fix: enforce sanitizeTemplate method

fixes AM-3069 gravtee-io/issues#9687
gravitee-io · Apr 19, 2024 · 361f78d · 361f78d
1 parent 59e5c04
commit 361f78d
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 2 deletions.
diff --git a/...ay/handler/oidc/service/clientregistration/impl/DynamicClientRegistrationServiceImpl.java b/...ay/handler/oidc/service/clientregistration/impl/DynamicClientRegistrationServiceImpl.java
@@ -221,6 +221,8 @@ private Single<Client> sanitizeTemplate(Client template) {
         template.setDomain(domain.getId());
         template.setId(null);
         template.setClientSecret(null);
+        template.setSecretSettings(new ArrayList<>());
+        template.setClientSecrets(new ArrayList<>());
         template.setClientName(ClientServiceImpl.DEFAULT_CLIENT_NAME);
         template.setRedirectUris(null);
         template.setSectorIdentifierUri(null);

diff --git a/...gateway/handler/oidc/service/clientregistration/DynamicClientRegistrationServiceTest.java b/...gateway/handler/oidc/service/clientregistration/DynamicClientRegistrationServiceTest.java
@@ -35,6 +35,8 @@
 import io.gravitee.am.model.Domain;
 import io.gravitee.am.model.IdentityProvider;
 import io.gravitee.am.model.application.ApplicationScopeSettings;
+import io.gravitee.am.model.application.ApplicationSecretSettings;
+import io.gravitee.am.model.application.ClientSecret;
 import io.gravitee.am.model.oidc.Client;
 import io.gravitee.am.model.oidc.JWKSet;
 import io.gravitee.am.model.oidc.OIDCSettings;
@@ -898,6 +900,8 @@ public void createFromTemplate() {
         template.setClientName("shouldBeRemoved");
         template.setClientId("shouldBeReplaced");
         template.setClientSecret("shouldBeRemoved");
+        template.setSecretSettings(List.of(new ApplicationSecretSettings()));
+        template.setClientSecrets(List.of(new ClientSecret()));
         template.setRedirectUris(Arrays.asList("shouldBeRemoved"));
         template.setSectorIdentifierUri("shouldBeRemoved");
         template.setJwks(new JWKSet());
@@ -925,7 +929,7 @@ public void createFromTemplate() {
                         client.getJwks() == null &&
                         client.getSectorIdentifierUri() == null
         );
-        verify(clientService, times(1)).create(any());
+        verify(clientService, times(1)).create(argThat(duplicateClient -> duplicateClient.getClientSecrets().isEmpty() && duplicateClient.getSecretSettings().isEmpty()));
     }
 
     @Test

diff --git a/gravitee-am-service/src/main/java/io/gravitee/am/service/impl/ApplicationServiceImpl.java b/gravitee-am-service/src/main/java/io/gravitee/am/service/impl/ApplicationServiceImpl.java
@@ -610,7 +610,7 @@ private Single<Application> create0(String domain, Application application, User
         var applicationSettings = application.getSettings();
         final var rawSecret = applicationSettings.getOauth().getClientSecret();
         if (rawSecret != null) {
-            // PUBLIC client doesn't need to have secret, so wa have to test it before generated the hash
+            // PUBLIC client doesn't need to have secret, so we have to test it before generated the hash
             applicationSettings.getOauth().setClientSecret(null);
             var clientSecret = this.clientSecretService.generateClientSecret(rawSecret, secretSettings);
             application.setSecrets(List.of(clientSecret));