Do not generate secret when client rep do not specifiy public or bearer

Closes #31444

Signed-off-by: rmartinc <rmartinc@redhat.com>
This commit is contained in:
rmartinc 2024-07-29 18:49:39 +02:00 committed by Marek Posolda
parent b07b120f2a
commit a6c70d65ee
2 changed files with 17 additions and 8 deletions

View file

@ -563,7 +563,7 @@ public class RepresentationToModel {
} }
private static String determineNewSecret(ClientModel client, ClientRepresentation rep) { private static String determineNewSecret(ClientModel client, ClientRepresentation rep) {
if (Boolean.TRUE.equals(rep.isPublicClient()) || Boolean.TRUE.equals(rep.isBearerOnly())) { if (client.isPublicClient() || client.isBearerOnly()) {
// Clear out the secret with null // Clear out the secret with null
return null; return null;
} }

View file

@ -477,31 +477,39 @@ public class ClientTest extends AbstractAdminTest {
newClient.setClientId(client.getClientId()); newClient.setClientId(client.getClientId());
newClient.setBaseUrl("http://baseurl"); newClient.setBaseUrl("http://baseurl");
realm.clients().get(client.getId()).update(newClient); ClientResource clientRes = realm.clients().get(client.getId());
clientRes.update(newClient);
assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.clientResourcePath(client.getId()), newClient, ResourceType.CLIENT); assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.clientResourcePath(client.getId()), newClient, ResourceType.CLIENT);
ClientRepresentation storedClient = realm.clients().get(client.getId()).toRepresentation(); ClientRepresentation storedClient = clientRes.toRepresentation();
assertNull(storedClient.getSecret());
assertNull(clientRes.getSecret().getValue());
assertClient(client, storedClient); assertClient(client, storedClient);
newClient.setSecret("new-secret"); client.setPublicClient(false);
newClient.setPublicClient(client.isPublicClient());
client.setSecret("new-secret");
newClient.setSecret(client.getSecret());
realm.clients().get(client.getId()).update(newClient); clientRes.update(newClient);
newClient.setSecret("**********"); // secrets are masked in events newClient.setSecret("**********"); // secrets are masked in events
assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.clientResourcePath(client.getId()), newClient, ResourceType.CLIENT); assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.clientResourcePath(client.getId()), newClient, ResourceType.CLIENT);
storedClient = realm.clients().get(client.getId()).toRepresentation(); storedClient = clientRes.toRepresentation();
assertClient(client, storedClient); assertClient(client, storedClient);
storedClient.setSecret(null);
storedClient.getAttributes().put(OIDCConfigAttributes.BACKCHANNEL_LOGOUT_URL, ""); storedClient.getAttributes().put(OIDCConfigAttributes.BACKCHANNEL_LOGOUT_URL, "");
realm.clients().get(storedClient.getId()).update(storedClient); clientRes.update(storedClient);
storedClient = realm.clients().get(client.getId()).toRepresentation(); storedClient = clientRes.toRepresentation();
assertFalse(storedClient.getAttributes().containsKey(OIDCConfigAttributes.BACKCHANNEL_LOGOUT_URL)); assertFalse(storedClient.getAttributes().containsKey(OIDCConfigAttributes.BACKCHANNEL_LOGOUT_URL));
assertClient(client, storedClient);
} }
@Test @Test
@ -931,6 +939,7 @@ public class ClientTest extends AbstractAdminTest {
if (client.getBaseUrl() != null) Assert.assertEquals(client.getBaseUrl(), storedClient.getBaseUrl()); if (client.getBaseUrl() != null) Assert.assertEquals(client.getBaseUrl(), storedClient.getBaseUrl());
if (client.isSurrogateAuthRequired() != null) Assert.assertEquals(client.isSurrogateAuthRequired(), storedClient.isSurrogateAuthRequired()); if (client.isSurrogateAuthRequired() != null) Assert.assertEquals(client.isSurrogateAuthRequired(), storedClient.isSurrogateAuthRequired());
if (client.getClientAuthenticatorType() != null) Assert.assertEquals(client.getClientAuthenticatorType(), storedClient.getClientAuthenticatorType()); if (client.getClientAuthenticatorType() != null) Assert.assertEquals(client.getClientAuthenticatorType(), storedClient.getClientAuthenticatorType());
if (client.getSecret() != null) Assert.assertEquals(client.getSecret(), storedClient.getSecret());
if (client.getNotBefore() != null) { if (client.getNotBefore() != null) {
Assert.assertEquals(client.getNotBefore(), storedClient.getNotBefore()); Assert.assertEquals(client.getNotBefore(), storedClient.getNotBefore());