SECOAUTH-264: use encoder when client secret is changed

spring-attic · May 24, 2012 · 065e68a · 065e68a
1 parent 4b87424
commit 065e68a
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 3 deletions.
diff --git a/.../src/main/java/org/springframework/security/oauth2/provider/JdbcClientDetailsService.java b/.../src/main/java/org/springframework/security/oauth2/provider/JdbcClientDetailsService.java
@@ -129,7 +129,7 @@ public void updateClientDetails(ClientDetails clientDetails) throws NoSuchClient
 	}
 
 	public void updateClientSecret(String clientId, String secret) throws NoSuchClientException {
-		int count = jdbcTemplate.update(updateClientSecretSql, secret, clientId);
+		int count = jdbcTemplate.update(updateClientSecretSql, passwordEncoder.encode(secret), clientId);
 		if (count != 1) {
 			throw new NoSuchClientException("No client found with id = " + clientId);
 		}

diff --git a/.../test/java/org/springframework/security/oauth2/provider/TestJdbcClientDetailsService.java b/.../test/java/org/springframework/security/oauth2/provider/TestJdbcClientDetailsService.java
@@ -17,6 +17,7 @@
 import org.springframework.jdbc.datasource.embedded.EmbeddedDatabase;
 import org.springframework.jdbc.datasource.embedded.EmbeddedDatabaseBuilder;
 import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.oauth2.common.exceptions.InvalidClientException;
 
 public class TestJdbcClientDetailsService {
@@ -184,15 +185,25 @@ public void testUpdateClientSecret() {
 
 		BaseClientDetails clientDetails = new BaseClientDetails();
 		clientDetails.setClientId("newClientIdWithNoDetails");
-
+
+		service.setPasswordEncoder(new PasswordEncoder() {
+
+			public boolean matches(CharSequence rawPassword, String encodedPassword) {
+				return true;
+			}
+
+			public String encode(CharSequence rawPassword) {
+				return "BAR";
+			}
+		});
 		service.addClientDetails(clientDetails);
 		service.updateClientSecret(clientDetails.getClientId(), "foo");
 
 		Map<String, Object> map = jdbcTemplate.queryForMap(SELECT_SQL, "newClientIdWithNoDetails");
 
 		assertEquals("newClientIdWithNoDetails", map.get("client_id"));
 		assertTrue(map.containsKey("client_secret"));
-		assertEquals("foo", map.get("client_secret"));
+		assertEquals("BAR", map.get("client_secret"));
 	}
 
 	@Test