Skip to content

DWN-27040: Changes when the client secret is given to the UI #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Dec 14, 2018
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -150,12 +150,16 @@ public ClientDetailsEntity saveNewClient(ClientDetailsEntity client) {

ensureNoReservedScopes(client);

String plaintextSecret = client.getClientSecret();

if(!Strings.isNullOrEmpty(client.getClientSecret())) {
client.setClientSecret(this.passwordEncoder.encode(client.getClientSecret()));
}

ClientDetailsEntity c = clientRepository.saveClient(client);

c.setClientSecret(plaintextSecret);

statsService.resetCache();

return c;
Expand Down Expand Up @@ -432,9 +436,11 @@ public ClientDetailsEntity updateClient(ClientDetailsEntity oldClient, ClientDet
// make sure a client doesn't get any special system scopes
ensureNoReservedScopes(newClient);

if(!Strings.isNullOrEmpty(newClient.getClientSecret())) {
if (Strings.isNullOrEmpty(newClient.getClientSecret())){
newClient.setClientSecret(oldClient.getClientSecret());
}else{
newClient.setClientSecret(this.passwordEncoder.encode(newClient.getClientSecret()));
}
}

return clientRepository.updateClient(oldClient.getId(), newClient);
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -229,6 +229,9 @@ public PKCEAlgorithm deserialize(JsonElement json, Type typeOfT, JsonDeserializa
public String apiGetAllClients(Model model, Authentication auth) {

Collection<ClientDetailsEntity> clients = clientService.getAllClients();

clients.forEach(client -> client.setClientSecret(null));

model.addAttribute(JsonEntityView.ENTITY, clients);

if (AuthenticationUtilities.isAdmin(auth)) {
Expand Down Expand Up @@ -320,6 +323,8 @@ public String apiAddClient(@RequestBody String jsonString, Model m, Authenticati

try {
ClientDetailsEntity newClient = clientService.saveNewClient(client);

//Set the client secret to the plaintext from the request
m.addAttribute(JsonEntityView.ENTITY, newClient);

if (AuthenticationUtilities.isAdmin(auth)) {
Expand Down Expand Up @@ -385,6 +390,7 @@ public String apiUpdateClient(@PathVariable("id") Long id, @RequestBody String j
}

ClientDetailsEntity oldClient = clientService.getClientById(id);
String plaintextSecret = client.getClientSecret();

if (oldClient == null) {
logger.error("apiUpdateClient failed; client with id " + id + " could not be found.");
Expand All @@ -408,10 +414,10 @@ public String apiUpdateClient(@PathVariable("id") Long id, @RequestBody String j
|| client.getTokenEndpointAuthMethod().equals(AuthMethod.SECRET_POST)
|| client.getTokenEndpointAuthMethod().equals(AuthMethod.SECRET_JWT)) {

// if they've asked for us to generate a client secret (or they left it blank but require one), do so here
if (json.has("generateClientSecret") && json.get("generateClientSecret").getAsBoolean()
|| Strings.isNullOrEmpty(client.getClientSecret())) {
// Once a client has been created, we only update the secret when asked to
if (json.has("generateClientSecret") && json.get("generateClientSecret").getAsBoolean()) {
client = clientService.generateClientSecret(client);
plaintextSecret = client.getClientSecret();
}

} else if (client.getTokenEndpointAuthMethod().equals(AuthMethod.PRIVATE_KEY)) {
Expand All @@ -438,6 +444,10 @@ public String apiUpdateClient(@PathVariable("id") Long id, @RequestBody String j

try {
ClientDetailsEntity newClient = clientService.updateClient(oldClient, client);

//Set the client secret to the plaintext from the request
newClient.setClientSecret(plaintextSecret);

m.addAttribute(JsonEntityView.ENTITY, newClient);

if (AuthenticationUtilities.isAdmin(auth)) {
Expand Down Expand Up @@ -497,6 +507,9 @@ public String apiShowClient(@PathVariable("id") Long id, Model model, Authentica
return JsonErrorView.VIEWNAME;
}

//We don't want the UI to get the secret
client.setClientSecret(null);

model.addAttribute(JsonEntityView.ENTITY, client);

if (AuthenticationUtilities.isAdmin(auth)) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -242,6 +242,7 @@ public String registerNewClient(@RequestBody String jsonString, Model m) {
// send it all out to the view

RegisteredClient registered = new RegisteredClient(savedClient, token.getValue(), config.getIssuer() + "register/" + UriUtils.encodePathSegment(savedClient.getClientId(), "UTF-8"));

m.addAttribute("client", registered);
m.addAttribute(HttpCodeView.CODE, HttpStatus.CREATED); // http 201

Expand Down Expand Up @@ -377,6 +378,9 @@ public String updateClient(@PathVariable("id") String clientId, @RequestBody Str

RegisteredClient registered = new RegisteredClient(savedClient, token.getValue(), config.getIssuer() + "register/" + UriUtils.encodePathSegment(savedClient.getClientId(), "UTF-8"));

// We don't want the UI to receive the client secret
registered.setClientSecret(null);

// send it all out to the view
m.addAttribute("client", registered);
m.addAttribute(HttpCodeView.CODE, HttpStatus.OK); // http 200
Expand Down