Currently, standard alfred experiments without saving agents or without ssl encrypted login data can not be executed. The source of the problem is the implementation of encryption and decryption in setup.py. Two blocks of code cause issues:
First code block causing problems:
# Fernet instance for decryption of login data
if os.path.isfile("alfred_secrect.key"):
with open("alfred_secrect.key", "rb") as keyfile:
key = keyfile.read()
else:
key = os.environ.get("ALFRED_SECRET_KEY")
try:
f = Fernet(key)
except Exception:
pass
Try-except statements should not be used without an specific exception, since this makes exception tracing and debugging very cumbersome. When no key from an environment variable or keyfile is provided (which is the standard with the current installation of alfred3), we do not get an f object and we also do not get an error message. However, the f object is not optional in the following code.
Second code block causing problems:
# MongoDB login data
# First step: Get from encrypted environment variable
try:
self.fallback_mongo_saving_agent.user = f.decrypt(os.environ.get("ALFRED__FALLBACK_MONGODB_USER").encode()).decode()
self.fallback_mongo_saving_agent.password = f.decrypt(os.environ.get("ALFRED_FALLBACK_MONGODB_PASSWORD").encode()).decode()
except (AttributeError, NameError):
print("Incomplete DB login data in environment variables. Now trying to use custom login data.")
# Second step: Get from encrypted user input, key for decryption in environment variable or keyfile in exp. directory
if config_parser.getboolean('fallback_mongo_saving_agent', 'encrypted_login_data') and config_parser.get('fallback_mongo_saving_agent', 'password'):
self.fallback_mongo_saving_agent.user = f.decrypt(config_parser.get('fallback_mongo_saving_agent', 'user').encode()).decode()
self.fallback_mongo_saving_agent.password = f.decrypt(config_parser.get('fallback_mongo_saving_agent', 'password').encode()).decode()
# Third step: Get from raw user input
elif not config_parser.getboolean('fallback_mongo_saving_agent', 'encrypted_login_data') and config_parser.get('fallback_mongo_saving_agent', 'password'):
self.fallback_mongo_saving_agent.user = config_parser.get('fallback_mongo_saving_agent', 'user')
self.fallback_mongo_saving_agent.password = config_parser.get('fallback_mongo_saving_agent', 'password')
Implementing login data decription hierarchically with an try-except statement means ignoring the relevant encrypted login data setting from config.conf. Currently, alfred will always try to decrypt information using the f object from earlier, which does not exist. As the scond Step is not put within an try-ecept-statement, alfred will always fail to read unencrypted login information.
This error stems from mixing encryption and decryption with the parsing of config.conf settings. These two processes should be strictly separated from each other, but remain both in the settings.py file. Most importantly, alfred should not engange in searching decryption keys etc. if the config.conf does not specifically call for it via the encrypted_login_data setting.
Currently, standard alfred experiments without saving agents or without ssl encrypted login data can not be executed. The source of the problem is the implementation of encryption and decryption in setup.py. Two blocks of code cause issues:
First code block causing problems:
Try-except statements should not be used without an specific exception, since this makes exception tracing and debugging very cumbersome. When no key from an environment variable or keyfile is provided (which is the standard with the current installation of alfred3), we do not get an f object and we also do not get an error message. However, the f object is not optional in the following code.
Second code block causing problems:
Implementing login data decription hierarchically with an try-except statement means ignoring the relevant encrypted login data setting from config.conf. Currently, alfred will always try to decrypt information using the f object from earlier, which does not exist. As the scond Step is not put within an try-ecept-statement, alfred will always fail to read unencrypted login information.
This error stems from mixing encryption and decryption with the parsing of config.conf settings. These two processes should be strictly separated from each other, but remain both in the settings.py file. Most importantly, alfred should not engange in searching decryption keys etc. if the config.conf does not specifically call for it via the encrypted_login_data setting.