From 4c1330dde86fb082b0301748344e92652e85fbf9 Mon Sep 17 00:00:00 2001 From: Andrew Leith Date: Thu, 14 Nov 2024 20:07:18 +0000 Subject: [PATCH 1/4] fix: add fallback value for cypress migration --- migrations/versions/0466_add_cypress_data.py | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/migrations/versions/0466_add_cypress_data.py b/migrations/versions/0466_add_cypress_data.py index a5a3bb2749..2786720977 100644 --- a/migrations/versions/0466_add_cypress_data.py +++ b/migrations/versions/0466_add_cypress_data.py @@ -28,14 +28,13 @@ email_template_id = current_app.config["CYPRESS_SMOKE_TEST_EMAIL_TEMPLATE_ID"] sms_template_id = current_app.config["CYPRESS_SMOKE_TEST_SMS_TEMPLATE_ID"] default_category_id = current_app.config["DEFAULT_TEMPLATE_CATEGORY_LOW"] +cypress_user_pw = current_app.config.get( + "CYPRESS_USER_PW_SECRET", uuid.uuid4().hex[:32] # if env var isn't present, use a random password +) def upgrade(): - password = hashpw( - hashlib.sha256( - (current_app.config["CYPRESS_USER_PW_SECRET"] + current_app.config["DANGEROUS_SALT"]).encode("utf-8") - ).hexdigest() - ) + password = hashpw(hashlib.sha256((cypress_user_pw + current_app.config["DANGEROUS_SALT"]).encode("utf-8")).hexdigest()) current_year = get_current_financial_year_start_year() default_limit = 250000 From eda7ec59bbc528e7b4cf08c3786efcf10355de30 Mon Sep 17 00:00:00 2001 From: Andrew Leith Date: Thu, 14 Nov 2024 20:08:51 +0000 Subject: [PATCH 2/4] please [review] this From 97b9eb07c2422992177b82cef4f39b01bfc8ad27 Mon Sep 17 00:00:00 2001 From: Andrew Leith Date: Fri, 15 Nov 2024 12:56:06 +0000 Subject: [PATCH 3/4] task: add warning to migration if ENV var not present --- migrations/versions/0466_add_cypress_data.py | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/migrations/versions/0466_add_cypress_data.py b/migrations/versions/0466_add_cypress_data.py index 2786720977..5789517bf7 100644 --- a/migrations/versions/0466_add_cypress_data.py +++ b/migrations/versions/0466_add_cypress_data.py @@ -28,12 +28,14 @@ email_template_id = current_app.config["CYPRESS_SMOKE_TEST_EMAIL_TEMPLATE_ID"] sms_template_id = current_app.config["CYPRESS_SMOKE_TEST_SMS_TEMPLATE_ID"] default_category_id = current_app.config["DEFAULT_TEMPLATE_CATEGORY_LOW"] -cypress_user_pw = current_app.config.get( - "CYPRESS_USER_PW_SECRET", uuid.uuid4().hex[:32] # if env var isn't present, use a random password -) def upgrade(): + cypress_user_pw = current_app.config.get("CYPRESS_USER_PW_SECRET") + if not cypress_user_pw: + cypress_user_pw = uuid.uuid4().hex[:32] + current_app.logger.warning(f"CYPRESS_USER_PW_SECRET not set, using random password") + password = hashpw(hashlib.sha256((cypress_user_pw + current_app.config["DANGEROUS_SALT"]).encode("utf-8")).hexdigest()) current_year = get_current_financial_year_start_year() default_limit = 250000 From 6fe6a96985b951958c431e4182ce977ea12bcf88 Mon Sep 17 00:00:00 2001 From: Andrew Leith Date: Fri, 15 Nov 2024 12:56:20 +0000 Subject: [PATCH 4/4] add var to `.env.example` --- .env.example | 1 + 1 file changed, 1 insertion(+) diff --git a/.env.example b/.env.example index 6557dd4a88..8bfcb60668 100644 --- a/.env.example +++ b/.env.example @@ -4,6 +4,7 @@ ADMIN_CLIENT_SECRET=dev-notify-secret-key SRE_CLIENT_SECRET=dev-notify-secret-key SECRET_KEY=dev-notify-secret-key DANGEROUS_SALT=dev-notify-salt +CYPRESS_USER_PW_SECRET= NOTIFICATION_QUEUE_PREFIX='notification-canada-ca'