Fix handling of public clients
Change-Id: I5ab1286a70b451879257735f42d293cb30543312
diff --git a/Changes b/Changes
index 9b853c2..9b9c06f 100755
--- a/Changes
+++ b/Changes
@@ -1,5 +1,6 @@
-0.45.1 2022-07-06
+0.46 2022-07-06
- Increased max query length from 1000 to 4096 characters. (kupietz)
+ - Fix handling of public clients. (diewald)
0.45 2022-05-20
- Added confidential client support to OAuth. (diewald)
diff --git a/lib/Kalamar/Plugin/Auth.pm b/lib/Kalamar/Plugin/Auth.pm
index 2666108..dcc6bda 100644
--- a/lib/Kalamar/Plugin/Auth.pm
+++ b/lib/Kalamar/Plugin/Auth.pm
@@ -903,14 +903,8 @@
# Check plugin source
if ($src) {
- # Plugins need to be confidential
- if ($type ne 'CONFIDENTIAL') {
- $c->notify(error => $c->loc('Auth_confidentialRequired'));
- return $c->render;
- }
-
# Source need to be a file upload
- elsif (!ref $src || !$src->isa('Mojo::Upload')) {
+ if (!ref $src || !$src->isa('Mojo::Upload')) {
$c->notify(error => $c->loc('Auth_jsonRequired'));
return $c->render;
};
@@ -924,6 +918,12 @@
# Check upload is not empty
if ($src->size > 0 && $src->filename ne '') {
+ # Plugins need to be confidential
+ if ($type ne 'CONFIDENTIAL') {
+ $c->notify(error => $c->loc('Auth_confidentialRequired'));
+ return $c->render;
+ }
+
my $asset = $src->asset;
# Check for json
diff --git a/t/plugin/auth-oauth.t b/t/plugin/auth-oauth.t
index 7dc2549..03a3c1c 100644
--- a/t/plugin/auth-oauth.t
+++ b/t/plugin/auth-oauth.t
@@ -503,7 +503,7 @@
$t->post_ok('/settings/oauth/register' => form => {
name => 'MyApp',
- type => 'CONFIDENTIAL',
+ type => 'PUBLIC',
desc => 'This is my plugin application',
csrf_token => $csrf,
src => {
@@ -516,7 +516,7 @@
->text_is('legend', 'Client Credentials')
->text_is('label[for=client_id]', 'ID of the client application')
->element_exists('input[name=client_id][readonly][value]')
- ->element_exists('input[name=client_secret][readonly][value]')
+ ->element_exists_not('input[name=client_secret][readonly][value]')
->header_is('Cache-Control','max-age=0, no-cache, no-store, must-revalidate')
->header_is('Expires','Thu, 01 Jan 1970 00:00:00 GMT')
->header_is('Pragma','no-cache')
@@ -904,17 +904,23 @@
$t->post_ok('/settings/oauth/register' => form => $json_post)
->status_is(200)
->element_exists('div.notify-error')
+ ->text_is('div.notify-error', 'Plugin declarations need to be json files')
+ ;
+
+$json_post->{src} = {
+ content => 'jjjjjj',
+ filename => 'fun.txt'
+};
+
+$t->post_ok('/settings/oauth/register' => form => $json_post)
+ ->status_is(200)
+ ->element_exists('div.notify-error')
->text_is('div.notify-error', 'Plugins need to be confidential')
;
$json_post->{type} = 'CONFIDENTIAL';
-$t->post_ok('/settings/oauth/register' => form => $json_post)
- ->status_is(200)
- ->element_exists('div.notify-error')
- ->text_is('div.notify-error', 'Plugin declarations need to be json files')
- ;
-
+# This somehow gets removed in the last form send ...
$json_post->{src} = {
content => 'jjjjjj',
filename => 'fun.txt'