Skip to content

Commit

Permalink
validate secrets only with text
Browse files Browse the repository at this point in the history
  • Loading branch information
strehle committed Oct 25, 2023
1 parent 874c62d commit 8edebb4
Show file tree
Hide file tree
Showing 3 changed files with 19 additions and 2 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@
import org.passay.PasswordValidator;
import org.passay.PropertiesMessageResolver;
import org.passay.RuleResult;
import org.springframework.util.StringUtils;

import java.util.LinkedList;
import java.util.List;
Expand Down Expand Up @@ -71,7 +72,7 @@ public ZoneAwareClientSecretPolicyValidator(ClientSecretPolicy globalDefaultClie

@Override
public void validate(String clientSecret) throws InvalidClientSecretException {
if(clientSecret == null) {
if(!StringUtils.hasText(clientSecret)) {
return;
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ void setUp() {
@Test
void testEmptyClientSecret() {
zone.getConfig().setClientSecretPolicy(defaultPolicy);
assertThrows(InvalidClientSecretException.class, () -> validator.validate(TEST_SECRET_1));
validator.validate(TEST_SECRET_1);
}

@Test
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@
import org.cloudfoundry.identity.uaa.resources.SearchResults;
import org.cloudfoundry.identity.uaa.test.TestAccountSetup;
import org.cloudfoundry.identity.uaa.test.UaaTestAccounts;
import org.cloudfoundry.identity.uaa.util.UaaStringUtils;
import org.cloudfoundry.identity.uaa.zone.ClientSecretPolicy;
import org.cloudfoundry.identity.uaa.zone.IdentityZone;
import org.cloudfoundry.identity.uaa.zone.IdentityZoneConfiguration;
Expand Down Expand Up @@ -170,6 +171,21 @@ public void createClientWithSecondarySecret() {
assertEquals(HttpStatus.CREATED, result.getStatusCode());
}

@Test
public void createClientWithEmptySecret() {
OAuth2AccessToken token = getClientCredentialsAccessToken("clients.admin");
HttpHeaders headers = getAuthenticatedHeaders(token);
var client = new ClientDetailsCreation();
client.setClientId(new RandomValueStringGenerator().generate());
client.setClientSecret(UaaStringUtils.EMPTY_STRING);
client.setAuthorizedGrantTypes(List.of("password"));

ResponseEntity<Void> result = serverRunning.getRestTemplate()
.exchange(serverRunning.getUrl("/oauth/clients"), HttpMethod.POST,
new HttpEntity<>(client, headers), Void.class);
assertEquals(HttpStatus.CREATED, result.getStatusCode());
}

@Test
public void testCreateClients() throws Exception {
doCreateClients();
Expand Down

0 comments on commit 8edebb4

Please sign in to comment.