Merge branch '1.2.x'

Closes gh-1657
2 years ago · ce76f5c23d
2 changed files with 26 additions and 7 deletions
--- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/client/JdbcRegisteredClientRepository.java
+++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/client/JdbcRegisteredClientRepository.java
@ -1,5 +1,5 @@
				@@ -1,5 +1,5 @@
 /*
- * Copyright 2020-2023 the original author or authors.
+ * Copyright 2020-2024 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -174,6 +174,7 @@ public class JdbcRegisteredClientRepository implements RegisteredClientRepositor
				@@ -174,6 +174,7 @@ public class JdbcRegisteredClientRepository implements RegisteredClientRepositor
 			throw new IllegalArgumentException("Registered client must be unique. "
 					+ "Found duplicate client identifier: " + registeredClient.getClientId());
 		}
+		if (StringUtils.hasText(registeredClient.getClientSecret())) {
 			count = this.jdbcOperations.queryForObject(COUNT_REGISTERED_CLIENT_SQL + "client_secret = ?", Integer.class,
 					registeredClient.getClientSecret());
 			if (count != null && count > 0) {
@ -181,6 +182,7 @@ public class JdbcRegisteredClientRepository implements RegisteredClientRepositor
				@@ -181,6 +182,7 @@ public class JdbcRegisteredClientRepository implements RegisteredClientRepositor
 						+ "Found duplicate client secret for identifier: " + registeredClient.getId());
 			}
 		}
+	}

 	@Override
 	public RegisteredClient findById(String id) {
--- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/client/JdbcRegisteredClientRepositoryTests.java
+++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/client/JdbcRegisteredClientRepositoryTests.java
@ -1,5 +1,5 @@
				@@ -1,5 +1,5 @@
 /*
- * Copyright 2020-2023 the original author or authors.
+ * Copyright 2020-2024 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -168,6 +168,23 @@ public class JdbcRegisteredClientRepositoryTests {
				@@ -168,6 +168,23 @@ public class JdbcRegisteredClientRepositoryTests {
 		assertThat(registeredClient).isEqualTo(expectedRegisteredClient);
 	}

+	// gh-1641
+	@Test
+	public void saveWhenMultipleWithClientSecretEmptyThenSaved() {
+		RegisteredClient registeredClient1 = TestRegisteredClients.registeredClient()
+			.id("registration-1")
+			.clientId("client-1")
+			.clientSecret("")
+			.build();
+		this.registeredClientRepository.save(registeredClient1);
+		RegisteredClient registeredClient2 = TestRegisteredClients.registeredClient()
+			.id("registration-2")
+			.clientId("client-2")
+			.clientSecret("")
+			.build();
+		this.registeredClientRepository.save(registeredClient2);
+	}
+
 	@Test
 	public void saveWhenExistingClientIdThenThrowIllegalArgumentException() {
 		RegisteredClient registeredClient1 = TestRegisteredClients.registeredClient()