Merge pull request cloudfoundry#6 from daleolds/develop

* pull6: allow clients with password grant to have no secret
daleolds · Feb 7, 2013 · e396dd1 · e396dd1
2 parents 2536c7d + 4d20c43
commit e396dd1
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 13 deletions.
diff --git a/common/src/main/java/org/cloudfoundry/identity/uaa/oauth/ClientAdminEndpoints.java b/common/src/main/java/org/cloudfoundry/identity/uaa/oauth/ClientAdminEndpoints.java
@@ -323,8 +323,9 @@ private ClientDetails validateClient(ClientDetails prototype, boolean create) {
 			}
 		}
 
-		if (requestedGrantTypes.contains("authorization_code") && !requestedGrantTypes.contains("refresh_token")) {
-			logger.info("authorization_code client missing refresh_token: " + clientId);
+		if ((requestedGrantTypes.contains("authorization_code") || requestedGrantTypes.contains("password"))
+                && !requestedGrantTypes.contains("refresh_token")) {
+			logger.info("requested grant type missing refresh_token: " + clientId);
 
 			requestedGrantTypes.add("refresh_token");
 		}
@@ -339,11 +340,9 @@ private ClientDetails validateClient(ClientDetails prototype, boolean create) {
 				}
 			}
 
-			if (requestedGrantTypes.contains("implicit")
-					&& (requestedGrantTypes.contains("authorization_code") || requestedGrantTypes
-							.contains("refresh_token"))) {
+			if (requestedGrantTypes.contains("implicit") &&  requestedGrantTypes.contains("authorization_code")) {
 				throw new InvalidClientDetailsException(
-						"Not allowed: implicit grant type is not allowed together with authorization_code or refresh_token");
+						"Not allowed: implicit grant type is not allowed together with authorization_code");
 			}
 
 			String callerId = securityContextAccessor.getClientId();
@@ -415,19 +414,16 @@ private ClientDetails validateClient(ClientDetails prototype, boolean create) {
 		}
 		if (create) {
 			// Only check for missing secret if client is being created.
-			if (!isImplicit(requestedGrantTypes) && !StringUtils.hasText(client.getClientSecret())) {
-				throw new InvalidClientDetailsException("Client secret is required for non-implicit grant types");
+            if ((requestedGrantTypes.contains("client_credentials") || requestedGrantTypes.contains("authorization_code"))
+                    && !StringUtils.hasText(client.getClientSecret())) {
+				throw new InvalidClientDetailsException("Client secret is required for client_credentials and authorization_code grant types");
 			}
 		}
 
 		return client;
 
 	}
 
-	private boolean isImplicit(Set<String> requestedGrantTypes) {
-		return Collections.singleton("implicit").equals(requestedGrantTypes);
-	}
-
 	private void checkPasswordChangeIsAllowed(ClientDetails clientDetails, String oldSecret) {
 
 		if (!securityContextAccessor.isClient()) {

diff --git a/.../java/org/cloudfoundry/identity/uaa/integration/ClientAdminEndpointsIntegrationTests.java b/.../java/org/cloudfoundry/identity/uaa/integration/ClientAdminEndpointsIntegrationTests.java
@@ -121,6 +121,15 @@ public void implicitGrantClientWithoutSecretIsOk() throws Exception {
 		assertEquals(HttpStatus.CREATED, result.getStatusCode());
 	}
 
+    @Test
+    public void passwordGrantClientWithoutSecretIsOk() throws Exception {
+        BaseClientDetails client = new BaseClientDetails(new RandomValueStringGenerator().generate(), "", "foo,bar", "password", "uaa.none");
+        ResponseEntity<Void> result = serverRunning.getRestTemplate().exchange(serverRunning.getUrl("/oauth/clients"),
+                HttpMethod.POST, new HttpEntity<BaseClientDetails>(client, headers), Void.class);
+
+        assertEquals(HttpStatus.CREATED, result.getStatusCode());
+    }
+
 	@Test
 	public void authzCodeGrantAutomaticallyAddsRefreshToken() throws Exception {
 		BaseClientDetails client = createClient("authorization_code");
@@ -130,7 +139,16 @@ public void authzCodeGrantAutomaticallyAddsRefreshToken() throws Exception {
 		assertTrue(result.getBody().contains("\"authorized_grant_types\":[\"authorization_code\",\"refresh_token\"]"));
 	}
 
-	@Test
+    @Test
+    public void passwordGrantAutomaticallyAddsRefreshToken() throws Exception {
+        BaseClientDetails client = createClient("password");
+
+        ResponseEntity<String> result = serverRunning.getForString("/oauth/clients/" + client.getClientId(), headers);
+        assertEquals(HttpStatus.OK, result.getStatusCode());
+        assertTrue(result.getBody().contains("\"authorized_grant_types\":[\"password\",\"refresh_token\"]"));
+    }
+
+    @Test
 	public void testUpdateClient() throws Exception {
 		BaseClientDetails client = createClient("client_credentials");