Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Merge pull request #6 from daleolds/develop

* pull6:
  allow clients with password grant to have no secret
  • Loading branch information...
commit e396dd1fc0aacd6df1e952a424be15ae02afe4dd 2 parents 2536c7d + 4d20c43
@dsyer dsyer authored
View
20 common/src/main/java/org/cloudfoundry/identity/uaa/oauth/ClientAdminEndpoints.java
@@ -323,8 +323,9 @@ private ClientDetails validateClient(ClientDetails prototype, boolean create) {
}
}
- if (requestedGrantTypes.contains("authorization_code") && !requestedGrantTypes.contains("refresh_token")) {
- logger.info("authorization_code client missing refresh_token: " + clientId);
+ if ((requestedGrantTypes.contains("authorization_code") || requestedGrantTypes.contains("password"))
+ && !requestedGrantTypes.contains("refresh_token")) {
+ logger.info("requested grant type missing refresh_token: " + clientId);
requestedGrantTypes.add("refresh_token");
}
@@ -339,11 +340,9 @@ private ClientDetails validateClient(ClientDetails prototype, boolean create) {
}
}
- if (requestedGrantTypes.contains("implicit")
- && (requestedGrantTypes.contains("authorization_code") || requestedGrantTypes
- .contains("refresh_token"))) {
+ if (requestedGrantTypes.contains("implicit") && requestedGrantTypes.contains("authorization_code")) {
throw new InvalidClientDetailsException(
- "Not allowed: implicit grant type is not allowed together with authorization_code or refresh_token");
+ "Not allowed: implicit grant type is not allowed together with authorization_code");
}
String callerId = securityContextAccessor.getClientId();
@@ -415,8 +414,9 @@ private ClientDetails validateClient(ClientDetails prototype, boolean create) {
}
if (create) {
// Only check for missing secret if client is being created.
- if (!isImplicit(requestedGrantTypes) && !StringUtils.hasText(client.getClientSecret())) {
- throw new InvalidClientDetailsException("Client secret is required for non-implicit grant types");
+ if ((requestedGrantTypes.contains("client_credentials") || requestedGrantTypes.contains("authorization_code"))
+ && !StringUtils.hasText(client.getClientSecret())) {
+ throw new InvalidClientDetailsException("Client secret is required for client_credentials and authorization_code grant types");
}
}
@@ -424,10 +424,6 @@ private ClientDetails validateClient(ClientDetails prototype, boolean create) {
}
- private boolean isImplicit(Set<String> requestedGrantTypes) {
- return Collections.singleton("implicit").equals(requestedGrantTypes);
- }
-
private void checkPasswordChangeIsAllowed(ClientDetails clientDetails, String oldSecret) {
if (!securityContextAccessor.isClient()) {
View
20 .../java/org/cloudfoundry/identity/uaa/integration/ClientAdminEndpointsIntegrationTests.java
@@ -121,6 +121,15 @@ public void implicitGrantClientWithoutSecretIsOk() throws Exception {
assertEquals(HttpStatus.CREATED, result.getStatusCode());
}
+ @Test
+ public void passwordGrantClientWithoutSecretIsOk() throws Exception {
+ BaseClientDetails client = new BaseClientDetails(new RandomValueStringGenerator().generate(), "", "foo,bar", "password", "uaa.none");
+ ResponseEntity<Void> result = serverRunning.getRestTemplate().exchange(serverRunning.getUrl("/oauth/clients"),
+ HttpMethod.POST, new HttpEntity<BaseClientDetails>(client, headers), Void.class);
+
+ assertEquals(HttpStatus.CREATED, result.getStatusCode());
+ }
+
@Test
public void authzCodeGrantAutomaticallyAddsRefreshToken() throws Exception {
BaseClientDetails client = createClient("authorization_code");
@@ -130,7 +139,16 @@ public void authzCodeGrantAutomaticallyAddsRefreshToken() throws Exception {
assertTrue(result.getBody().contains("\"authorized_grant_types\":[\"authorization_code\",\"refresh_token\"]"));
}
- @Test
+ @Test
+ public void passwordGrantAutomaticallyAddsRefreshToken() throws Exception {
+ BaseClientDetails client = createClient("password");
+
+ ResponseEntity<String> result = serverRunning.getForString("/oauth/clients/" + client.getClientId(), headers);
+ assertEquals(HttpStatus.OK, result.getStatusCode());
+ assertTrue(result.getBody().contains("\"authorized_grant_types\":[\"password\",\"refresh_token\"]"));
+ }
+
+ @Test
public void testUpdateClient() throws Exception {
BaseClientDetails client = createClient("client_credentials");
Please sign in to comment.
Something went wrong with that request. Please try again.