From f45a0f3aeb4fa4f629b4f744e2286bbc2cb5adab Mon Sep 17 00:00:00 2001
From: Nathan Coad <nathan@thecoads.com>
Date: Tue, 9 Jan 2024 12:16:02 +1100
Subject: [PATCH] test actually updating secret

---
 controllers/store_secrets.go | 38 +++++++++++++++++++++++++++++++++++-
 models/secret.go             |  3 +--
 2 files changed, 38 insertions(+), 3 deletions(-)

diff --git a/controllers/store_secrets.go b/controllers/store_secrets.go
index 709e358..f19c7b4 100644
--- a/controllers/store_secrets.go
+++ b/controllers/store_secrets.go
@@ -200,6 +200,13 @@ func UpdateSecret(c *gin.Context) {
 
 	log.Printf("UpdateSecret received JSON input '%v'\n", input)
 
+	if len(input.SecretValue) == 0 {
+		errString := "UpdateSecret no updated secret specified\n"
+		log.Print(errString)
+		c.JSON(http.StatusBadRequest, gin.H{"error": errString})
+		return
+	}
+
 	// Temporarily disable because we should be able to figure it out without user specifying
 	/*
 		if input.SafeId == 0 && len(input.SafeName) == 0 {
@@ -238,7 +245,36 @@ func UpdateSecret(c *gin.Context) {
 		return
 	} else if len(secretList) == 1 {
 		// Update secret
-		log.Printf("mock updating secret\n")
+		//log.Printf("mock updating secret\n")
+		log.Printf("secretList[0]: %v\n", secretList[0])
+
+		s.SecretId = secretList[0].SecretId
+
+		// check for empty fields in the update request and update from the existing record
+		if s.UserName == "" {
+			s.UserName = secretList[0].Secret.UserName
+		}
+		if s.DeviceCategory == "" {
+			s.DeviceCategory = secretList[0].DeviceCategory
+		}
+		if s.DeviceName == "" {
+			s.DeviceName = secretList[0].DeviceName
+		}
+
+		// Encrypt secret
+		s.Secret = input.SecretValue
+		_, err = s.EncryptSecret()
+		if err != nil {
+			c.JSON(http.StatusBadRequest, gin.H{"error": "UpdateSecret error encrypting secret : " + err.Error()})
+			return
+		}
+
+		_, err = s.UpdateSecret()
+		if err != nil {
+			c.JSON(http.StatusBadRequest, gin.H{"error": "UpdateSecret error saving secret : " + err.Error()})
+			return
+		}
+
 		c.JSON(http.StatusOK, gin.H{"message": "secret updated successfully"})
 	} else {
 		c.JSON(http.StatusBadRequest, gin.H{"error": "multiple secrets matched search parameters, be more specific"})
diff --git a/models/secret.go b/models/secret.go
index 1162cad..361a264 100644
--- a/models/secret.go
+++ b/models/secret.go
@@ -77,7 +77,6 @@ func SecretsGetAllowedForGroup(s *Secret, userId int) ([]UserSecret, error) {
 	INNER JOIN secrets on secrets.SafeId = safes.SafeId
 	WHERE users.UserId = ? `
 	queryArgs = append(queryArgs, userId)
-	log.Printf("queryArgs: %v\n", queryArgs)
 
 	// Make sure at least one parameter was specified
 	if s.DeviceName == "" && s.DeviceCategory == "" && s.UserName == "" {
@@ -103,7 +102,7 @@ func SecretsGetAllowedForGroup(s *Secret, userId int) ([]UserSecret, error) {
 	}
 
 	// Execute the query
-	log.Printf("SecretsGetAllowedForGroup query string : '%s'\n%+v\n", query, queryArgs)
+	//log.Printf("SecretsGetAllowedForGroup query string : '%s'\n%+v\n", query, queryArgs)
 	rows, err := db.Queryx(query, queryArgs...)
 
 	if err != nil {