Merge pull request #277 from xrmx/wrongkey

Add more hints when decrypting AES with an invalid key
kvesteri · Sep 1, 2017 · fade68c · fade68c
2 parents 017d0c6 + dd694fe
commit fade68c
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 1 deletion.
diff --git a/sqlalchemy_utils/types/encrypted.py b/sqlalchemy_utils/types/encrypted.py
@@ -94,7 +94,10 @@ def decrypt(self, value):
         decrypted = decryptor.update(decrypted) + decryptor.finalize()
         decrypted = decrypted.rstrip(self.PADDING)
         if not isinstance(decrypted, six.string_types):
-            decrypted = decrypted.decode('utf-8')
+            try:
+                decrypted = decrypted.decode('utf-8')
+            except UnicodeDecodeError:
+                raise ValueError('Invalid decryption key')
         return decrypted
 
 

diff --git a/tests/types/test_encrypted.py b/tests/types/test_encrypted.py
@@ -325,6 +325,16 @@ def test_lookup_by_encrypted_string(self, session, User, user, user_name):
 
         assert test.username == user.username
 
+    def test_decrypt_raises_value_error_with_invalid_key(self, session, Team):
+        self._team_key = 'one'
+        team = Team(key=self._team_key, name=u'One')
+        session.add(team)
+        session.commit()
+
+        self._team_key = 'notone'
+        with pytest.raises(ValueError):
+            assert team.name == u'One'
+
 
 class TestFernetEncryptedTypeTestCase(EncryptedTypeTestCase):