fix: properly check if application type is defined with using DCR

https://gravitee.atlassian.net/browse/APIM-2437 gravitee-io/issues#9157 https://gravitee.atlassian.net/browse/APIM-2438 gravitee-io/issues#9158
gravitee-io · Oct 25, 2023 · 6f4e68d · 6f4e68d
1 parent 041d3bf
commit 6f4e68d
Showing 1 changed file with 8 additions and 4 deletions.
diff --git a/...t-api-service/src/main/java/io/gravitee/rest/api/service/impl/ApplicationServiceImpl.java b/...t-api-service/src/main/java/io/gravitee/rest/api/service/impl/ApplicationServiceImpl.java
@@ -350,7 +350,7 @@ public ApplicationEntity create(final ExecutionContext executionContext, NewAppl
             if (!isApplicationTypeAllowed(executionContext, appType, executionContext.getEnvironmentId())) {
                 throw new IllegalStateException("Application type '" + appType + "' is not allowed");
             }
-            checkClientSettings(newApplicationEntity.getSettings().getoAuthClient(), newApplicationEntity.getType());
+            checkAndSanitizeOAuthClientSettings(newApplicationEntity.getSettings().getoAuthClient());
 
             // Create an OAuth client
             ClientRegistrationResponse registrationResponse = clientRegistrationService.register(executionContext, newApplicationEntity);
@@ -454,12 +454,16 @@ private ApplicationEntity createApplicationForEnvironment(
         }
     }
 
-    private void checkClientSettings(OAuthClientSettings oAuthClientSettings, String applicationType) {
+    private void checkAndSanitizeOAuthClientSettings(OAuthClientSettings oAuthClientSettings) {
         if (oAuthClientSettings.getGrantTypes() == null || oAuthClientSettings.getGrantTypes().isEmpty()) {
             throw new ApplicationGrantTypesNotFoundException();
         }
 
-        ApplicationTypeEntity applicationTypeEntity = applicationTypeService.getApplicationType(applicationType);
+        if(oAuthClientSettings.getApplicationType() == null || oAuthClientSettings.getApplicationType().isEmpty()){
+            throw new ApplicationTypeNotFoundException(null);
+        }
+
+        ApplicationTypeEntity applicationTypeEntity = applicationTypeService.getApplicationType(oAuthClientSettings.getApplicationType());
 
         List<String> targetGrantTypes = oAuthClientSettings.getGrantTypes();
         List<String> allowedGrantTypes = applicationTypeEntity
@@ -548,7 +552,7 @@ public ApplicationEntity update(
             } else {
                 // Check that client registration is enabled
                 checkClientRegistrationEnabled(executionContext, executionContext.getEnvironmentId());
-                checkClientSettings(updateApplicationEntity.getSettings().getoAuthClient(), applicationToUpdate.getType().name());
+                checkAndSanitizeOAuthClientSettings(updateApplicationEntity.getSettings().getoAuthClient());
 
                 // Update an OAuth client
                 final String registrationPayload = applicationToUpdate.getMetadata().get(METADATA_REGISTRATION_PAYLOAD);