Don't reset the value if a new value is provided

If a value is provided with a request to update the record, we should not nullify it. We don't send decrypted private values to the client, so if client provides it, it's probably pasted by the user.
2014-09-10 11:02:24 +02:00 · 2014-09-10 11:02:24 +02:00 · 6e5f225a1c
commit 6e5f225a1c
parent e103b291ad
2 changed files with 15 additions and 1 deletions
--- a/lib/travis/api/app/endpoint/env_vars.rb
+++ b/lib/travis/api/app/endpoint/env_vars.rb
@ -13,7 +13,7 @@ class Travis::Api::App
        record.update(data)

        # if we update from private to public reset value
-        if !previously_public && record.public?
+        if !previously_public && record.public? && data['value'].nil?
          record.value = nil
        end

--- a/spec/integration/v2/settings/env_vars_spec.rb
+++ b/spec/integration/v2/settings/env_vars_spec.rb
@ -83,6 +83,20 @@ describe Travis::Api::App::SettingsEndpoint do
    end

    describe 'PATCH /settings/env_vars/:id' do
+      it 'resets value if private key is made public unless new value is provided' do
+        settings = repo.settings
+        env_var = settings.env_vars.create(name: 'FOO', value: 'bar')
+        settings.save
+
+        body = { env_var: { public: true, value: 'a new value' } }.to_json
+        response = patch "/settings/env_vars/#{env_var.id}?repository_id=#{repo.id}", body, headers
+        json = JSON.parse(response.body)
+        json['env_var']['value'].should == 'a new value'
+
+        updated_env_var = repo.reload.settings.env_vars.find(env_var.id)
+        updated_env_var.value.decrypt.should == 'a new value'
+      end
+
      it 'resets value if private key is made public' do
        settings = repo.settings
        env_var = settings.env_vars.create(name: 'FOO', value: 'bar')