Fix for Client secret is visable in Admin event representation when Credentials Reset action performed for the Client. (#32067)

* Stripping secrets for the credential representation

Signed-off-by: kaustubh B <kbawanka@redhat.com>
This commit is contained in:
kaustubh-rh 2024-08-12 22:17:41 +05:30 committed by GitHub
parent ea3937f37c
commit cf8905efe8
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 19 additions and 2 deletions

View file

@ -24,6 +24,7 @@ import org.keycloak.provider.ProviderConfigProperty;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.ComponentExportRepresentation;
import org.keycloak.representations.idm.ComponentRepresentation;
import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.representations.idm.IdentityProviderRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
@ -59,6 +60,7 @@ public class StripSecretsUtils {
REPRESENTATION_FORMATTER.put(ClientRepresentation.class, (session, o) -> StripSecretsUtils.stripClient((ClientRepresentation) o));
REPRESENTATION_FORMATTER.put(IdentityProviderRepresentation.class, (session, o) -> StripSecretsUtils.stripBroker((IdentityProviderRepresentation) o));
REPRESENTATION_FORMATTER.put(ComponentRepresentation.class, (session, o) -> StripSecretsUtils.stripComponent(session, (ComponentRepresentation) o));
REPRESENTATION_FORMATTER.put(CredentialRepresentation.class, (session, o) -> StripSecretsUtils.stripCredentials((CredentialRepresentation) o));
}
public static <T> T stripSecrets(KeycloakSession session, T representation) {
@ -82,6 +84,11 @@ public class StripSecretsUtils {
);
}
protected static CredentialRepresentation stripCredentials(CredentialRepresentation rep) {
rep.setValue("**********");
return rep;
}
private static ComponentRepresentation stripComponent(KeycloakSession session, ComponentRepresentation rep) {
Map<String, ProviderConfigProperty> configProperties = ComponentUtil.getComponentConfigProperties(session, rep);
return stripComponent(configProperties, rep);

View file

@ -122,6 +122,16 @@ public class StripSecretsUtilsTest {
assertEquals("configValue1", rep.getConfig().get("configParam1"));
}
@Test
public void stripCredentials(){
CredentialRepresentation rep = new CredentialRepresentation();
rep.setId("test");
rep.setValue("secretValue");
StripSecretsUtils.stripCredentials(rep);
assertEquals("test", rep.getId());
assertEquals("**********", rep.getValue());
}
@Test
public void stripComponent() {
ComponentRepresentation rep = new ComponentRepresentation();

View file

@ -299,7 +299,7 @@ public class ClientResource {
adminEvent.operation(OperationType.ACTION).resourcePath(session.getContext().getUri()).representation(rep).success();
session.removeAttribute(ClientSecretConstants.CLIENT_SECRET_ROTATION_ENABLED);
rep.setValue(secret);
return rep;
} catch (ClientPolicyException cpe) {
throw new ErrorResponseException(cpe.getError(), cpe.getErrorDetail(),