feat: GeoConfig, set api token with cbc algorithm but continue readin…

…g both ecb and cbc encrypted

corehq/apps/geospatial/const.py

@@ -2,6 +2,7 @@
 GPS_POINT_CASE_PROPERTY = 'gps_point'
 
 ALGO_AES = 'aes'
+ALGO_AES_CBC = 'aes-cbc'
 
 # Max number of cases per geohash
 MAX_GEOHASH_DOC_COUNT = 1_000

corehq/apps/geospatial/models.py

@@ -6,12 +6,17 @@
 from corehq.apps.geospatial.const import (
     GPS_POINT_CASE_PROPERTY,
     ALGO_AES,
+    ALGO_AES_CBC,
     TRAVEL_MODE_WALKING,
     TRAVEL_MODE_CYCLING,
     TRAVEL_MODE_DRIVING,
 )
 from corehq.apps.geospatial.routing_solvers import pulp
-from corehq.motech.utils import b64_aes_encrypt, b64_aes_decrypt
+from corehq.motech.utils import (
+    b64_aes_decrypt,
+    b64_aes_cbc_decrypt,
+    b64_aes_cbc_encrypt,
+)
 
 
 class GeoPolygon(models.Model):
@@ -112,9 +117,13 @@ def disbursement_solver(self):
 
     @property
     def plaintext_api_token(self):
-        if self.api_token and self.api_token.startswith(f'${ALGO_AES}$'):
-            ciphertext = self.api_token.split('$', 2)[2]
-            return b64_aes_decrypt(ciphertext)
+        if self.api_token:
+            if self.api_token.startswith(f'${ALGO_AES}$'):  # This will be deleted after migration to cbc is done
+                ciphertext = self.api_token.split('$', 2)[2]
+                return b64_aes_decrypt(ciphertext)
+            elif self.api_token.startswith(f'${ALGO_AES_CBC}$'):
+                ciphertext = self.api_token.split('$', 2)[2]
+                return b64_aes_cbc_decrypt(ciphertext)
         return self.api_token
 
     @plaintext_api_token.setter
@@ -124,9 +133,9 @@ def plaintext_api_token(self, value):
         else:
             assert isinstance(value, str), "Only string values allowed for api token"
 
-            if value and not value.startswith(f'${ALGO_AES}$'):
-                ciphertext = b64_aes_encrypt(value)
-                self.api_token = f'${ALGO_AES}${ciphertext}'
+            if value and not value.startswith(f'${ALGO_AES_CBC}$'):
+                ciphertext = b64_aes_cbc_encrypt(value)
+                self.api_token = f'${ALGO_AES_CBC}${ciphertext}'
             else:
                 raise Exception("Unexpected value set for plaintext api token")
 

corehq/apps/geospatial/tests/test_models.py

@@ -2,7 +2,7 @@
 
 from django.test import TestCase
 
-from ..const import GPS_POINT_CASE_PROPERTY, ALGO_AES
+from ..const import GPS_POINT_CASE_PROPERTY, ALGO_AES_CBC
 from ..models import GeoConfig
 from ..utils import get_geo_case_property
 
@@ -25,7 +25,7 @@ def test_geo_config_api_token(self):
         with self.get_geo_config() as config:
             config.plaintext_api_token = '1234'
             self.assertEqual(config.plaintext_api_token, '1234')
-            self.assertTrue(config.api_token.startswith(f"${ALGO_AES}$"))
+            self.assertTrue(config.api_token.startswith(f"${ALGO_AES_CBC}$"))
 
             config.plaintext_api_token = None
             self.assertEqual(config.plaintext_api_token, None)
@@ -48,7 +48,7 @@ def test_geo_config_api_token_cannot_be_empty(self):
     def test_geo_config_api_token_cannot_start_with_encryption_str(self):
         with self.assertRaises(Exception) as context:
             with self.get_geo_config() as config:
-                config.plaintext_api_token = f"${ALGO_AES}$1234"
+                config.plaintext_api_token = f"${ALGO_AES_CBC}$1234"
 
         self.assertEqual(str(context.exception), "Unexpected value set for plaintext api token")