paperless-ngx/src/documents/management/commands/decrypt_documents.py

from pathlib import Path

from django.conf import settings
from django.core.management.base import BaseCommand
from django.core.management.base import CommandError

from documents.models import Document
from paperless.db import GnuPG


class Command(BaseCommand):
    help = (
        "This is how you migrate your stored documents from an encrypted "
        "state to an unencrypted one (or vice-versa)"
    )

    def add_arguments(self, parser) -> None:
        parser.add_argument(
            "--passphrase",
            help=(
                "If PAPERLESS_PASSPHRASE isn't set already, you need to "
                "specify it here"
            ),
        )

    def handle(self, *args, **options) -> None:
        try:
            self.stdout.write(
                self.style.WARNING(
                    "\n\n"
                    "WARNING: This script is going to work directly on your "
                    "document originals, so\n"
                    "WARNING: you probably shouldn't run "
                    "this unless you've got a recent backup\n"
                    "WARNING: handy.  It "
                    "*should* work without a hitch, but be safe and backup your\n"
                    "WARNING: stuff first.\n\n"
                    "Hit Ctrl+C to exit now, or Enter to "
                    "continue.\n\n",
                ),
            )
            _ = input()
        except KeyboardInterrupt:
            return

        passphrase = options["passphrase"] or settings.PASSPHRASE
        if not passphrase:
            raise CommandError(
                "Passphrase not defined.  Please set it with --passphrase or "
                "by declaring it in your environment or your config.",
            )

        self.__gpg_to_unencrypted(passphrase)

    def __gpg_to_unencrypted(self, passphrase: str) -> None:
        encrypted_files = Document.objects.filter(
            storage_type=Document.STORAGE_TYPE_GPG,
        )

        for document in encrypted_files:
            self.stdout.write(f"Decrypting {document}")

            old_paths = [document.source_path, document.thumbnail_path]

            with document.source_file as file_handle:
                raw_document = GnuPG.decrypted(file_handle, passphrase)
            with document.thumbnail_file as file_handle:
                raw_thumb = GnuPG.decrypted(file_handle, passphrase)

            document.storage_type = Document.STORAGE_TYPE_UNENCRYPTED

            ext: str = Path(document.filename).suffix

            if not ext == ".gpg":
                raise CommandError(
                    f"Abort: encrypted file {document.source_path} does not "
                    f"end with .gpg",
                )

            document.filename = Path(document.filename).stem

            with document.source_path.open("wb") as f:
                f.write(raw_document)

            with document.thumbnail_path.open("wb") as f:
                f.write(raw_thumb)

            Document.objects.filter(id=document.id).update(
                storage_type=document.storage_type,
                filename=document.filename,
            )

            for path in old_paths:
                path.unlink()
Chore: Switch from os.path to pathlib.Path (#8325) --------- Co-authored-by: shamoon <4887959+shamoon@users.noreply.github.com> 2025-01-06 21:12:27 +01:00			`from pathlib import Path`
Add script to (de\|en)crypt all documents 2018-05-27 23:20:33 +01:00
			`from django.conf import settings`
Runs the pre-commit hooks over all the Python files 2022-03-11 10:55:51 -08:00			`from django.core.management.base import BaseCommand`
			`from django.core.management.base import CommandError`
Fixes ruff not running isort against the codebase 2023-04-20 08:10:17 -07:00
Add script to (de\|en)crypt all documents 2018-05-27 23:20:33 +01:00			`from documents.models import Document`
			`from paperless.db import GnuPG`


			`class Command(BaseCommand):`
			`help = (`
			`"This is how you migrate your stored documents from an encrypted "`
			`"state to an unencrypted one (or vice-versa)"`
			`)`

Chore: Switch from os.path to pathlib.Path (#8325) --------- Co-authored-by: shamoon <4887959+shamoon@users.noreply.github.com> 2025-01-06 21:12:27 +01:00			`def add_arguments(self, parser) -> None:`
Add script to (de\|en)crypt all documents 2018-05-27 23:20:33 +01:00			`parser.add_argument(`
			`"--passphrase",`
Chore: Cleanup command arguments and standardize process count handling (#4541) Cleans up some command help text and adds more control over process count for command with a Pool 2023-11-09 11:46:37 -08:00			`help=(`
			`"If PAPERLESS_PASSPHRASE isn't set already, you need to "`
			`"specify it here"`
			`),`
Add script to (de\|en)crypt all documents 2018-05-27 23:20:33 +01:00			`)`

Chore: Switch from os.path to pathlib.Path (#8325) --------- Co-authored-by: shamoon <4887959+shamoon@users.noreply.github.com> 2025-01-06 21:12:27 +01:00			`def handle(self, args, *options) -> None:`
Add script to (de\|en)crypt all documents 2018-05-27 23:20:33 +01:00			`try:`
Chore: Cleanup command arguments and standardize process count handling (#4541) Cleans up some command help text and adds more control over process count for command with a Pool 2023-11-09 11:46:37 -08:00			`self.stdout.write(`
			`self.style.WARNING(`
			`"\n\n"`
			`"WARNING: This script is going to work directly on your "`
			`"document originals, so\n"`
			`"WARNING: you probably shouldn't run "`
			`"this unless you've got a recent backup\n"`
			`"WARNING: handy. It "`
			`"should work without a hitch, but be safe and backup your\n"`
			`"WARNING: stuff first.\n\n"`
			`"Hit Ctrl+C to exit now, or Enter to "`
			`"continue.\n\n",`
			`),`
fixes the decryption command not working. 2020-12-16 19:50:38 +01:00			`)`
Runs the pre-commit hooks over all the Python files 2022-03-11 10:55:51 -08:00			`_ = input()`
Add script to (de\|en)crypt all documents 2018-05-27 23:20:33 +01:00			`except KeyboardInterrupt:`
			`return`

			`passphrase = options["passphrase"] or settings.PASSPHRASE`
			`if not passphrase:`
			`raise CommandError(`
			`"Passphrase not defined. Please set it with --passphrase or "`
Runs the pre-commit hooks over all the Python files 2022-03-11 10:55:51 -08:00			`"by declaring it in your environment or your config.",`
Add script to (de\|en)crypt all documents 2018-05-27 23:20:33 +01:00			`)`

Removed ability to encrypt documents. 2020-11-25 20:22:56 +01:00			`self.__gpg_to_unencrypted(passphrase)`
Add script to (de\|en)crypt all documents 2018-05-27 23:20:33 +01:00
Chore: Switch from os.path to pathlib.Path (#8325) --------- Co-authored-by: shamoon <4887959+shamoon@users.noreply.github.com> 2025-01-06 21:12:27 +01:00			`def __gpg_to_unencrypted(self, passphrase: str) -> None:`
Add script to (de\|en)crypt all documents 2018-05-27 23:20:33 +01:00			`encrypted_files = Document.objects.filter(`
Runs the pre-commit hooks over all the Python files 2022-03-11 10:55:51 -08:00			`storage_type=Document.STORAGE_TYPE_GPG,`
Format Python code with black 2022-02-27 15:26:41 +01:00			`)`
Add script to (de\|en)crypt all documents 2018-05-27 23:20:33 +01:00
			`for document in encrypted_files:`
Chore: Cleanup command arguments and standardize process count handling (#4541) Cleans up some command help text and adds more control over process count for command with a Pool 2023-11-09 11:46:37 -08:00			`self.stdout.write(f"Decrypting {document}")`
Add script to (de\|en)crypt all documents 2018-05-27 23:20:33 +01:00
			`old_paths = [document.source_path, document.thumbnail_path]`
fixed the decryption code, but its still untested. 2020-11-25 21:10:50 +01:00
Reduces number of warnings from testing from 165 to 128. In doing so, fixes a few minor things in the decrypt and export commands 2022-03-07 16:13:20 -08:00			`with document.source_file as file_handle:`
			`raw_document = GnuPG.decrypted(file_handle, passphrase)`
			`with document.thumbnail_file as file_handle:`
			`raw_thumb = GnuPG.decrypted(file_handle, passphrase)`
Add script to (de\|en)crypt all documents 2018-05-27 23:20:33 +01:00
			`document.storage_type = Document.STORAGE_TYPE_UNENCRYPTED`

Chore: Switch from os.path to pathlib.Path (#8325) --------- Co-authored-by: shamoon <4887959+shamoon@users.noreply.github.com> 2025-01-06 21:12:27 +01:00			`ext: str = Path(document.filename).suffix`
fixed the decryption code, but its still untested. 2020-11-25 21:10:50 +01:00
Format Python code with black 2022-02-27 15:26:41 +01:00			`if not ext == ".gpg":`
fixed the decryption code, but its still untested. 2020-11-25 21:10:50 +01:00			`raise CommandError(`
			`f"Abort: encrypted file {document.source_path} does not "`
Runs the pre-commit hooks over all the Python files 2022-03-11 10:55:51 -08:00			`f"end with .gpg",`
Format Python code with black 2022-02-27 15:26:41 +01:00			`)`
fixed the decryption code, but its still untested. 2020-11-25 21:10:50 +01:00
Chore: Switch from os.path to pathlib.Path (#8325) --------- Co-authored-by: shamoon <4887959+shamoon@users.noreply.github.com> 2025-01-06 21:12:27 +01:00			`document.filename = Path(document.filename).stem`
fixed the decryption code, but its still untested. 2020-11-25 21:10:50 +01:00
Chore: Switch from os.path to pathlib.Path (#8325) --------- Co-authored-by: shamoon <4887959+shamoon@users.noreply.github.com> 2025-01-06 21:12:27 +01:00			`with document.source_path.open("wb") as f:`
Add script to (de\|en)crypt all documents 2018-05-27 23:20:33 +01:00			`f.write(raw_document)`

Chore: Switch from os.path to pathlib.Path (#8325) --------- Co-authored-by: shamoon <4887959+shamoon@users.noreply.github.com> 2025-01-06 21:12:27 +01:00			`with document.thumbnail_path.open("wb") as f:`
Add script to (de\|en)crypt all documents 2018-05-27 23:20:33 +01:00			`f.write(raw_thumb)`

fixed test case. fixed bug with the decryption logic. 2020-12-09 13:27:02 +01:00			`Document.objects.filter(id=document.id).update(`
Runs the pre-commit hooks over all the Python files 2022-03-11 10:55:51 -08:00			`storage_type=document.storage_type,`
			`filename=document.filename,`
Format Python code with black 2022-02-27 15:26:41 +01:00			`)`
Add script to (de\|en)crypt all documents 2018-05-27 23:20:33 +01:00
			`for path in old_paths:`
Chore: Switch from os.path to pathlib.Path (#8325) --------- Co-authored-by: shamoon <4887959+shamoon@users.noreply.github.com> 2025-01-06 21:12:27 +01:00			`path.unlink()`