From e66168dfa44ffab27853b64fda07368f32d8fab5 Mon Sep 17 00:00:00 2001
From: fit2bot <68588906+fit2bot@users.noreply.github.com>
Date: Wed, 15 Feb 2023 20:16:01 +0800
Subject: [PATCH] =?UTF-8?q?perf:=20account=20secret=20=E5=8A=A0=E5=AF=86?=
 =?UTF-8?q?=20(#9570)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: feng <1304903146@qq.com>
---
 apps/accounts/api/account/account.py      |  4 ++--
 apps/accounts/serializers/account/base.py | 18 ++++++++----------
 apps/assets/serializers/asset/common.py   | 11 +++++++++--
 3 files changed, 19 insertions(+), 14 deletions(-)

diff --git a/apps/accounts/api/account/account.py b/apps/accounts/api/account/account.py
index 695924122..ee306e250 100644
--- a/apps/accounts/api/account/account.py
+++ b/apps/accounts/api/account/account.py
@@ -3,11 +3,11 @@ from rest_framework.decorators import action
 from rest_framework.generics import CreateAPIView, ListAPIView
 from rest_framework.response import Response
 
-from assets.models import Asset
 from accounts import serializers
-from accounts.models import Account
 from accounts.filters import AccountFilterSet
+from accounts.models import Account
 from accounts.tasks import verify_accounts_connectivity
+from assets.models import Asset
 from authentication.const import ConfirmType
 from common.permissions import UserConfirmation
 from common.views.mixins import RecordViewLogMixin
diff --git a/apps/accounts/serializers/account/base.py b/apps/accounts/serializers/account/base.py
index e0b0215ff..47eeb457a 100644
--- a/apps/accounts/serializers/account/base.py
+++ b/apps/accounts/serializers/account/base.py
@@ -24,27 +24,25 @@ class AuthValidateMixin(serializers.Serializer):
         write_only=True, label=_('Key password')
     )
 
-    @property
-    def initial_secret_type(self):
-        secret_type = self.initial_data.get('secret_type')
-        return secret_type
-
-    def validate_secret(self, secret):
+    @staticmethod
+    def handle_secret(secret, secret_type, passphrase=None):
         if not secret:
             return ''
-        secret_type = self.initial_secret_type
         if secret_type == SecretType.PASSWORD:
             validate_password_for_ansible(secret)
             return secret
         elif secret_type == SecretType.SSH_KEY:
-            passphrase = self.initial_data.get('passphrase')
             passphrase = passphrase if passphrase else None
             return validate_ssh_key(secret, passphrase)
         else:
             return secret
 
-    @staticmethod
-    def clean_auth_fields(validated_data):
+    def clean_auth_fields(self, validated_data):
+        secret_type = validated_data['secret_type']
+        passphrase = validated_data.get('passphrase')
+        secret = validated_data.pop('secret', None)
+        self.handle_secret(secret, secret_type, passphrase)
+        validated_data['secret'] = secret
         for field in ('secret',):
             value = validated_data.get(field)
             if value is None:
diff --git a/apps/assets/serializers/asset/common.py b/apps/assets/serializers/asset/common.py
index 9b6eb7f85..0d1bbcb87 100644
--- a/apps/assets/serializers/asset/common.py
+++ b/apps/assets/serializers/asset/common.py
@@ -8,9 +8,10 @@ from rest_framework import serializers
 
 from accounts.models import Account
 from accounts.serializers import AccountSerializerCreateValidateMixin
+from accounts.serializers import AuthValidateMixin
 from common.serializers import WritableNestedModelSerializer, SecretReadableMixin, CommonModelSerializer
 from common.serializers.fields import LabeledChoiceField
-from common.utils import lazyproperty
+from common.utils import lazyproperty, decrypt_password
 from orgs.mixins.serializers import BulkOrgResourceModelSerializer
 from ...const import Category, AllTypes
 from ...models import Asset, Node, Platform, Label, Protocol
@@ -51,7 +52,9 @@ class AssetPlatformSerializer(serializers.ModelSerializer):
 
 
 class AssetAccountSerializer(
-    AccountSerializerCreateValidateMixin, CommonModelSerializer
+    AuthValidateMixin,
+    AccountSerializerCreateValidateMixin,
+    CommonModelSerializer
 ):
     add_org_fields = False
     push_now = serializers.BooleanField(
@@ -256,6 +259,8 @@ class AssetSerializer(BulkOrgResourceModelSerializer, WritableNestedModelSeriali
     def accounts_create(accounts_data, asset):
         for data in accounts_data:
             data['asset'] = asset
+            secret = data.get('secret')
+            data['secret'] = decrypt_password(secret) if secret else secret
             AssetAccountSerializer().create(data)
 
     @atomic
@@ -269,6 +274,8 @@ class AssetSerializer(BulkOrgResourceModelSerializer, WritableNestedModelSeriali
 
     @atomic
     def update(self, instance, validated_data):
+        if not validated_data.get('accounts'):
+            validated_data.pop('accounts', None)
         nodes_display = validated_data.pop('nodes_display', '')
         instance = super().update(instance, validated_data)
         self.perform_nodes_display_create(instance, nodes_display)