From 584b8109a0c8881d0195dccfc39f9571f380a80b Mon Sep 17 00:00:00 2001
From: Jeremy Stretch <stretch@packetlife.net>
Date: Thu, 3 Dec 2020 15:22:44 -0500
Subject: [PATCH] Fixes #5408: Fix updating secrets without setting new
 plaintext

---
 docs/release-notes/version-2.9.md |  1 +
 netbox/secrets/views.py           | 26 +++++++++++++-------------
 2 files changed, 14 insertions(+), 13 deletions(-)

diff --git a/docs/release-notes/version-2.9.md b/docs/release-notes/version-2.9.md
index 652f6d254db..7411ab14981 100644
--- a/docs/release-notes/version-2.9.md
+++ b/docs/release-notes/version-2.9.md
@@ -7,6 +7,7 @@
 * [#5383](https://github.com/netbox-community/netbox/issues/5383) - Fix setting user password via REST API
 * [#5396](https://github.com/netbox-community/netbox/issues/5396) - Fix uniqueness constraint for virtual machine names
 * [#5407](https://github.com/netbox-community/netbox/issues/5407) - Add direct link to secret on secrets list
+* [#5408](https://github.com/netbox-community/netbox/issues/5408) - Fix updating secrets without setting new plaintext
 
 ---
 
diff --git a/netbox/secrets/views.py b/netbox/secrets/views.py
index e95392dfc39..24138e0e4dc 100644
--- a/netbox/secrets/views.py
+++ b/netbox/secrets/views.py
@@ -108,13 +108,14 @@ def post(self, request, *args, **kwargs):
 
         if form.is_valid():
             logger.debug("Form validation was successful")
+            secret = form.save(commit=False)
 
-            # We must have a session key in order to create a secret or update the plaintext of an existing secret
-            if (form.cleaned_data['plaintext'] or secret.pk is None) and session_key is None:
+            # We must have a session key in order to set the plaintext of a Secret
+            if form.cleaned_data['plaintext'] and session_key is None:
                 logger.debug("Unable to proceed: No session key was provided with the request")
                 form.add_error(None, "No session key was provided with the request. Unable to encrypt secret data.")
 
-            else:
+            elif form.cleaned_data['plaintext']:
                 master_key = None
                 try:
                     sk = SessionKey.objects.get(userkey__user=request.user)
@@ -125,19 +126,18 @@ def post(self, request, *args, **kwargs):
 
                 if master_key is not None:
                     logger.debug("Successfully resolved master key for encryption")
-                    secret = form.save(commit=False)
-                    if form.cleaned_data['plaintext']:
-                        secret.plaintext = str(form.cleaned_data['plaintext'])
+                    secret.plaintext = str(form.cleaned_data['plaintext'])
                     secret.encrypt(master_key)
-                    secret.save()
-                    form.save_m2m()
 
-                    msg = '{} secret'.format('Created' if not form.instance.pk else 'Modified')
-                    logger.info(f"{msg} {secret} (PK: {secret.pk})")
-                    msg = '{} <a href="{}">{}</a>'.format(msg, secret.get_absolute_url(), escape(secret))
-                    messages.success(request, mark_safe(msg))
+            secret.save()
+            form.save_m2m()
+
+            msg = '{} secret'.format('Created' if not form.instance.pk else 'Modified')
+            logger.info(f"{msg} {secret} (PK: {secret.pk})")
+            msg = f'{msg} <a href="{secret.get_absolute_url()}">{escape(secret)}</a>'
+            messages.success(request, mark_safe(msg))
 
-                    return redirect(self.get_return_url(request, secret))
+            return redirect(self.get_return_url(request, secret))
 
         else:
             logger.debug("Form validation failed")