github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

DWN-27040: Changes when the client secret is given to the UI

pull/1601/head
Carling Knight 2018-12-03 16:18:48 +00:00
parent 0ae12c2e5d
commit c12cb18197
2 changed files with 22 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ClientDetailsEntityService.java
View File

@ -432,9 +432,11 @@ public class DefaultOAuth2ClientDetailsEntityService implements ClientDetailsEnt
// make sure a client doesn't get any special system scopes
ensureNoReservedScopes(newClient);
if(!Strings.isNullOrEmpty(newClient.getClientSecret())) {
if (Strings.isNullOrEmpty(newClient.getClientSecret())){
newClient.setClientSecret(oldClient.getClientSecret());
}else{
newClient.setClientSecret(this.passwordEncoder.encode(newClient.getClientSecret()));
}
}
return clientRepository.updateClient(oldClient.getId(), newClient);
}

21
openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientAPI.java
View File

@ -278,6 +278,8 @@ public class ClientAPI {
client = clientService.generateClientId(client);
}
String plaintextSecret = client.getClientSecret();
if (client.getTokenEndpointAuthMethod() == null ||
client.getTokenEndpointAuthMethod().equals(AuthMethod.NONE)) {
// we shouldn't have a secret for this client
@ -292,6 +294,7 @@ public class ClientAPI {
if (json.has("generateClientSecret") && json.get("generateClientSecret").getAsBoolean()
|| Strings.isNullOrEmpty(client.getClientSecret())) {
client = clientService.generateClientSecret(client);
plaintextSecret = client.getClientSecret();
}
} else if (client.getTokenEndpointAuthMethod().equals(AuthMethod.PRIVATE_KEY)) {
@ -320,6 +323,10 @@ public class ClientAPI {
try {
ClientDetailsEntity newClient = clientService.saveNewClient(client);
//Set the client secret to the plaintext from the request
newClient.setClientSecret(plaintextSecret);
m.addAttribute(JsonEntityView.ENTITY, newClient);
if (AuthenticationUtilities.isAdmin(auth)) {
@ -385,6 +392,7 @@ public class ClientAPI {
}
ClientDetailsEntity oldClient = clientService.getClientById(id);
String plaintextSecret = client.getClientSecret();
if (oldClient == null) {
logger.error("apiUpdateClient failed; client with id " + id + " could not be found.");
@ -408,10 +416,10 @@ public class ClientAPI {
|| client.getTokenEndpointAuthMethod().equals(AuthMethod.SECRET_POST)
|| client.getTokenEndpointAuthMethod().equals(AuthMethod.SECRET_JWT)) {
// if they've asked for us to generate a client secret (or they left it blank but require one), do so here
if (json.has("generateClientSecret") && json.get("generateClientSecret").getAsBoolean()
|| Strings.isNullOrEmpty(client.getClientSecret())) {
// Once a client has been created, we only update the secret when asked to
if (json.has("generateClientSecret") && json.get("generateClientSecret").getAsBoolean()) {
client = clientService.generateClientSecret(client);
plaintextSecret = client.getClientSecret();
}
} else if (client.getTokenEndpointAuthMethod().equals(AuthMethod.PRIVATE_KEY)) {
@ -438,6 +446,10 @@ public class ClientAPI {
try {
ClientDetailsEntity newClient = clientService.updateClient(oldClient, client);
//Set the client secret to the plaintext from the request
newClient.setClientSecret(plaintextSecret);
m.addAttribute(JsonEntityView.ENTITY, newClient);
if (AuthenticationUtilities.isAdmin(auth)) {
@ -497,6 +509,9 @@ public class ClientAPI {
return JsonErrorView.VIEWNAME;
}
//We don't want the UI to get the secret
client.setClientSecret(null);
model.addAttribute(JsonEntityView.ENTITY, client);
if (AuthenticationUtilities.isAdmin(auth)) {