Fix for Client secret is visable in Admin event representation when Credentials Reset action performed for the Client. (#32067)
* Stripping secrets for the credential representation Signed-off-by: kaustubh B <kbawanka@redhat.com>
This commit is contained in:
parent
ea3937f37c
commit
cf8905efe8
3 changed files with 19 additions and 2 deletions
|
@ -24,6 +24,7 @@ import org.keycloak.provider.ProviderConfigProperty;
|
|||
import org.keycloak.representations.idm.ClientRepresentation;
|
||||
import org.keycloak.representations.idm.ComponentExportRepresentation;
|
||||
import org.keycloak.representations.idm.ComponentRepresentation;
|
||||
import org.keycloak.representations.idm.CredentialRepresentation;
|
||||
import org.keycloak.representations.idm.IdentityProviderRepresentation;
|
||||
import org.keycloak.representations.idm.RealmRepresentation;
|
||||
import org.keycloak.representations.idm.UserRepresentation;
|
||||
|
@ -59,6 +60,7 @@ public class StripSecretsUtils {
|
|||
REPRESENTATION_FORMATTER.put(ClientRepresentation.class, (session, o) -> StripSecretsUtils.stripClient((ClientRepresentation) o));
|
||||
REPRESENTATION_FORMATTER.put(IdentityProviderRepresentation.class, (session, o) -> StripSecretsUtils.stripBroker((IdentityProviderRepresentation) o));
|
||||
REPRESENTATION_FORMATTER.put(ComponentRepresentation.class, (session, o) -> StripSecretsUtils.stripComponent(session, (ComponentRepresentation) o));
|
||||
REPRESENTATION_FORMATTER.put(CredentialRepresentation.class, (session, o) -> StripSecretsUtils.stripCredentials((CredentialRepresentation) o));
|
||||
}
|
||||
|
||||
public static <T> T stripSecrets(KeycloakSession session, T representation) {
|
||||
|
@ -82,6 +84,11 @@ public class StripSecretsUtils {
|
|||
);
|
||||
}
|
||||
|
||||
protected static CredentialRepresentation stripCredentials(CredentialRepresentation rep) {
|
||||
rep.setValue("**********");
|
||||
return rep;
|
||||
}
|
||||
|
||||
private static ComponentRepresentation stripComponent(KeycloakSession session, ComponentRepresentation rep) {
|
||||
Map<String, ProviderConfigProperty> configProperties = ComponentUtil.getComponentConfigProperties(session, rep);
|
||||
return stripComponent(configProperties, rep);
|
||||
|
|
|
@ -122,6 +122,16 @@ public class StripSecretsUtilsTest {
|
|||
assertEquals("configValue1", rep.getConfig().get("configParam1"));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void stripCredentials(){
|
||||
CredentialRepresentation rep = new CredentialRepresentation();
|
||||
rep.setId("test");
|
||||
rep.setValue("secretValue");
|
||||
StripSecretsUtils.stripCredentials(rep);
|
||||
assertEquals("test", rep.getId());
|
||||
assertEquals("**********", rep.getValue());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void stripComponent() {
|
||||
ComponentRepresentation rep = new ComponentRepresentation();
|
||||
|
|
|
@ -299,7 +299,7 @@ public class ClientResource {
|
|||
|
||||
adminEvent.operation(OperationType.ACTION).resourcePath(session.getContext().getUri()).representation(rep).success();
|
||||
session.removeAttribute(ClientSecretConstants.CLIENT_SECRET_ROTATION_ENABLED);
|
||||
|
||||
rep.setValue(secret);
|
||||
return rep;
|
||||
} catch (ClientPolicyException cpe) {
|
||||
throw new ErrorResponseException(cpe.getError(), cpe.getErrorDetail(),
|
||||
|
|
Loading…
Reference in a new issue