Python Zen (and security) violation

[levigross]

The Python Zen states

Errors should never pass silently.
Unless explicitly silenced.

The following code

        if isinstance(value, basestring):
            try:
                value = decrypt_str(value)
            except cryptography.fernet.InvalidToken:
                pass

Is silent if the decryption process fails. It should not be as there is no good reason for the encryption process to fail (and if it does it is important to let the user know).

I would change this code to raise a SuspiciousOperation exception.

https://docs.djangoproject.com/en/1.8/ref/exceptions/#suspiciousoperation

[LucasRoesler]

The one nice thing of it failing silently, is that it allows you to change the field type to the encrypted field while still reading older unencrypted values. Raising an error might make it a little bit more difficult to migrate old columns.

[levigross]

But it is the right thing to do. The Pythonic way...