-
Notifications
You must be signed in to change notification settings - Fork 828
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
validate secrets only with text #2574
Conversation
We have created an issue in Pivotal Tracker to manage this: https://www.pivotaltracker.com/story/show/186329816 The labels on this github issue will be updated when the story is started. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The general approach is fine.
Please rewrite the commit to include all the context/motivations behind the change such that future developers would understand why the change was made.
This fixes client creation rest call with empty secret. Empty client secret is allowed via YAML setting already, but in a REST call there is an error: Client Secret must be at least 1 characters in length. Why this occurs: There is a policy validator for user and client policy validation. For users, a minimum of 1 char for a password might be ok, for a client not. A secret can be empty. Before 76.22.0 a missing secret in a client creation call was defaulted to an empty secret, but with #2455 this was fixed. The fix prevented the creation with an empty secret. Therefore, this here is a fix for a regression introduced with 76.22.0. It simply prevents the policy validation if the secret is without text (null or empty).
8edebb4
to
1b1bff7
Compare
This fixes client creation rest call with empty secret.
Empty client secret is allowed via YAML setting already, but
in a REST call there is an error:
Client Secret must be at least 1 characters in length.
Why this occurs: There is a policy validator for user and client
policy validation.
For users, a minimum of 1 char for a password might be ok,
for a client not. A secret can be empty.
Before 76.22.0 a missing secret in a client creation call was defaulted
to an empty secret, but with #2455
this was fixed. The fix prevented the creation with an empty secret.
Therefore, this here is a fix for a regression introduced with 76.22.0.
It simply prevents the policy validation if the secret is without text
(null or empty).
Fix for issue #2570