Inicio Explorar Axuda
Rexistro Iniciar sesión
github
/
spring-authorization-server
réplica de https://github.com/spring-projects/spring-authorization-server
2
0
Fork 0
Ficheiros Incidencias 0 Wiki
Explorar o código

Fix to allow multiple public client registrations

Closes gh-1641
Joe Grandja hai 1 ano
pai
8797590477
achega
520fe25ba4
Modificáronse 2 ficheiros con 26 adicións e 7 borrados
Dividir vista Mostrar estatísticas de Diff
  1. 8 6
      oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/client/JdbcRegisteredClientRepository.java
  2. 18 1
      oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/client/JdbcRegisteredClientRepositoryTests.java

+ 8 - 6
oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/client/JdbcRegisteredClientRepository.java
Ver ficheiro 

@@ -1,5 +1,5 @@
 
 /*
 
- * Copyright 2020-2023 the original author or authors.
 
+ * Copyright 2020-2024 the original author or authors.
 
  *
 
  * Licensed under the Apache License, Version 2.0 (the "License");
 
  * you may not use this file except in compliance with the License.
 
@@ -174,11 +174,13 @@ public class JdbcRegisteredClientRepository implements RegisteredClientRepositor
 
 			throw new IllegalArgumentException("Registered client must be unique. "
 
 					+ "Found duplicate client identifier: " + registeredClient.getClientId());
 
 		}
 
-		count = this.jdbcOperations.queryForObject(COUNT_REGISTERED_CLIENT_SQL + "client_secret = ?", Integer.class,
 
-				registeredClient.getClientSecret());
 
-		if (count != null && count > 0) {
 
-			throw new IllegalArgumentException("Registered client must be unique. "
 
-					+ "Found duplicate client secret for identifier: " + registeredClient.getId());
 
+		if (StringUtils.hasText(registeredClient.getClientSecret())) {
 
+			count = this.jdbcOperations.queryForObject(COUNT_REGISTERED_CLIENT_SQL + "client_secret = ?", Integer.class,
 
+					registeredClient.getClientSecret());
 
+			if (count != null && count > 0) {
 
+				throw new IllegalArgumentException("Registered client must be unique. "
 
+						+ "Found duplicate client secret for identifier: " + registeredClient.getId());
 
+			}
 
 		}
 
 	}

+ 18 - 1
oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/client/JdbcRegisteredClientRepositoryTests.java
Ver ficheiro 

@@ -1,5 +1,5 @@
 
 /*
 
- * Copyright 2020-2023 the original author or authors.
 
+ * Copyright 2020-2024 the original author or authors.
 
  *
 
  * Licensed under the Apache License, Version 2.0 (the "License");
 
  * you may not use this file except in compliance with the License.
 
@@ -168,6 +168,23 @@ public class JdbcRegisteredClientRepositoryTests {
 
 		assertThat(registeredClient).isEqualTo(expectedRegisteredClient);
 
 	}
 
 
+	// gh-1641
 
+	@Test
 
+	public void saveWhenMultipleWithClientSecretEmptyThenSaved() {
 
+		RegisteredClient registeredClient1 = TestRegisteredClients.registeredClient()
 
+			.id("registration-1")
 
+			.clientId("client-1")
 
+			.clientSecret("")
 
+			.build();
 
+		this.registeredClientRepository.save(registeredClient1);
 
+		RegisteredClient registeredClient2 = TestRegisteredClients.registeredClient()
 
+			.id("registration-2")
 
+			.clientId("client-2")
 
+			.clientSecret("")
 
+			.build();
 
+		this.registeredClientRepository.save(registeredClient2);
 
+	}
 
+
 
 	@Test
 
 	public void saveWhenExistingClientIdThenThrowIllegalArgumentException() {
 
 		RegisteredClient registeredClient1 = TestRegisteredClients.registeredClient()