From d5041816b67d9662dfaaa284940e3965bd579dd5 Mon Sep 17 00:00:00 2001 From: Steve Hawkins Date: Tue, 9 Jul 2024 15:57:15 -0400 Subject: [PATCH] fix: check for blank password / client secret closes: #30540 Signed-off-by: Steve Hawkins --- .../quarkus/runtime/cli/command/BootstrapAdminService.java | 3 +++ .../quarkus/runtime/cli/command/BootstrapAdminUser.java | 3 +++ 2 files changed, 6 insertions(+) diff --git a/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/cli/command/BootstrapAdminService.java b/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/cli/command/BootstrapAdminService.java index 1cede5f901..45d5eae07a 100644 --- a/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/cli/command/BootstrapAdminService.java +++ b/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/cli/command/BootstrapAdminService.java @@ -78,6 +78,9 @@ public class BootstrapAdminService extends AbstractNonServerCommand { if (!clientSecret.equals(confirmClientSecret)) { throw new PropertyException("Client secrets do not match"); } + if (clientSecret.isBlank()) { + throw new PropertyException("Client secret must not be blank"); + } } else { clientSecret = getFromEnv(clientSecretEnv); } diff --git a/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/cli/command/BootstrapAdminUser.java b/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/cli/command/BootstrapAdminUser.java index 04177a37b1..b5a7a9f670 100644 --- a/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/cli/command/BootstrapAdminUser.java +++ b/quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/cli/command/BootstrapAdminUser.java @@ -78,6 +78,9 @@ public class BootstrapAdminUser extends AbstractNonServerCommand { if (!password.equals(confirmPassword)) { throw new PropertyException("Passwords do not match"); } + if (password.isBlank()) { + throw new PropertyException("Password must not be blank"); + } } else { password = getFromEnv(passwordEnv); }