Skip to content

Commit

Permalink
catch invalid token exception, add error message for restoring encryp…
Browse files Browse the repository at this point in the history
…ted server state
  • Loading branch information
bleepbop committed Jul 27, 2023
1 parent 6507725 commit d30bc37
Showing 1 changed file with 13 additions and 2 deletions.
15 changes: 13 additions & 2 deletions app/service/file_svc.py
Original file line number Diff line number Diff line change
Expand Up @@ -5,10 +5,11 @@
import json
import os
import subprocess
import sys

from aiohttp import web
from multidict import CIMultiDict
from cryptography.fernet import Fernet
from cryptography.fernet import Fernet, InvalidToken
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
Expand Down Expand Up @@ -239,7 +240,17 @@ def _read(self, filename):
with open(filename, 'rb') as f:
buf = f.read()
if self.encryptor and buf.startswith(bytes(FILE_ENCRYPTION_FLAG, encoding='utf-8')):
buf = self.encryptor.decrypt(buf[len(FILE_ENCRYPTION_FLAG):])
try:
buf = self.encryptor.decrypt(buf[len(FILE_ENCRYPTION_FLAG):])
except InvalidToken:
self.log.error('Failed to decrypt saved CALDERA state due to incorrect encryption key.\n'
' - If attempting to restore secure backup, verify that conf/local.yml exists with '
'correct encryption_key value, and that the server is being run without --insecure.\n'
' - If attempting to restore insecure backup, verify that conf/default.yml exists '
'with correct encryption_key value, and that the server is being run with --insecure.\n'
' - If correct encryption_key value cannot be recovered, rerun the server with --fresh '
'to disregard stored server state.')
sys.exit(1)
return buf

def _get_encryptor(self):
Expand Down

0 comments on commit d30bc37

Please sign in to comment.