Do not double encrypt a protected password field

https://bugzilla.redhat.com/show_bug.cgi?id=1602883
eclarizio · Sep 28, 2018 · 2496b78 · 2496b78
1 parent 0f55ac5
commit 2496b78
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 1 deletion.
diff --git a/app/models/dialog_field_text_box.rb b/app/models/dialog_field_text_box.rb
@@ -31,7 +31,7 @@ def value_from_dialog_fields(dialog_values)
 
   def automate_output_value
     return nil if @value.nil?
-    return MiqPassword.encrypt(@value) if self.protected?
+    return MiqPassword.encrypt(@value) if self.protected? && !value_is_already_encrypted?
     convert_value_to_type
   end
 
@@ -89,4 +89,8 @@ def load_values_on_init?
     return true unless show_refresh_button
     load_values_on_init
   end
+
+  def value_is_already_encrypted?
+    return true if MiqPassword.encrypted?(@value)
+  end
 end
diff --git a/spec/models/dialog_field_text_box_spec.rb b/spec/models/dialog_field_text_box_spec.rb
@@ -118,6 +118,18 @@
     it "#automate_key_name" do
       expect(df.automate_key_name).to eq("password::dialog_test field")
     end
+
+    context "when the value is already encrypted" do
+      before do
+        allow(MiqPassword).to receive(:encrypted?).and_return(true)
+      end
+
+      it "does not double encrypt it" do
+        df.value = MiqPassword.encrypt("test")
+
+        expect(df.automate_output_value).to be_encrypted("test")
+      end
+    end
   end
 
   context "validation" do