Add support for encrypting settings that are passwords.

2026-02-15 18:20:00 -03:30 · 2016-11-30 11:22:39 -05:00
parent 2efe178fd4
commit 6a02ca1de0
8 changed files with 90 additions and 2 deletions
--- a/awx/conf/models.py
+++ b/awx/conf/models.py
@@ -10,6 +10,8 @@ from django.db import models
 # Tower
 from awx.main.models.base import CreatedModifiedModel
 from awx.main.fields import JSONField
+from awx.main.utils import encrypt_field
+from awx.conf import settings_registry

 __all__ = ['Setting']

@@ -42,6 +44,30 @@ class Setting(CreatedModifiedModel):
        else:
            return u'{} = {}'.format(self.key, json_value)

+    def save(self, *args, **kwargs):
+        encrypted = settings_registry.is_setting_encrypted(self.key)
+        new_instance = not bool(self.pk)
+        # If update_fields has been specified, add our field names to it,
+        # if it hasn't been specified, then we're just doing a normal save.
+        update_fields = kwargs.get('update_fields', [])
+        # When first saving to the database, don't store any encrypted field
+        # value, but instead save it until after the instance is created.
+        # Otherwise, store encrypted value to the database.
+        if encrypted:
+            if new_instance:
+                self._saved_value = self.value
+                self.value = ''
+            else:
+                self.value = encrypt_field(self, 'value')
+                if 'value' not in update_fields:
+                    update_fields.append('value')
+        super(Setting, self).save(*args, **kwargs)
+        # After saving a new instance for the first time, set the encrypted
+        # field and save again.
+        if encrypted and new_instance:
+            self.value = self._saved_value
+            self.save(update_fields=['value'])
+
    @classmethod
    def get_cache_key(self, key):
        return key