handler: Use generate secrets function as used in cmd (#1674)

If a client is being created by the api and the client_secret is not specified then the client_secret is being generated as a random string of length 26.
ory · Jan 7, 2020 · bf2f0fe · bf2f0fe
1 parent bca3e0f
commit bf2f0fe
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 3 deletions.
diff --git a/client/handler.go b/client/handler.go
@@ -31,7 +31,6 @@ import (
 	"github.com/pkg/errors"
 
 	"github.com/ory/x/pagination"
-	"github.com/ory/x/randx"
 )
 
 type Handler struct {
@@ -87,12 +86,12 @@ func (h *Handler) Create(w http.ResponseWriter, r *http.Request, _ httprouter.Pa
 	}
 
 	if len(c.Secret) == 0 {
-		secret, err := randx.RuneSequence(12, []rune("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890_-.~"))
+		secretb, err := x.GenerateSecret(26)
 		if err != nil {
 			h.r.Writer().WriteError(w, r, errors.WithStack(err))
 			return
 		}
-		c.Secret = string(secret)
+		c.Secret = string(secretb)
 	}
 
 	if err := h.r.ClientValidator().Validate(&c); err != nil {

diff --git a/cypress/integration/admin/client_create.js b/cypress/integration/admin/client_create.js
@@ -0,0 +1,18 @@
+import { prng } from '../../helpers';
+
+describe('The Clients Admin Interface', function() {
+    const nc = () => ({
+        client_id: prng(),
+        scope: 'foo openid offline_access',
+        grant_types: ['client_credentials']
+    });
+
+    it('should return client_secret with length 26 for newly created clients without client_secret specified', function() {
+        const client = nc();
+
+        cy.request('POST', Cypress.env('admin_url') + '/clients', JSON.stringify(client))
+            .then((response) => {
+                expect(response.body.client_secret.length).to.equal(26)
+            })
+    });
+});