Warn instead of raise on decryption errors

jsmnbom · jsmnbom · commit 2edbadd0762c · 2018-08-19T13:05:45.000+02:00
Should fix updater hanging in these cases
diff --git a/telegram/passport/credentials.py b/telegram/passport/credentials.py
@@ -34,10 +34,10 @@
 except ImportError:
     CRYPTO = False
 
-from telegram import TelegramObject, TelegramError
+from telegram import TelegramObject
 
 
-class TelegramDecryptionError(TelegramError):
+class _TelegramDecryptionError(Exception):
     pass
 
 
@@ -84,7 +84,7 @@ def decrypt(secret, hash, data):
     digest.update(data)
     data_hash = digest.finalize()
     if data_hash != hash:
-        raise TelegramDecryptionError("Hashes are not equal! {} != {}".format(data_hash, hash))
+        raise _TelegramDecryptionError("Hashes are not equal! {} != {}".format(data_hash, hash))
     return data[bord(data[0]):]
 
 
@@ -139,11 +139,15 @@ def de_json(cls, data, bot):
         if isinstance(data['data'], dict):
             data['data'] = Credentials.de_json(data['data'], bot=bot)
         else:
-            data['secret'] = bot.private_key.decrypt(b64decode(data.get('secret')), OAEP(
-                mgf=MGF1(algorithm=SHA1()),
-                algorithm=SHA1(),
-                label=None
-            ))
+            try:
+                data['secret'] = bot.private_key.decrypt(b64decode(data.get('secret')), OAEP(
+                    mgf=MGF1(algorithm=SHA1()),
+                    algorithm=SHA1(),
+                    label=None
+                ))
+            except ValueError as e:
+                raise _TelegramDecryptionError(e)
+
             data['data'] = Credentials.de_json(decrypt_json(data.get('secret'),
                                                             data.get('hash'),
                                                             data.get('data')),
@@ -158,6 +162,7 @@ class Credentials(TelegramObject):
         secure_data (:class:`telegram.SecureData`): Credentials for encrypted data
         payload (:obj:`str`): Bot-specified payload
     """
+
     def __init__(self, secure_data, payload, bot=None, **kwargs):
         # Required
         self.secure_data = secure_data
@@ -202,6 +207,7 @@ class SecureData(TelegramObject):
         temporary_registration (:class:`telegram.SecureValue`, optional): Credentials for encrypted
             temporary registration
     """
+
     def __init__(self,
                  personal_details=None,
                  passport=None,
@@ -315,6 +321,7 @@ def to_dict(self):
 
 class _CredentialsBase(TelegramObject):
     """Base class for DataCredentials and FileCredentials."""
+
     def __init__(self, hash, secret, bot=None, **kwargs):
         self.hash = hash
         self.secret = secret
@@ -357,6 +364,7 @@ class DataCredentials(_CredentialsBase):
         hash (:obj:`str`): Checksum of encrypted data
         secret (:obj:`str`): Secret of encrypted data
     """
+
     def __init__(self, data_hash, secret, **kwargs):
         super(DataCredentials, self).__init__(data_hash, secret, **kwargs)
 
@@ -382,6 +390,7 @@ class FileCredentials(_CredentialsBase):
             hash (:obj:`str`): Checksum of encrypted file
             secret (:obj:`str`): Secret of encrypted file
         """
+
     def __init__(self, file_hash, secret, **kwargs):
         super(FileCredentials, self).__init__(file_hash, secret, **kwargs)
 
diff --git a/telegram/passport/passportdata.py b/telegram/passport/passportdata.py
@@ -17,8 +17,10 @@
 # You should have received a copy of the GNU Lesser Public License
 # along with this program.  If not, see [http://www.gnu.org/licenses/].
 """Contains information about Telegram Passport data shared with the bot by the user."""
+import warnings
 
 from telegram import EncryptedCredentials, EncryptedPassportElement, TelegramObject
+from telegram.passport.credentials import _TelegramDecryptionError
 
 
 class PassportData(TelegramObject):
@@ -54,11 +56,20 @@ def de_json(cls, data, bot):
         if not data:
             return None
 
-        data = super(PassportData, cls).de_json(data, bot)
-        credentials = data['credentials'] = EncryptedCredentials.de_json(data.get('credentials'),
-                                                                         bot)
-        data['data'] = EncryptedPassportElement.de_list(data.get('data'), bot,
-                                                        credentials=credentials)
+        if not hasattr(bot, 'private_key'):
+            warnings.warn('Received update with PassportData but no private key is specified! '
+                          'See https://git.io/fAvYd for more info.')
+            return None
+
+        try:
+            data = super(PassportData, cls).de_json(data, bot)
+            data['credentials'] = EncryptedCredentials.de_json(data.get('credentials'), bot)
+            data['data'] = EncryptedPassportElement.de_list(data.get('data'), bot,
+                                                            credentials=data['credentials'])
+        except _TelegramDecryptionError as e:
+            warnings.warn('Telegram passport decryption error: {} '
+                          'See https://git.io/fAvYd for more info.'.format(e))
+            return None
 
         return cls(bot=bot, **data)
 
