From 4561ec7985c94a5a31fdf2ec47c2170233efb1b3 Mon Sep 17 00:00:00 2001
From: Jeremy Stretch <jstretch@digitalocean.com>
Date: Wed, 6 Apr 2016 11:22:36 -0400
Subject: [PATCH] Modified the secrets API to accept a private key passed as a
 GET request body (instead of POSTing)

---
 netbox/secrets/api/views.py | 24 +++++++++++-------------
 1 file changed, 11 insertions(+), 13 deletions(-)

diff --git a/netbox/secrets/api/views.py b/netbox/secrets/api/views.py
index 2633bc25a..e0eda087f 100644
--- a/netbox/secrets/api/views.py
+++ b/netbox/secrets/api/views.py
@@ -43,9 +43,11 @@ class SecretRoleDetailView(generics.RetrieveAPIView):
 
 class SecretListView(generics.GenericAPIView):
     """
-    List secrets (filterable). If a private key is POSTed, attempt to decrypt each Secret.
+    List secrets (filterable). If a private key is provided in the GET body, attempt to decrypt each Secret.
+
+      e.g. curl -X GET http://netbox/api/secrets/secrets/ --data-binary "@/path/to/private_key"
     """
-    queryset = Secret.objects.select_related('device', 'role')
+    queryset = Secret.objects.select_related('device__primary_ip', 'role')
     serializer_class = SecretSerializer
     filter_class = SecretFilter
     permission_classes = [SecretViewPermission]
@@ -55,6 +57,7 @@ class SecretListView(generics.GenericAPIView):
         queryset = self.filter_queryset(self.get_queryset())
 
         # Attempt to decrypt each Secret if a private key was provided.
+        private_key = request.body or None
         if private_key is not None:
             try:
                 uk = UserKey.objects.get(user=request.user)
@@ -81,24 +84,23 @@ class SecretListView(generics.GenericAPIView):
         serializer = self.get_serializer(queryset, many=True)
         return Response(serializer.data)
 
-    def post(self, request, *args, **kwargs):
-        private_key = request.POST.get('private_key')
-        return self.get(request, private_key=private_key)
-
 
 class SecretDetailView(generics.GenericAPIView):
     """
-    Retrieve a single Secret. If a private key is POSTed, attempt to decrypt the Secret.
+    Retrieve a single Secret. If a private key is provided in the GET body, attempt to decrypt the Secret.
+
+      e.g. curl -X GET http://netbox/api/secrets/secrets/123/ --data-binary "@/path/to/private_key"
     """
-    queryset = Secret.objects.select_related('device', 'role')
+    queryset = Secret.objects.select_related('device__primary_ip', 'role')
     serializer_class = SecretSerializer
     permission_classes = [SecretViewPermission]
     renderer_classes = api_settings.DEFAULT_RENDERER_CLASSES + [FreeRADIUSClientsRenderer]
 
-    def get(self, request, pk, private_key=None, *args, **kwargs):
+    def get(self, request, pk, *args, **kwargs):
         secret = get_object_or_404(Secret, pk=pk)
 
         # Attempt to decrypt the Secret if a private key was provided.
+        private_key = request.body or None
         if private_key is not None:
             try:
                 uk = UserKey.objects.get(user=request.user)
@@ -124,10 +126,6 @@ class SecretDetailView(generics.GenericAPIView):
         serializer = self.get_serializer(secret)
         return Response(serializer.data)
 
-    def post(self, request, pk, *args, **kwargs):
-        private_key = request.POST.get('private_key')
-        return self.get(request, pk, private_key=private_key)
-
 
 class RSAKeyGeneratorView(APIView):
     """