Merge pull request #97 from romanchyla/secret-key

Change to how SECRET_KEY gets loaded
adsabs · May 11, 2016 · 40cfb83 · 40cfb83
2 parents ffc67a3 + 611d761
commit 40cfb83
Show file tree

Hide file tree

Showing 2 changed files with 36 additions and 5 deletions.
diff --git a/adsws/factory.py b/adsws/factory.py
@@ -182,9 +182,6 @@ def load_config(app, kwargs_config):
     try:
         consul = Consul(app)
         consul.apply_remote_config()
-        # Consul stores the hex encoded secret key, but the database
-        # expects the raw bytes
-        app.config['SECRET_KEY'] = app.config['SECRET_KEY'].decode('hex')
     except ConsulConnectionError:
         app.logger.warning(
             "Could not load config from consul at {}".format(
@@ -195,6 +192,18 @@ def load_config(app, kwargs_config):
     if kwargs_config:
         app.config.update(kwargs_config)
 
+    # old baggage... Consul used to store keys in hexadecimal form
+    # so the production/staging databases both convert that into raw bytes
+    # but those raw bytes were non-ascii chars (unsafe to pass through
+    # env vars). So we must continue converting hex ...        
+    if app.config.get('SECRET_KEY', None):
+        try:
+            app.config['SECRET_KEY'] = app.config['SECRET_KEY'].decode('hex')
+            app.logger.warning('Converted SECRET_KEY from hex format into bytes')
+        except TypeError:
+            app.logger.warning('Most likely the SECRET_KEY is not in hex format')
+
+
 
 def set_translations():
     """Add under ``g._`` an already configured internationalization function.

diff --git a/adsws/tests/test_factory.py b/adsws/tests/test_factory.py
@@ -48,10 +48,32 @@ def test_custom_config(self):
         self.assertEqual(self.app.config.get('BAR'), 'baz')
         self.assertEqual(self.app.root_path, rootf, "root_path is not correct")
         self.assertEqual(self.app.instance_path, self.config['instance_path'])
-
+
+
+class FactoryTestSecretKey(FlaskAppTestCase):
+    @property
+    def config(self):
+        return {
+           'SECRET_KEY' : '73696768'
+        }
+
+    def test_custom_config(self):
+        self.assertEqual(self.app.config.get('SECRET_KEY'), 'sigh')
+
+
+class FactoryTestSecretKeyNonHex(FlaskAppTestCase):
+    @property
+    def config(self):
+        return {
+           'SECRET_KEY' : 'X73696768'
+        }
 
+    def test_custom_config(self):
+        self.assertEqual(self.app.config.get('SECRET_KEY'), 'X73696768')
+
 
-TEST_SUITE = make_test_suite(FactoryTest, FactoryTestCustomInstanceDir)
+TEST_SUITE = make_test_suite(FactoryTest, FactoryTestCustomInstanceDir, FactoryTestSecretKey,
+                             FactoryTestSecretKeyNonHex)
 
 
 if __name__ == "__main__":