Do not generate secret when client rep do not specifiy public or bearer
Closes #31444 Signed-off-by: rmartinc <rmartinc@redhat.com>
This commit is contained in:
parent
b07b120f2a
commit
a6c70d65ee
2 changed files with 17 additions and 8 deletions
|
@ -563,7 +563,7 @@ public class RepresentationToModel {
|
||||||
}
|
}
|
||||||
|
|
||||||
private static String determineNewSecret(ClientModel client, ClientRepresentation rep) {
|
private static String determineNewSecret(ClientModel client, ClientRepresentation rep) {
|
||||||
if (Boolean.TRUE.equals(rep.isPublicClient()) || Boolean.TRUE.equals(rep.isBearerOnly())) {
|
if (client.isPublicClient() || client.isBearerOnly()) {
|
||||||
// Clear out the secret with null
|
// Clear out the secret with null
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
|
@ -477,31 +477,39 @@ public class ClientTest extends AbstractAdminTest {
|
||||||
newClient.setClientId(client.getClientId());
|
newClient.setClientId(client.getClientId());
|
||||||
newClient.setBaseUrl("http://baseurl");
|
newClient.setBaseUrl("http://baseurl");
|
||||||
|
|
||||||
realm.clients().get(client.getId()).update(newClient);
|
ClientResource clientRes = realm.clients().get(client.getId());
|
||||||
|
clientRes.update(newClient);
|
||||||
|
|
||||||
assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.clientResourcePath(client.getId()), newClient, ResourceType.CLIENT);
|
assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.clientResourcePath(client.getId()), newClient, ResourceType.CLIENT);
|
||||||
|
|
||||||
ClientRepresentation storedClient = realm.clients().get(client.getId()).toRepresentation();
|
ClientRepresentation storedClient = clientRes.toRepresentation();
|
||||||
|
|
||||||
|
assertNull(storedClient.getSecret());
|
||||||
|
assertNull(clientRes.getSecret().getValue());
|
||||||
assertClient(client, storedClient);
|
assertClient(client, storedClient);
|
||||||
|
|
||||||
newClient.setSecret("new-secret");
|
client.setPublicClient(false);
|
||||||
|
newClient.setPublicClient(client.isPublicClient());
|
||||||
|
client.setSecret("new-secret");
|
||||||
|
newClient.setSecret(client.getSecret());
|
||||||
|
|
||||||
realm.clients().get(client.getId()).update(newClient);
|
clientRes.update(newClient);
|
||||||
|
|
||||||
newClient.setSecret("**********"); // secrets are masked in events
|
newClient.setSecret("**********"); // secrets are masked in events
|
||||||
|
|
||||||
assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.clientResourcePath(client.getId()), newClient, ResourceType.CLIENT);
|
assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.clientResourcePath(client.getId()), newClient, ResourceType.CLIENT);
|
||||||
|
|
||||||
storedClient = realm.clients().get(client.getId()).toRepresentation();
|
storedClient = clientRes.toRepresentation();
|
||||||
assertClient(client, storedClient);
|
assertClient(client, storedClient);
|
||||||
|
|
||||||
|
storedClient.setSecret(null);
|
||||||
storedClient.getAttributes().put(OIDCConfigAttributes.BACKCHANNEL_LOGOUT_URL, "");
|
storedClient.getAttributes().put(OIDCConfigAttributes.BACKCHANNEL_LOGOUT_URL, "");
|
||||||
|
|
||||||
realm.clients().get(storedClient.getId()).update(storedClient);
|
clientRes.update(storedClient);
|
||||||
storedClient = realm.clients().get(client.getId()).toRepresentation();
|
storedClient = clientRes.toRepresentation();
|
||||||
|
|
||||||
assertFalse(storedClient.getAttributes().containsKey(OIDCConfigAttributes.BACKCHANNEL_LOGOUT_URL));
|
assertFalse(storedClient.getAttributes().containsKey(OIDCConfigAttributes.BACKCHANNEL_LOGOUT_URL));
|
||||||
|
assertClient(client, storedClient);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
|
@ -931,6 +939,7 @@ public class ClientTest extends AbstractAdminTest {
|
||||||
if (client.getBaseUrl() != null) Assert.assertEquals(client.getBaseUrl(), storedClient.getBaseUrl());
|
if (client.getBaseUrl() != null) Assert.assertEquals(client.getBaseUrl(), storedClient.getBaseUrl());
|
||||||
if (client.isSurrogateAuthRequired() != null) Assert.assertEquals(client.isSurrogateAuthRequired(), storedClient.isSurrogateAuthRequired());
|
if (client.isSurrogateAuthRequired() != null) Assert.assertEquals(client.isSurrogateAuthRequired(), storedClient.isSurrogateAuthRequired());
|
||||||
if (client.getClientAuthenticatorType() != null) Assert.assertEquals(client.getClientAuthenticatorType(), storedClient.getClientAuthenticatorType());
|
if (client.getClientAuthenticatorType() != null) Assert.assertEquals(client.getClientAuthenticatorType(), storedClient.getClientAuthenticatorType());
|
||||||
|
if (client.getSecret() != null) Assert.assertEquals(client.getSecret(), storedClient.getSecret());
|
||||||
|
|
||||||
if (client.getNotBefore() != null) {
|
if (client.getNotBefore() != null) {
|
||||||
Assert.assertEquals(client.getNotBefore(), storedClient.getNotBefore());
|
Assert.assertEquals(client.getNotBefore(), storedClient.getNotBefore());
|
||||||
|
|
Loading…
Reference in a new issue