Skip to content

Commit

Permalink
Improve code clarity of db_set_user_password
Browse files Browse the repository at this point in the history
  • Loading branch information
@evilaliv3
evilaliv3 committed Jan 27, 2025
1 parent 1824e42 commit ab295b5
Showing 1 changed file with 16 additions and 13 deletions.
29 changes: 16 additions & 13 deletions backend/globaleaks/handlers/admin/operation.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -195,24 +195,27 @@ def reset_templates(session, tid):
def db_set_user_password(session, tid, user_session, user_id, key):
user = db_get_user(session, tid, user_id)

if not user.crypto_pub_key or user_session.ek:
key = Base64Encoder.decode(key.encode())
# if encryption is enabled accept password changes only if the admin has access to escrow keys
if user.crypto_pub_key and not user_session.ek:
return

key = Base64Encoder.decode(key.encode())

if user.crypto_pub_key and user_session.ek:
crypto_escrow_prv_key = GCE.asymmetric_decrypt(user_session.cc, Base64Encoder.decode(user_session.ek))
if user.crypto_pub_key and user_session.ek:
crypto_escrow_prv_key = GCE.asymmetric_decrypt(user_session.cc, Base64Encoder.decode(user_session.ek))

if user_session.user_tid == 1:
user_cc = GCE.asymmetric_decrypt(crypto_escrow_prv_key, Base64Encoder.decode(user.crypto_escrow_bkp1_key))
else:
user_cc = GCE.asymmetric_decrypt(crypto_escrow_prv_key, Base64Encoder.decode(user.crypto_escrow_bkp2_key))
if user_session.user_tid == 1:
user_cc = GCE.asymmetric_decrypt(crypto_escrow_prv_key, Base64Encoder.decode(user.crypto_escrow_bkp1_key))
else:
user_cc = GCE.asymmetric_decrypt(crypto_escrow_prv_key, Base64Encoder.decode(user.crypto_escrow_bkp2_key))

user.crypto_prv_key = Base64Encoder.encode(GCE.symmetric_encrypt(key, user_cc))
user.crypto_prv_key = Base64Encoder.encode(GCE.symmetric_encrypt(key, user_cc))

user.hash = sha256(key)
user.password_change_date = datetime_now()
user.password_change_needed = True
user.hash = sha256(key)
user.password_change_date = datetime_now()
user.password_change_needed = True

db_log(session, tid=tid, type='change_password', user_id=user_session.user_id, object_id=user_id)
db_log(session, tid=tid, type='change_password', user_id=user_session.user_id, object_id=user_id)


@transact
Expand Down

0 comments on commit ab295b5

Please sign in to comment.