Tests to allow client creation without secret checks

cloudfoundry · Jan 16, 2025 · 092acdd · 092acdd
1 parent 0f7bfbe
commit 092acdd
Show file tree

Hide file tree

Showing 4 changed files with 9 additions and 20 deletions.
diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/client/ClientAdminEndpointsTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/client/ClientAdminEndpointsTests.java
@@ -59,7 +59,6 @@
 import static org.cloudfoundry.identity.uaa.oauth.client.SecretChangeRequest.ChangeMode.ADD;
 import static org.cloudfoundry.identity.uaa.oauth.client.SecretChangeRequest.ChangeMode.DELETE;
 import static org.cloudfoundry.identity.uaa.oauth.token.TokenConstants.GRANT_TYPE_AUTHORIZATION_CODE;
-import static org.cloudfoundry.identity.uaa.oauth.token.TokenConstants.GRANT_TYPE_CLIENT_CREDENTIALS;
 import static org.cloudfoundry.identity.uaa.oauth.token.TokenConstants.GRANT_TYPE_JWT_BEARER;
 import static org.mockito.Mockito.any;
 import static org.mockito.Mockito.anyBoolean;
@@ -1009,16 +1008,6 @@ void updateClientWithAutoapproveScopesTrue() {
         assertThat(updated.isAutoApprove("foo.write")).isTrue();
     }
 
-    @Test
-    void clientCredentialWithEmptySecretIsRejected() {
-        detail.setAuthorizedGrantTypes(Collections.singletonList(GRANT_TYPE_CLIENT_CREDENTIALS));
-        detail.setClientSecret("");
-        detail.setScope(Collections.emptyList());
-        assertThatThrownBy(() -> endpoints.createClientDetails(createClientDetailsCreation(detail)))
-                .isInstanceOf(InvalidClientDetailsException.class)
-                .hasMessage("Client secret is required for client_credentials grant type");
-    }
-
     @Test
     void createClientWithJsonWebKeyUri() {
         // https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata, see jwks_uri

diff --git a/...rc/test/java/org/cloudfoundry/identity/uaa/client/ClientAdminEndpointsValidatorTests.java b/...rc/test/java/org/cloudfoundry/identity/uaa/client/ClientAdminEndpointsValidatorTests.java
@@ -32,6 +32,7 @@
 import java.util.List;
 import java.util.Set;
 
+import static org.assertj.core.api.Assertions.assertThatNoException;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.assertj.core.api.Assertions.fail;
 import static org.assertj.core.api.AssertionsForClassTypes.assertThatExceptionOfType;
@@ -133,9 +134,7 @@ void validate_jwt_bearer_grant_type_without_secret() {
         client.setAuthorizedGrantTypes(Collections.singletonList(GRANT_TYPE_JWT_BEARER));
         client.setScope(Collections.singleton(caller.getClientId() + ".write"));
         client.setClientSecret("");
-        assertThatThrownBy(() -> validator.validate(client, true, true))
-                .isInstanceOf(InvalidClientDetailsException.class)
-                .hasMessageContaining("Client secret is required for grant type " + GRANT_TYPE_JWT_BEARER);
+        assertThatNoException().isThrownBy(() -> validator.validate(client, true, true));
     }
 
     @Test

diff --git a/.../java/org/cloudfoundry/identity/uaa/integration/ClientAdminEndpointsIntegrationTests.java b/.../java/org/cloudfoundry/identity/uaa/integration/ClientAdminEndpointsIntegrationTests.java
@@ -390,7 +390,7 @@ void clientSecretExpiryCannotBeSet() {
     }
 
     @Test
-    void nonImplicitGrantClientWithoutSecretIsRejectedTxFails() {
+    void nonImplicitGrantClientWithSecret() {
         headers = getAuthenticatedHeaders(getClientCredentialsAccessToken("clients.admin,clients.read,clients.write,clients.secret"));
         headers.add("Accept", "application/json");
         String grantTypes = "client_credentials";
@@ -411,10 +411,10 @@ void nonImplicitGrantClientWithoutSecretIsRejectedTxFails() {
                         HttpMethod.POST,
                         new HttpEntity<>(clients, headers),
                         UaaException.class);
-        assertThat(result.getStatusCode()).isEqualTo(HttpStatus.BAD_REQUEST);
+        assertThat(result.getStatusCode()).isEqualTo(HttpStatus.CREATED);
         for (String id : ids) {
             ClientDetails client = getClient(id);
-            assertThat(client).isNull();
+            assertThat(client).isNotNull();
         }
     }
 

diff --git a/...est/java/org/cloudfoundry/identity/uaa/mock/clients/ClientAdminEndpointsMockMvcTests.java b/...est/java/org/cloudfoundry/identity/uaa/mock/clients/ClientAdminEndpointsMockMvcTests.java
@@ -86,6 +86,7 @@
 import static org.cloudfoundry.identity.uaa.oauth.client.SecretChangeRequest.ChangeMode.DELETE;
 import static org.cloudfoundry.identity.uaa.oauth.token.TokenConstants.GRANT_TYPE_AUTHORIZATION_CODE;
 import static org.cloudfoundry.identity.uaa.oauth.token.TokenConstants.GRANT_TYPE_JWT_BEARER;
+import static org.mockito.Mockito.atLeast;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
@@ -697,11 +698,11 @@ void createClientsTxClientCredentialsWithoutSecret() throws Exception {
                 .accept(APPLICATION_JSON)
                 .contentType(APPLICATION_JSON)
                 .content(JsonUtils.writeValueAsString(details));
-        mockMvc.perform(createClientPost).andExpect(status().isBadRequest());
+        mockMvc.perform(createClientPost).andExpect(status().isCreated());
         for (ClientDetails client : details) {
-            assertThat(getClient(client.getClientId())).isNull();
+            assertThat(getClient(client.getClientId())).isNotNull();
         }
-        verify(mockApplicationEventPublisher, times(0)).publishEvent(abstractUaaEventCaptor.capture());
+        verify(mockApplicationEventPublisher, atLeast(5)).publishEvent(abstractUaaEventCaptor.capture());
     }
 
     @Test