From 4561ec7985c94a5a31fdf2ec47c2170233efb1b3 Mon Sep 17 00:00:00 2001 From: Jeremy Stretch Date: Wed, 6 Apr 2016 11:22:36 -0400 Subject: [PATCH] Modified the secrets API to accept a private key passed as a GET request body (instead of POSTing) --- netbox/secrets/api/views.py | 24 +++++++++++------------- 1 file changed, 11 insertions(+), 13 deletions(-) diff --git a/netbox/secrets/api/views.py b/netbox/secrets/api/views.py index 2633bc25a..e0eda087f 100644 --- a/netbox/secrets/api/views.py +++ b/netbox/secrets/api/views.py @@ -43,9 +43,11 @@ class SecretRoleDetailView(generics.RetrieveAPIView): class SecretListView(generics.GenericAPIView): """ - List secrets (filterable). If a private key is POSTed, attempt to decrypt each Secret. + List secrets (filterable). If a private key is provided in the GET body, attempt to decrypt each Secret. + + e.g. curl -X GET http://netbox/api/secrets/secrets/ --data-binary "@/path/to/private_key" """ - queryset = Secret.objects.select_related('device', 'role') + queryset = Secret.objects.select_related('device__primary_ip', 'role') serializer_class = SecretSerializer filter_class = SecretFilter permission_classes = [SecretViewPermission] @@ -55,6 +57,7 @@ class SecretListView(generics.GenericAPIView): queryset = self.filter_queryset(self.get_queryset()) # Attempt to decrypt each Secret if a private key was provided. + private_key = request.body or None if private_key is not None: try: uk = UserKey.objects.get(user=request.user) @@ -81,24 +84,23 @@ class SecretListView(generics.GenericAPIView): serializer = self.get_serializer(queryset, many=True) return Response(serializer.data) - def post(self, request, *args, **kwargs): - private_key = request.POST.get('private_key') - return self.get(request, private_key=private_key) - class SecretDetailView(generics.GenericAPIView): """ - Retrieve a single Secret. If a private key is POSTed, attempt to decrypt the Secret. + Retrieve a single Secret. If a private key is provided in the GET body, attempt to decrypt the Secret. + + e.g. curl -X GET http://netbox/api/secrets/secrets/123/ --data-binary "@/path/to/private_key" """ - queryset = Secret.objects.select_related('device', 'role') + queryset = Secret.objects.select_related('device__primary_ip', 'role') serializer_class = SecretSerializer permission_classes = [SecretViewPermission] renderer_classes = api_settings.DEFAULT_RENDERER_CLASSES + [FreeRADIUSClientsRenderer] - def get(self, request, pk, private_key=None, *args, **kwargs): + def get(self, request, pk, *args, **kwargs): secret = get_object_or_404(Secret, pk=pk) # Attempt to decrypt the Secret if a private key was provided. + private_key = request.body or None if private_key is not None: try: uk = UserKey.objects.get(user=request.user) @@ -124,10 +126,6 @@ class SecretDetailView(generics.GenericAPIView): serializer = self.get_serializer(secret) return Response(serializer.data) - def post(self, request, pk, *args, **kwargs): - private_key = request.POST.get('private_key') - return self.get(request, pk, private_key=private_key) - class RSAKeyGeneratorView(APIView): """