Replace legacy add/edit secret views with SecretEditView

netbox/secrets/decorators.py

@@ -1,24 +0,0 @@
-from django.contrib import messages
-from django.shortcuts import redirect
-
-from .models import UserKey
-
-
-def userkey_required():
-    """
-    Decorator for views which require that the user has an active UserKey (typically for encryption/decryption of
-    Secrets).
-    """
-    def _decorator(view):
-        def wrapped_view(request, *args, **kwargs):
-            try:
-                uk = UserKey.objects.get(user=request.user)
-            except UserKey.DoesNotExist:
-                messages.warning(request, "This operation requires an active user key, but you don't have one.")
-                return redirect('user:userkey')
-            if not uk.is_active():
-                messages.warning(request, "This operation is not available. Your user key has not been activated.")
-                return redirect('user:userkey')
-            return view(request, *args, **kwargs)
-        return wrapped_view
-    return _decorator

netbox/secrets/urls.py

@@ -17,12 +17,12 @@ urlpatterns = [
 
     # Secrets
     path('secrets/', views.SecretListView.as_view(), name='secret_list'),
-    path('secrets/add/', views.secret_add, name='secret_add'),
+    path('secrets/add/', views.SecretEditView.as_view(), name='secret_add'),
     path('secrets/import/', views.SecretBulkImportView.as_view(), name='secret_import'),
     path('secrets/edit/', views.SecretBulkEditView.as_view(), name='secret_bulk_edit'),
     path('secrets/delete/', views.SecretBulkDeleteView.as_view(), name='secret_bulk_delete'),
     path('secrets/<int:pk>/', views.SecretView.as_view(), name='secret'),
-    path('secrets/<int:pk>/edit/', views.secret_edit, name='secret_edit'),
+    path('secrets/<int:pk>/edit/', views.SecretEditView.as_view(), name='secret_edit'),
     path('secrets/<int:pk>/delete/', views.SecretDeleteView.as_view(), name='secret_delete'),
     path('secrets/<int:pk>/changelog/', ObjectChangeLogView.as_view(), name='secret_changelog', kwargs={'model': Secret}),
 

netbox/secrets/views.py

@@ -1,20 +1,17 @@
 import base64
+import logging
 
 from django.contrib import messages
-from django.contrib.auth.decorators import permission_required
-from django.contrib.auth.mixins import PermissionRequiredMixin
 from django.db.models import Count
 from django.shortcuts import get_object_or_404, redirect, render
-from django.urls import reverse
-from django.views.generic import View
+from django.utils.html import escape
+from django.utils.safestring import mark_safe
 
 from utilities.views import (
-    BulkDeleteView, BulkEditView, BulkImportView, GetReturnURLMixin, ObjectView, ObjectDeleteView, ObjectEditView,
-    ObjectListView,
+    BulkDeleteView, BulkEditView, BulkImportView, ObjectView, ObjectDeleteView, ObjectEditView, ObjectListView,
 )
 from . import filters, forms, tables
-from .decorators import userkey_required
-from .models import SecretRole, Secret, SessionKey
+from .models import SecretRole, Secret, SessionKey, UserKey
 
 
 def get_session_key(request):
@@ -79,107 +76,73 @@ class SecretView(ObjectView):
         })
 
 
-@permission_required('secrets.add_secret')
-@userkey_required()
-def secret_add(request):
+class SecretEditView(ObjectEditView):
+    queryset = Secret.objects.all()
+    model_form = forms.SecretForm
+    template_name = 'secrets/secret_edit.html'
+
+    def dispatch(self, request, *args, **kwargs):
+
+        # Check that the user has a valid UserKey
+        try:
+            uk = UserKey.objects.get(user=request.user)
+        except UserKey.DoesNotExist:
+            messages.warning(request, "This operation requires an active user key, but you don't have one.")
+            return redirect('user:userkey')
+        if not uk.is_active():
+            messages.warning(request, "This operation is not available. Your user key has not been activated.")
+            return redirect('user:userkey')
+
+        return super().dispatch(request, *args, **kwargs)
 
-    secret = Secret()
-    session_key = get_session_key(request)
+    def post(self, request, *args, **kwargs):
+        logger = logging.getLogger('netbox.views.ObjectEditView')
+        session_key = get_session_key(request)
+        secret = self.get_object(kwargs)
+        form = self.model_form(request.POST, instance=secret)
 
-    if request.method == 'POST':
-        form = forms.SecretForm(request.POST, instance=secret)
         if form.is_valid():
+            logger.debug("Form validation was successful")
 
-            # We need a valid session key in order to create a Secret
-            if session_key is None:
+            # We must have a session key in order to create a secret or update the plaintext of an existing secret
+            if (form.cleaned_data['plaintext'] or secret.pk is None) and session_key is None:
+                logger.debug("Unable to proceed: No session key was provided with the request")
                 form.add_error(None, "No session key was provided with the request. Unable to encrypt secret data.")
 
-            # Create and encrypt the new Secret
             else:
                 master_key = None
                 try:
                     sk = SessionKey.objects.get(userkey__user=request.user)
                     master_key = sk.get_master_key(session_key)
                 except SessionKey.DoesNotExist:
+                    logger.debug("Unable to proceed: User has no session key assigned")
                     form.add_error(None, "No session key found for this user.")
 
                 if master_key is not None:
+                    logger.debug("Successfully resolved master key for encryption")
                     secret = form.save(commit=False)
-                    secret.plaintext = str(form.cleaned_data['plaintext'])
+                    if form.cleaned_data['plaintext']:
+                        secret.plaintext = str(form.cleaned_data['plaintext'])
                     secret.encrypt(master_key)
                     secret.save()
                     form.save_m2m()
 
-                    messages.success(request, "Added new secret: {}.".format(secret))
-                    if '_addanother' in request.POST:
-                        return redirect('secrets:secret_add')
-                    else:
-                        return redirect('secrets:secret', pk=secret.pk)
-
-    else:
-        initial_data = {
-            'device': request.GET.get('device'),
-        }
-        form = forms.SecretForm(initial=initial_data)
-
-    return render(request, 'secrets/secret_edit.html', {
-        'secret': secret,
-        'form': form,
-        'return_url': GetReturnURLMixin().get_return_url(request, secret)
-    })
-
-
-@permission_required('secrets.change_secret')
-@userkey_required()
-def secret_edit(request, pk):
-
-    secret = get_object_or_404(Secret, pk=pk)
-    session_key = get_session_key(request)
-
-    if request.method == 'POST':
-        form = forms.SecretForm(request.POST, instance=secret)
-        if form.is_valid():
-
-            # Re-encrypt the Secret if a plaintext and session key have been provided.
-            if form.cleaned_data['plaintext'] and session_key is not None:
-
-                # Retrieve the master key using the provided session key
-                master_key = None
-                try:
-                    sk = SessionKey.objects.get(userkey__user=request.user)
-                    master_key = sk.get_master_key(session_key)
-                except SessionKey.DoesNotExist:
-                    form.add_error(None, "No session key found for this user.")
+                    msg = '{} secret'.format('Created' if not form.instance.pk else 'Modified')
+                    logger.info(f"{msg} {secret} (PK: {secret.pk})")
+                    msg = '{} <a href="{}">{}</a>'.format(msg, secret.get_absolute_url(), escape(secret))
+                    messages.success(request, mark_safe(msg))
 
-                # Create and encrypt the new Secret
-                if master_key is not None:
-                    secret = form.save(commit=False)
-                    secret.plaintext = form.cleaned_data['plaintext']
-                    secret.encrypt(master_key)
-                    secret.save()
-                    messages.success(request, "Modified secret {}.".format(secret))
-                    return redirect('secrets:secret', pk=secret.pk)
-                else:
-                    form.add_error(None, "Invalid session key. Unable to encrypt secret data.")
+                    return redirect(self.get_return_url(request, secret))
 
-            # We can't save the plaintext without a session key.
-            elif form.cleaned_data['plaintext']:
-                form.add_error(None, "No session key was provided with the request. Unable to encrypt secret data.")
+        else:
+            logger.debug("Form validation failed")
 
-            # If no new plaintext was specified, a session key is not needed.
-            else:
-                secret = form.save()
-                messages.success(request, "Modified secret {}.".format(secret))
-                return redirect('secrets:secret', pk=secret.pk)
-
-    else:
-        form = forms.SecretForm(instance=secret)
-
-    return render(request, 'secrets/secret_edit.html', {
-        'secret': secret,
-        'form': form,
-        'return_url': reverse('secrets:secret', kwargs={'pk': secret.pk}),
-    })
+        return render(request, self.template_name, {
+            'obj': secret,
+            'obj_type': self.queryset.model._meta.verbose_name,
+            'form': form,
+            'return_url': self.get_return_url(request, secret),
+        })
 
 
 class SecretDeleteView(ObjectDeleteView):

netbox/templates/secrets/secret_edit.html

@@ -9,7 +9,7 @@
     {{ form.private_key }}
     <div class="row">
         <div class="col-md-6 col-md-offset-3">
-            <h3>{% block title %}{% if secret.pk %}Editing {{ secret }}{% else %}Add a Secret{% endif %}{% endblock %}</h3>
+            <h3>{% block title %}{% if obj.pk %}Editing {{ obj }}{% else %}Add a Secret{% endif %}{% endblock %}</h3>
             {% if form.non_field_errors %}
                 <div class="panel panel-danger">
                     <div class="panel-heading"><strong>Errors</strong></div>
@@ -30,17 +30,17 @@
             <div class="panel panel-default">
                 <div class="panel-heading"><strong>Secret Data</strong></div>
                 <div class="panel-body">
-                    {% if secret.pk and secret|decryptable_by:request.user %}
+                    {% if obj.pk and obj|decryptable_by:request.user %}
                         <div class="form-group">
                             <label class="col-md-3 control-label required">Current Plaintext</label>
                             <div class="col-md-7">
-                                <p class="form-control-static" id="secret_{{ secret.pk }}">********</p>
+                                <p class="form-control-static" id="secret_{{ obj.pk }}">********</p>
                             </div>
                             <div class="col-md-2 text-right">
-                                <button class="btn btn-xs btn-success unlock-secret" secret-id="{{ secret.pk }}">
+                                <button class="btn btn-xs btn-success unlock-secret" secret-id="{{ obj.pk }}">
                                     <i class="fa fa-lock"></i> Unlock
                                 </button>
-                                <button class="btn btn-xs btn-danger lock-secret collapse" secret-id="{{ secret.pk }}">
+                                <button class="btn btn-xs btn-danger lock-secret collapse" secret-id="{{ obj.pk }}">
                                     <i class="fa fa-unlock-alt"></i> Lock
                                 </button>
                             </div>
@@ -69,9 +69,9 @@
     <div class="row">
         <div class="form-group">
             <div class="col-md-12 text-center">
-                {% if secret.pk %}
+                {% if obj.pk %}
                     <button type="submit" name="_update" class="btn btn-primary">Update</button>
-                    <a href="{% url 'secrets:secret' pk=secret.pk %}" class="btn btn-default">Cancel</a>
+                    <a href="{% url 'secrets:secret' pk=obj.pk %}" class="btn btn-default">Cancel</a>
                 {% else %}
                     <button type="submit" name="_create" class="btn btn-primary">Create</button>
                     <button type="submit" name="_addanother" class="btn btn-primary">Create and Add Another</button>