@@ -37,15 +37,32 @@ def _get_or_create_encryption_key(self) -> bytes:
3737 except Exception as e :
3838 logger .error (f"Invalid ENCRYPTION_KEY in environment: { str (e )} )
3939
40- key_file = 'totp_encryption.key'
40+ # Use absolute path to ensure key is found regardless of working directory
41+ # Key file should be in the backend root directory (parent of models directory)
42+ current_dir = os .path .dirname (os .path .abspath (__file__ ))
43+ backend_dir = os .path .dirname (current_dir )
44+ key_file = os .path .join (backend_dir , 'totp_encryption.key' )
45+
4146 if os .path .exists (key_file ):
4247 with open (key_file , 'rb' ) as f :
43- return f .read ()
48+ key = f .read ()
49+ # Validate key to ensure it's not corrupt
50+ try :
51+ from cryptography .fernet import Fernet
52+ Fernet (key )
53+ return key
54+ except Exception as e :
55+ logger .error (f"Invalid encryption key in { key_file } { e } )
56+ return key
4457 else :
4558 from cryptography .fernet import Fernet
4659 key = Fernet .generate_key ()
47- with open (key_file , 'wb' ) as f :
48- f .write (key )
60+ try :
61+ with open (key_file , 'wb' ) as f :
62+ f .write (key )
63+ logger .info (f"Generated new encryption key at { key_file } )
64+ except Exception as e :
65+ logger .error (f"Failed to write encryption key to { key_file } { e } )
4966 return key
5067
5168 def _encrypt_totp_secret (self , secret : str ) -> str :
@@ -58,7 +75,10 @@ def _decrypt_totp_secret(self, encrypted_secret: str) -> str:
5875 try :
5976 f = Fernet (self .encryption_key )
6077 return f .decrypt (encrypted_secret .encode ()).decode ()
61- except Exception :
78+ except Exception as e :
79+ import logging
80+ logger = logging .getLogger (__name__ )
81+ logger .error (f"Failed to decrypt TOTP secret: { str (e )} )
6282 return None
6383
6484 def create_user (self , username : str , email : str , password : Optional [str ] = None ,
0 commit comments