Fix secret getting reset when decrypted in get_secret

This commit is contained in:
Jon Herron 2023-03-06 20:40:08 -05:00
parent 3cc117dbb6
commit ec53ab8717
3 changed files with 9 additions and 10 deletions

View File

@ -52,7 +52,6 @@ class SecretService:
"""Get_secret.""" """Get_secret."""
secret = db.session.query(SecretModel).filter(SecretModel.key == key).first() secret = db.session.query(SecretModel).filter(SecretModel.key == key).first()
if isinstance(secret, SecretModel): if isinstance(secret, SecretModel):
secret.value = cls._decrypt(secret.value)
return secret return secret
else: else:
raise ApiError( raise ApiError(

View File

@ -31,8 +31,8 @@ class ServiceTaskDelegate:
secret_prefix = "secret:" # noqa: S105 secret_prefix = "secret:" # noqa: S105
if value.startswith(secret_prefix): if value.startswith(secret_prefix):
key = value.removeprefix(secret_prefix) key = value.removeprefix(secret_prefix)
secret = SecretService().get_secret(key) secret = SecretService.get_secret(key)
return secret.value return SecretService._decrypt(secret.value)
file_prefix = "file:" file_prefix = "file:"
if value.startswith(file_prefix): if value.startswith(file_prefix):
@ -136,7 +136,7 @@ class ServiceTaskDelegate:
secret_key = parsed_response["auth"] secret_key = parsed_response["auth"]
refreshed_token_set = json.dumps(parsed_response["refreshed_token_set"]) refreshed_token_set = json.dumps(parsed_response["refreshed_token_set"])
user_id = g.user.id if UserService.has_user() else None user_id = g.user.id if UserService.has_user() else None
SecretService().update_secret(secret_key, refreshed_token_set, user_id) SecretService.update_secret(secret_key, refreshed_token_set, user_id)
return json.dumps(parsed_response["api_response"]) return json.dumps(parsed_response["api_response"])

View File

@ -98,7 +98,7 @@ class TestSecretService(SecretServiceTestHelpers):
secret = SecretService().get_secret(self.test_key) secret = SecretService().get_secret(self.test_key)
assert secret is not None assert secret is not None
assert secret.value == self.test_value assert SecretService._decrypt(secret.value) == self.test_value
def test_get_secret_bad_key_fails( def test_get_secret_bad_key_fails(
self, self,
@ -123,13 +123,13 @@ class TestSecretService(SecretServiceTestHelpers):
self.add_test_secret(with_super_admin_user) self.add_test_secret(with_super_admin_user)
secret = SecretService.get_secret(self.test_key) secret = SecretService.get_secret(self.test_key)
assert secret assert secret
assert secret.value == self.test_value assert SecretService._decrypt(secret.value) == self.test_value
SecretService.update_secret( SecretService.update_secret(
self.test_key, "new_secret_value", with_super_admin_user.id self.test_key, "new_secret_value", with_super_admin_user.id
) )
new_secret = SecretService.get_secret(self.test_key) new_secret = SecretService.get_secret(self.test_key)
assert new_secret assert new_secret
assert new_secret.value == "new_secret_value" # noqa: S105 assert SecretService._decrypt(new_secret.value) == "new_secret_value" # noqa: S105
def test_update_secret_bad_secret_fails( def test_update_secret_bad_secret_fails(
self, self,
@ -224,7 +224,7 @@ class TestSecretServiceApi(SecretServiceTestHelpers):
assert secret_response assert secret_response
assert secret_response.status_code == 200 assert secret_response.status_code == 200
assert secret_response.json assert secret_response.json
assert secret_response.json["value"] == self.test_value assert SecretService._decrypt(secret_response.json["value"]) == self.test_value
def test_update_secret( def test_update_secret(
self, self,
@ -237,7 +237,7 @@ class TestSecretServiceApi(SecretServiceTestHelpers):
self.add_test_secret(with_super_admin_user) self.add_test_secret(with_super_admin_user)
secret: Optional[SecretModel] = SecretService.get_secret(self.test_key) secret: Optional[SecretModel] = SecretService.get_secret(self.test_key)
assert secret assert secret
assert secret.value == self.test_value assert SecretService._decrypt(secret.value) == self.test_value
secret_model = SecretModel( secret_model = SecretModel(
key=self.test_key, key=self.test_key,
value="new_secret_value", value="new_secret_value",
@ -267,7 +267,7 @@ class TestSecretServiceApi(SecretServiceTestHelpers):
self.add_test_secret(with_super_admin_user) self.add_test_secret(with_super_admin_user)
secret = SecretService.get_secret(self.test_key) secret = SecretService.get_secret(self.test_key)
assert secret assert secret
assert secret.value == self.test_value assert SecretService._decrypt(secret.value) == self.test_value
secret_response = client.delete( secret_response = client.delete(
f"/v1.0/secrets/{self.test_key}", f"/v1.0/secrets/{self.test_key}",
headers=self.logged_in_headers(with_super_admin_user), headers=self.logged_in_headers(with_super_admin_user),