mirror of
https://github.com/pewdiepie-archdaemon/odysseus.git
synced 2026-06-17 02:05:22 -04:00
fix(calendar): avoid double-encrypting CalDAV password
cfg is loaded from prefs and already holds the existing, already-encrypted password. When the edit form was re-submitted without re-typing the password, the elif branch called encrypt() on that stored ciphertext, compounding the encryption on every save and eventually breaking sync with a decrypt error. Drop the elif branch: the stored value is preserved as-is, and we only encrypt when a new password is actually supplied. Fixes #1915 Co-authored-by: EkaTantra Dev <dev@ekatantra.com>
This commit is contained in:
Sushanth Reddy
@@ -598,12 +598,12 @@ def setup_calendar_routes() -> APIRouter:
|
|||||||
cfg["username"] = (body.get("username") or "").strip()
|
cfg["username"] = (body.get("username") or "").strip()
|
||||||
# Preserve the stored password when the client sends an empty
|
# Preserve the stored password when the client sends an empty
|
||||||
# one (edit form re-submitted without re-typing the password).
|
# one (edit form re-submitted without re-typing the password).
|
||||||
|
# cfg already holds the existing (already-encrypted) password from
|
||||||
|
# prefs, so we only touch it when a new password is supplied —
|
||||||
|
# re-encrypting the stored value would double-encrypt it.
|
||||||
if body.get("password"):
|
if body.get("password"):
|
||||||
from src.secret_storage import encrypt
|
from src.secret_storage import encrypt
|
||||||
cfg["password"] = encrypt(body["password"])
|
cfg["password"] = encrypt(body["password"])
|
||||||
elif cfg.get("password"):
|
|
||||||
from src.secret_storage import encrypt
|
|
||||||
cfg["password"] = encrypt(cfg["password"])
|
|
||||||
prefs["caldav"] = cfg
|
prefs["caldav"] = cfg
|
||||||
_save_for_user(owner, prefs)
|
_save_for_user(owner, prefs)
|
||||||
return {"ok": True}
|
return {"ok": True}
|
||||||
|
|||||||
Reference in New Issue
Block a user