diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/util/PasswordValidatorUtil.java b/server/src/main/java/org/cloudfoundry/identity/uaa/util/PasswordValidatorUtil.java index b10d045fd1b..2275b8c8eb0 100644 --- a/server/src/main/java/org/cloudfoundry/identity/uaa/util/PasswordValidatorUtil.java +++ b/server/src/main/java/org/cloudfoundry/identity/uaa/util/PasswordValidatorUtil.java @@ -51,8 +51,7 @@ public static PasswordValidator validator(GenericPasswordPolicy policy, MessageResolver messageResolver) { List rules = new ArrayList<>(); - //length is always a rule. We do not allow blank password - int minLength = Math.max(1, policy.getMinLength()); + int minLength = policy.getMinLength()>0 ? policy.getMinLength() : 0; int maxLength = policy.getMaxLength()>0 ? policy.getMaxLength() : Integer.MAX_VALUE; rules.add(new LengthRule(minLength, maxLength)); diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/scim/validate/UaaPasswordPolicyValidatorTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/scim/validate/UaaPasswordPolicyValidatorTests.java index 0ae4bd052a4..2a97cf6f15c 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/scim/validate/UaaPasswordPolicyValidatorTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/scim/validate/UaaPasswordPolicyValidatorTests.java @@ -47,20 +47,11 @@ void setUp() { } @Test - void min_password_length_is_always_1_if_set_to_0() { - policy.setMinLength(0); + void min_password_length_is_1() { + policy.setMinLength(1); validatePassword("", "Password must be at least 1 characters in length."); - validatePassword(null, "Password must be at least 1 characters in length."); } - @Test - void min_password_length_is_always_1_if_not_set() { - policy.setMinLength(-1); - validatePassword("", "Password must be at least 1 characters in length."); - validatePassword(null, "Password must be at least 1 characters in length."); - } - - @Test void testValidateSuccess() { validatePassword("Password2&"); diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/zone/ZoneAwareClientSecretPolicyValidatorTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/zone/ZoneAwareClientSecretPolicyValidatorTests.java index 19fc9c9db49..77f96b2fbf3 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/zone/ZoneAwareClientSecretPolicyValidatorTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/zone/ZoneAwareClientSecretPolicyValidatorTests.java @@ -17,7 +17,7 @@ class ZoneAwareClientSecretPolicyValidatorTests { private ClientSecretPolicy defaultPolicy = new ClientSecretPolicy(0,255,0,0,0,0,6); private ClientSecretPolicy strictPolicy = new ClientSecretPolicy(6,10,1,1,1,1,6); - private static final String TEST_SECRET_1 = ""; + private static final String TEST_EMPTY_SECRET = ""; private static final String TEST_SECRET_2 = "testsecret"; private static final String TEST_SECRET_3 = "VFNTTDEgMB4GA1UEAxMXZnNzLnN0YWdlLmdlY29tcGFueIb3DQEBAQUADDwDG6wkBY" + "sJSqbSYpw0c76bUB1x5e46eiroRZdU2BEWiQJ9yxV95gGNsdLH1105iubzc9dbxavGIYM9s/+qJRf6WfwDU7VQsURCqIN8eUtnPU808" + @@ -37,9 +37,15 @@ void setUp() { } @Test - void testEmptyClientSecret() { + void defaultPolicyAcceptsEmptySecret() { zone.getConfig().setClientSecretPolicy(defaultPolicy); - assertThrows(InvalidClientSecretException.class, () -> validator.validate(TEST_SECRET_1)); + validator.validate(TEST_EMPTY_SECRET); + } + + @Test + void strictPolicyRejectsEmptySecret() { + zone.getConfig().setClientSecretPolicy(strictPolicy); + assertThrows(InvalidClientSecretException.class, () -> validator.validate(TEST_EMPTY_SECRET)); } @Test diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/ClientAdminEndpointsIntegrationTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/ClientAdminEndpointsIntegrationTests.java index 744025d25e4..795bc02290d 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/ClientAdminEndpointsIntegrationTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/ClientAdminEndpointsIntegrationTests.java @@ -25,6 +25,7 @@ import org.cloudfoundry.identity.uaa.resources.SearchResults; import org.cloudfoundry.identity.uaa.test.TestAccountSetup; import org.cloudfoundry.identity.uaa.test.UaaTestAccounts; +import org.cloudfoundry.identity.uaa.util.UaaStringUtils; import org.cloudfoundry.identity.uaa.zone.ClientSecretPolicy; import org.cloudfoundry.identity.uaa.zone.IdentityZone; import org.cloudfoundry.identity.uaa.zone.IdentityZoneConfiguration; @@ -170,6 +171,21 @@ public void createClientWithSecondarySecret() { assertEquals(HttpStatus.CREATED, result.getStatusCode()); } + @Test + public void createClientWithEmptySecret() { + OAuth2AccessToken token = getClientCredentialsAccessToken("clients.admin"); + HttpHeaders headers = getAuthenticatedHeaders(token); + var client = new ClientDetailsCreation(); + client.setClientId(new RandomValueStringGenerator().generate()); + client.setClientSecret(UaaStringUtils.EMPTY_STRING); + client.setAuthorizedGrantTypes(List.of("password")); + + ResponseEntity result = serverRunning.getRestTemplate() + .exchange(serverRunning.getUrl("/oauth/clients"), HttpMethod.POST, + new HttpEntity<>(client, headers), Void.class); + assertEquals(HttpStatus.CREATED, result.getStatusCode()); + } + @Test public void testCreateClients() throws Exception { doCreateClients();