diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/zone/ZoneAwareClientSecretPolicyValidator.java b/server/src/main/java/org/cloudfoundry/identity/uaa/zone/ZoneAwareClientSecretPolicyValidator.java index 2e68e7506d1..18c53b1c0de 100644 --- a/server/src/main/java/org/cloudfoundry/identity/uaa/zone/ZoneAwareClientSecretPolicyValidator.java +++ b/server/src/main/java/org/cloudfoundry/identity/uaa/zone/ZoneAwareClientSecretPolicyValidator.java @@ -18,6 +18,7 @@ import org.passay.PasswordValidator; import org.passay.PropertiesMessageResolver; import org.passay.RuleResult; +import org.springframework.util.StringUtils; import java.util.LinkedList; import java.util.List; @@ -71,7 +72,7 @@ public ZoneAwareClientSecretPolicyValidator(ClientSecretPolicy globalDefaultClie @Override public void validate(String clientSecret) throws InvalidClientSecretException { - if(clientSecret == null) { + if(!StringUtils.hasText(clientSecret)) { return; } diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/zone/ZoneAwareClientSecretPolicyValidatorTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/zone/ZoneAwareClientSecretPolicyValidatorTests.java index 19fc9c9db49..d5be2e8ae04 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/zone/ZoneAwareClientSecretPolicyValidatorTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/zone/ZoneAwareClientSecretPolicyValidatorTests.java @@ -39,7 +39,7 @@ void setUp() { @Test void testEmptyClientSecret() { zone.getConfig().setClientSecretPolicy(defaultPolicy); - assertThrows(InvalidClientSecretException.class, () -> validator.validate(TEST_SECRET_1)); + validator.validate(TEST_SECRET_1); } @Test diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/ClientAdminEndpointsIntegrationTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/ClientAdminEndpointsIntegrationTests.java index 744025d25e4..795bc02290d 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/ClientAdminEndpointsIntegrationTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/ClientAdminEndpointsIntegrationTests.java @@ -25,6 +25,7 @@ import org.cloudfoundry.identity.uaa.resources.SearchResults; import org.cloudfoundry.identity.uaa.test.TestAccountSetup; import org.cloudfoundry.identity.uaa.test.UaaTestAccounts; +import org.cloudfoundry.identity.uaa.util.UaaStringUtils; import org.cloudfoundry.identity.uaa.zone.ClientSecretPolicy; import org.cloudfoundry.identity.uaa.zone.IdentityZone; import org.cloudfoundry.identity.uaa.zone.IdentityZoneConfiguration; @@ -170,6 +171,21 @@ public void createClientWithSecondarySecret() { assertEquals(HttpStatus.CREATED, result.getStatusCode()); } + @Test + public void createClientWithEmptySecret() { + OAuth2AccessToken token = getClientCredentialsAccessToken("clients.admin"); + HttpHeaders headers = getAuthenticatedHeaders(token); + var client = new ClientDetailsCreation(); + client.setClientId(new RandomValueStringGenerator().generate()); + client.setClientSecret(UaaStringUtils.EMPTY_STRING); + client.setAuthorizedGrantTypes(List.of("password")); + + ResponseEntity result = serverRunning.getRestTemplate() + .exchange(serverRunning.getUrl("/oauth/clients"), HttpMethod.POST, + new HttpEntity<>(client, headers), Void.class); + assertEquals(HttpStatus.CREATED, result.getStatusCode()); + } + @Test public void testCreateClients() throws Exception { doCreateClients();