automatically encrypt/decrypt main_oauth2application.client_secret

see: https://github.com/ansible/awx/issues/1416
2026-02-28 16:28:43 -03:30 · 2018-04-03 16:51:34 -04:00
parent c2446beb6e
commit 5f01d26224
4 changed files with 66 additions and 0 deletions
--- a/awx/main/tests/functional/api/test_oauth.py
+++ b/awx/main/tests/functional/api/test_oauth.py
@@ -1,6 +1,9 @@
 import pytest
 import base64

+from django.db import connection
+
+from awx.main.utils.encryption import decrypt_value, get_encryption_key
 from awx.api.versioning import reverse, drf_reverse
 from awx.main.models.oauth import (OAuth2Application as Application, 
                                   OAuth2AccessToken as AccessToken, 
@@ -65,6 +68,26 @@ def test_oauth_application_update(oauth_application, organization, patch, admin,
    assert updated_app.organization == organization


+@pytest.mark.django_db
+def test_oauth_application_encryption(admin, organization, post):
+    response = post(
+        reverse('api:o_auth2_application_list'), {
+            'name': 'test app',
+            'organization': organization.pk,
+            'client_type': 'confidential',
+            'authorization_grant_type': 'password',
+        }, admin, expect=201
+    )
+    pk = response.data.get('id')
+    secret = response.data.get('client_secret')
+    with connection.cursor() as cursor:
+        encrypted = cursor.execute(
+            'SELECT client_secret FROM main_oauth2application WHERE id={}'.format(pk)
+        ).fetchone()[0]
+        assert encrypted.startswith('$encrypted$')
+        assert decrypt_value(get_encryption_key('value', pk=None), encrypted) == secret
+
+
@pytest.mark.django_db
 def test_oauth_token_create(oauth_application, get, post, admin):
    response = post(