From 34c67eb46acd1a52d739f36bfa37f95f44898256 Mon Sep 17 00:00:00 2001
From: Fabian <fmenges@twitter.com>
Date: Tue, 9 Jan 2018 10:45:51 -0500
Subject: [PATCH] Moving the custom_password_store out of Database class

---
 superset/models/core.py | 9 +++++----
 tests/core_tests.py     | 4 +++-
 2 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/superset/models/core.py b/superset/models/core.py
index f2ca42bb13a7c..413f85bf99c81 100644
--- a/superset/models/core.py
+++ b/superset/models/core.py
@@ -41,6 +41,7 @@
 from urllib import parse  # noqa
 
 config = app.config
+custom_password_store = config.get('SQLALCHEMY_CUSTOM_PASSWORD_STORE')
 stats_logger = config.get('STATS_LOGGER')
 metadata = Model.metadata  # pylint: disable=no-member
 
@@ -567,7 +568,7 @@ class Database(Model, AuditMixinNullable, ImportMixin):
     }
     """))
     perm = Column(String(1000))
-    custom_password_store = config.get('SQLALCHEMY_CUSTOM_PASSWORD_STORE')
+
     impersonate_user = Column(Boolean, default=False)
     export_fields = ('database_name', 'sqlalchemy_uri', 'cache_timeout',
                      'expose_in_sqllab', 'allow_run_sync', 'allow_run_async',
@@ -611,7 +612,7 @@ def get_password_masked_url(cls, url):
 
     def set_sqlalchemy_uri(self, uri):
         conn = sqla.engine.url.make_url(uri.strip())
-        if conn.password != PASSWORD_MASK and not self.custom_password_store:
+        if conn.password != PASSWORD_MASK and not custom_password_store:
             # do not over-write the password with the password mask
             self.password = conn.password
         conn.password = PASSWORD_MASK if conn.password else None
@@ -803,8 +804,8 @@ def get_foreign_keys(self, table_name, schema=None):
     @property
     def sqlalchemy_uri_decrypted(self):
         conn = sqla.engine.url.make_url(self.sqlalchemy_uri)
-        if self.custom_password_store:
-            conn.password = self.custom_password_store(conn)
+        if custom_password_store:
+            conn.password = custom_password_store(conn)
         else:
             conn.password = self.password
         return str(conn)
diff --git a/tests/core_tests.py b/tests/core_tests.py
index 2d73cf79618df..8415465ae6d86 100644
--- a/tests/core_tests.py
+++ b/tests/core_tests.py
@@ -315,11 +315,13 @@ def test_custom_password_store(self):
         def custom_password_store(uri):
             return 'password_store_test'
 
-        database.custom_password_store = custom_password_store
+        models.custom_password_store = custom_password_store
         conn = sqla.engine.url.make_url(database.sqlalchemy_uri_decrypted)
         if conn_pre.password:
             assert conn.password == 'password_store_test'
             assert conn.password != conn_pre.password
+        # Disable for password store for later tests
+        models.custom_password_store = None
 
     def test_databaseview_edit(self, username='admin'):
         # validate that sending a password-masked uri does not over-write the decrypted