updates

README.md

@@ -94,6 +94,8 @@ POST `/api/secret/store`
 
 Must be logged in to execute this command. Role of current user cannot be a ReadOnly role. Secret will be stored with the RoleId of the currently logged in user. Either deviceName or deviceCategory can be blank but not both.
 
+If a secret exists for this RoleId and matching deviceName and deviceCategory then an error will be generated.
+
 #### Retrieve
 GET `/api/secret/retrieve`
 
@@ -112,3 +114,15 @@ Either deviceName or deviceCategory can be specified (or both). Wildcards are su
 2. The underscore _ wildcard matches any single character.
 
 #### Update
+POST `/api/secret/update`
+
+```
+{
+    "deviceName": "",
+    "deviceCategory": "",
+    "userName": "",
+    "secretValue": ""
+}
+```
+
+Users with ReadOnly role will receive Forbidden error when calling this API endpoint. The values specified in deviceName and deviceCategory must match exactly one existing secret record for the RoleId of the currently logged in user.

controllers/store_secrets.go

@@ -102,6 +102,7 @@ func UpdateSecret(c *gin.Context) {
 
 	// Populate fields
 	s := models.Secret{}
+
 	s.UserName = input.UserName
 	s.DeviceName = input.DeviceName
 	s.DeviceCategory = input.DeviceCategory
@@ -128,6 +129,17 @@ func UpdateSecret(c *gin.Context) {
 		// Set the secret id with the one retrieved from the database
 		s.SecretId = checkExists[0].SecretId
 
+		// check for empty fields in the update request and update from the existing record
+		if s.UserName == "" {
+			s.UserName = checkExists[0].UserName
+		}
+		if s.DeviceCategory == "" {
+			s.DeviceCategory = checkExists[0].DeviceCategory
+		}
+		if s.DeviceName == "" {
+			s.DeviceName = checkExists[0].DeviceName
+		}
+
 		// Encrypt secret
 		s.Secret = input.SecretValue
 		_, err = s.EncryptSecret()