From 584b8109a0c8881d0195dccfc39f9571f380a80b Mon Sep 17 00:00:00 2001 From: Jeremy Stretch <stretch@packetlife.net> Date: Thu, 3 Dec 2020 15:22:44 -0500 Subject: [PATCH] Fixes #5408: Fix updating secrets without setting new plaintext --- docs/release-notes/version-2.9.md | 1 + netbox/secrets/views.py | 26 +++++++++++++------------- 2 files changed, 14 insertions(+), 13 deletions(-) diff --git a/docs/release-notes/version-2.9.md b/docs/release-notes/version-2.9.md index 652f6d254db..7411ab14981 100644 --- a/docs/release-notes/version-2.9.md +++ b/docs/release-notes/version-2.9.md @@ -7,6 +7,7 @@ * [#5383](https://github.com/netbox-community/netbox/issues/5383) - Fix setting user password via REST API * [#5396](https://github.com/netbox-community/netbox/issues/5396) - Fix uniqueness constraint for virtual machine names * [#5407](https://github.com/netbox-community/netbox/issues/5407) - Add direct link to secret on secrets list +* [#5408](https://github.com/netbox-community/netbox/issues/5408) - Fix updating secrets without setting new plaintext --- diff --git a/netbox/secrets/views.py b/netbox/secrets/views.py index e95392dfc39..24138e0e4dc 100644 --- a/netbox/secrets/views.py +++ b/netbox/secrets/views.py @@ -108,13 +108,14 @@ def post(self, request, *args, **kwargs): if form.is_valid(): logger.debug("Form validation was successful") + secret = form.save(commit=False) - # We must have a session key in order to create a secret or update the plaintext of an existing secret - if (form.cleaned_data['plaintext'] or secret.pk is None) and session_key is None: + # We must have a session key in order to set the plaintext of a Secret + if form.cleaned_data['plaintext'] and session_key is None: logger.debug("Unable to proceed: No session key was provided with the request") form.add_error(None, "No session key was provided with the request. Unable to encrypt secret data.") - else: + elif form.cleaned_data['plaintext']: master_key = None try: sk = SessionKey.objects.get(userkey__user=request.user) @@ -125,19 +126,18 @@ def post(self, request, *args, **kwargs): if master_key is not None: logger.debug("Successfully resolved master key for encryption") - secret = form.save(commit=False) - if form.cleaned_data['plaintext']: - secret.plaintext = str(form.cleaned_data['plaintext']) + secret.plaintext = str(form.cleaned_data['plaintext']) secret.encrypt(master_key) - secret.save() - form.save_m2m() - msg = '{} secret'.format('Created' if not form.instance.pk else 'Modified') - logger.info(f"{msg} {secret} (PK: {secret.pk})") - msg = '{} <a href="{}">{}</a>'.format(msg, secret.get_absolute_url(), escape(secret)) - messages.success(request, mark_safe(msg)) + secret.save() + form.save_m2m() + + msg = '{} secret'.format('Created' if not form.instance.pk else 'Modified') + logger.info(f"{msg} {secret} (PK: {secret.pk})") + msg = f'{msg} <a href="{secret.get_absolute_url()}">{escape(secret)}</a>' + messages.success(request, mark_safe(msg)) - return redirect(self.get_return_url(request, secret)) + return redirect(self.get_return_url(request, secret)) else: logger.debug("Form validation failed")