Fix secret getting reset when decrypted in get_secret
This commit is contained in:
parent
3cc117dbb6
commit
ec53ab8717
|
@ -52,7 +52,6 @@ class SecretService:
|
||||||
"""Get_secret."""
|
"""Get_secret."""
|
||||||
secret = db.session.query(SecretModel).filter(SecretModel.key == key).first()
|
secret = db.session.query(SecretModel).filter(SecretModel.key == key).first()
|
||||||
if isinstance(secret, SecretModel):
|
if isinstance(secret, SecretModel):
|
||||||
secret.value = cls._decrypt(secret.value)
|
|
||||||
return secret
|
return secret
|
||||||
else:
|
else:
|
||||||
raise ApiError(
|
raise ApiError(
|
||||||
|
|
|
@ -31,8 +31,8 @@ class ServiceTaskDelegate:
|
||||||
secret_prefix = "secret:" # noqa: S105
|
secret_prefix = "secret:" # noqa: S105
|
||||||
if value.startswith(secret_prefix):
|
if value.startswith(secret_prefix):
|
||||||
key = value.removeprefix(secret_prefix)
|
key = value.removeprefix(secret_prefix)
|
||||||
secret = SecretService().get_secret(key)
|
secret = SecretService.get_secret(key)
|
||||||
return secret.value
|
return SecretService._decrypt(secret.value)
|
||||||
|
|
||||||
file_prefix = "file:"
|
file_prefix = "file:"
|
||||||
if value.startswith(file_prefix):
|
if value.startswith(file_prefix):
|
||||||
|
@ -136,7 +136,7 @@ class ServiceTaskDelegate:
|
||||||
secret_key = parsed_response["auth"]
|
secret_key = parsed_response["auth"]
|
||||||
refreshed_token_set = json.dumps(parsed_response["refreshed_token_set"])
|
refreshed_token_set = json.dumps(parsed_response["refreshed_token_set"])
|
||||||
user_id = g.user.id if UserService.has_user() else None
|
user_id = g.user.id if UserService.has_user() else None
|
||||||
SecretService().update_secret(secret_key, refreshed_token_set, user_id)
|
SecretService.update_secret(secret_key, refreshed_token_set, user_id)
|
||||||
return json.dumps(parsed_response["api_response"])
|
return json.dumps(parsed_response["api_response"])
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -98,7 +98,7 @@ class TestSecretService(SecretServiceTestHelpers):
|
||||||
|
|
||||||
secret = SecretService().get_secret(self.test_key)
|
secret = SecretService().get_secret(self.test_key)
|
||||||
assert secret is not None
|
assert secret is not None
|
||||||
assert secret.value == self.test_value
|
assert SecretService._decrypt(secret.value) == self.test_value
|
||||||
|
|
||||||
def test_get_secret_bad_key_fails(
|
def test_get_secret_bad_key_fails(
|
||||||
self,
|
self,
|
||||||
|
@ -123,13 +123,13 @@ class TestSecretService(SecretServiceTestHelpers):
|
||||||
self.add_test_secret(with_super_admin_user)
|
self.add_test_secret(with_super_admin_user)
|
||||||
secret = SecretService.get_secret(self.test_key)
|
secret = SecretService.get_secret(self.test_key)
|
||||||
assert secret
|
assert secret
|
||||||
assert secret.value == self.test_value
|
assert SecretService._decrypt(secret.value) == self.test_value
|
||||||
SecretService.update_secret(
|
SecretService.update_secret(
|
||||||
self.test_key, "new_secret_value", with_super_admin_user.id
|
self.test_key, "new_secret_value", with_super_admin_user.id
|
||||||
)
|
)
|
||||||
new_secret = SecretService.get_secret(self.test_key)
|
new_secret = SecretService.get_secret(self.test_key)
|
||||||
assert new_secret
|
assert new_secret
|
||||||
assert new_secret.value == "new_secret_value" # noqa: S105
|
assert SecretService._decrypt(new_secret.value) == "new_secret_value" # noqa: S105
|
||||||
|
|
||||||
def test_update_secret_bad_secret_fails(
|
def test_update_secret_bad_secret_fails(
|
||||||
self,
|
self,
|
||||||
|
@ -224,7 +224,7 @@ class TestSecretServiceApi(SecretServiceTestHelpers):
|
||||||
assert secret_response
|
assert secret_response
|
||||||
assert secret_response.status_code == 200
|
assert secret_response.status_code == 200
|
||||||
assert secret_response.json
|
assert secret_response.json
|
||||||
assert secret_response.json["value"] == self.test_value
|
assert SecretService._decrypt(secret_response.json["value"]) == self.test_value
|
||||||
|
|
||||||
def test_update_secret(
|
def test_update_secret(
|
||||||
self,
|
self,
|
||||||
|
@ -237,7 +237,7 @@ class TestSecretServiceApi(SecretServiceTestHelpers):
|
||||||
self.add_test_secret(with_super_admin_user)
|
self.add_test_secret(with_super_admin_user)
|
||||||
secret: Optional[SecretModel] = SecretService.get_secret(self.test_key)
|
secret: Optional[SecretModel] = SecretService.get_secret(self.test_key)
|
||||||
assert secret
|
assert secret
|
||||||
assert secret.value == self.test_value
|
assert SecretService._decrypt(secret.value) == self.test_value
|
||||||
secret_model = SecretModel(
|
secret_model = SecretModel(
|
||||||
key=self.test_key,
|
key=self.test_key,
|
||||||
value="new_secret_value",
|
value="new_secret_value",
|
||||||
|
@ -267,7 +267,7 @@ class TestSecretServiceApi(SecretServiceTestHelpers):
|
||||||
self.add_test_secret(with_super_admin_user)
|
self.add_test_secret(with_super_admin_user)
|
||||||
secret = SecretService.get_secret(self.test_key)
|
secret = SecretService.get_secret(self.test_key)
|
||||||
assert secret
|
assert secret
|
||||||
assert secret.value == self.test_value
|
assert SecretService._decrypt(secret.value) == self.test_value
|
||||||
secret_response = client.delete(
|
secret_response = client.delete(
|
||||||
f"/v1.0/secrets/{self.test_key}",
|
f"/v1.0/secrets/{self.test_key}",
|
||||||
headers=self.logged_in_headers(with_super_admin_user),
|
headers=self.logged_in_headers(with_super_admin_user),
|
||||||
|
|
Loading…
Reference in New Issue