fix(calendar): avoid double-encrypting CalDAV password

cfg is loaded from prefs and already holds the existing, already-encrypted password. When the edit form was re-submitted without re-typing the password, the elif branch called encrypt() on that stored ciphertext, compounding the encryption on every save and eventually breaking sync with a decrypt error. Drop the elif branch: the stored value is preserved as-is, and we only encrypt when a new password is actually supplied. Fixes #1915 Co-authored-by: EkaTantra Dev <dev@ekatantra.com>
2026-06-04 03:29:40 +05:30
parent 7c7ac1021a
commit c58cb067f2
1 changed files with 3 additions and 3 deletions
--- a/routes/calendar_routes.py
+++ b/routes/calendar_routes.py
@@ -598,12 +598,12 @@ def setup_calendar_routes() -> APIRouter:
        cfg["username"] = (body.get("username") or "").strip()
        # Preserve the stored password when the client sends an empty
        # one (edit form re-submitted without re-typing the password).
+        # cfg already holds the existing (already-encrypted) password from
+        # prefs, so we only touch it when a new password is supplied —
+        # re-encrypting the stored value would double-encrypt it.
        if body.get("password"):
            from src.secret_storage import encrypt
            cfg["password"] = encrypt(body["password"])
-        elif cfg.get("password"):
-            from src.secret_storage import encrypt
-            cfg["password"] = encrypt(cfg["password"])
        prefs["caldav"] = cfg
        _save_for_user(owner, prefs)
        return {"ok": True}