models/mixins.py
@@ -166,15 +166,19 @@ class SurveyJobTemplateMixin(models.Model):
         # make a copy of the data to break references (so that we don't
         # inadvertently expose unencrypted default passwords as we validate)
         data = data.copy()
-        if all([
-            survey_element['type'] == "password",
-            data.get(survey_element['variable']) == '$encrypted$'
-        ]):
-            # replace encrypted password defaults so we don't validate on
-            # $encrypted$
+        password_value = data.get(survey_element['variable'])
+        if (
+            survey_element['type'] == "password" and
+            isinstance(password_value, basestring) and
+            password_value.startswith('$encrypted$')
+        ):
+            if password_value == '$encrypted$':
+                # replace encrypted password defaults so we don't validate on
+                # $encrypted$
+                password_value = survey_element['default']
             data[survey_element['variable']] = decrypt_value(
                 get_encryption_key('value', pk=None),
-                survey_element['default']
+                password_value
             )
         if survey_element['variable'] not in data and survey_element['required']:
             errors.append("'%s' value missing" % survey_element['variable'])