Fix secret getting reset when decrypted in get_secret

spiffworkflow-backend/src/spiffworkflow_backend/services/secret_service.py

@@ -52,7 +52,6 @@ class SecretService:
         """Get_secret."""
         secret = db.session.query(SecretModel).filter(SecretModel.key == key).first()
         if isinstance(secret, SecretModel):
-            secret.value = cls._decrypt(secret.value)
             return secret
         else:
             raise ApiError(

spiffworkflow-backend/src/spiffworkflow_backend/services/service_task_service.py

@@ -31,8 +31,8 @@ class ServiceTaskDelegate:
             secret_prefix = "secret:"  # noqa: S105
             if value.startswith(secret_prefix):
                 key = value.removeprefix(secret_prefix)
-                secret = SecretService().get_secret(key)
-                return secret.value
+                secret = SecretService.get_secret(key)
+                return SecretService._decrypt(secret.value)
 
             file_prefix = "file:"
             if value.startswith(file_prefix):
@@ -136,7 +136,7 @@ class ServiceTaskDelegate:
             secret_key = parsed_response["auth"]
             refreshed_token_set = json.dumps(parsed_response["refreshed_token_set"])
             user_id = g.user.id if UserService.has_user() else None
-            SecretService().update_secret(secret_key, refreshed_token_set, user_id)
+            SecretService.update_secret(secret_key, refreshed_token_set, user_id)
             return json.dumps(parsed_response["api_response"])
 
 

spiffworkflow-backend/tests/spiffworkflow_backend/integration/test_secret_service.py

@@ -98,7 +98,7 @@ class TestSecretService(SecretServiceTestHelpers):
 
         secret = SecretService().get_secret(self.test_key)
         assert secret is not None
-        assert secret.value == self.test_value
+        assert SecretService._decrypt(secret.value) == self.test_value
 
     def test_get_secret_bad_key_fails(
         self,
@@ -123,13 +123,13 @@ class TestSecretService(SecretServiceTestHelpers):
         self.add_test_secret(with_super_admin_user)
         secret = SecretService.get_secret(self.test_key)
         assert secret
-        assert secret.value == self.test_value
+        assert SecretService._decrypt(secret.value) == self.test_value
         SecretService.update_secret(
             self.test_key, "new_secret_value", with_super_admin_user.id
         )
         new_secret = SecretService.get_secret(self.test_key)
         assert new_secret
-        assert new_secret.value == "new_secret_value"  # noqa: S105
+        assert SecretService._decrypt(new_secret.value) == "new_secret_value"  # noqa: S105
 
     def test_update_secret_bad_secret_fails(
         self,
@@ -224,7 +224,7 @@ class TestSecretServiceApi(SecretServiceTestHelpers):
         assert secret_response
         assert secret_response.status_code == 200
         assert secret_response.json
-        assert secret_response.json["value"] == self.test_value
+        assert SecretService._decrypt(secret_response.json["value"]) == self.test_value
 
     def test_update_secret(
         self,
@@ -237,7 +237,7 @@ class TestSecretServiceApi(SecretServiceTestHelpers):
         self.add_test_secret(with_super_admin_user)
         secret: Optional[SecretModel] = SecretService.get_secret(self.test_key)
         assert secret
-        assert secret.value == self.test_value
+        assert SecretService._decrypt(secret.value) == self.test_value
         secret_model = SecretModel(
             key=self.test_key,
             value="new_secret_value",
@@ -267,7 +267,7 @@ class TestSecretServiceApi(SecretServiceTestHelpers):
         self.add_test_secret(with_super_admin_user)
         secret = SecretService.get_secret(self.test_key)
         assert secret
-        assert secret.value == self.test_value
+        assert SecretService._decrypt(secret.value) == self.test_value
         secret_response = client.delete(
             f"/v1.0/secrets/{self.test_key}",
             headers=self.logged_in_headers(with_super_admin_user),