Form validation secret

Created on 7 February 2023, almost 2 years ago
Updated 11 September 2024, 3 months ago

Problem/Motivation

Not sure if it a bug or task, but if you create a secret that has an ampersand the value does not get to the server correctly, this validation should leave us with a secret that can be passed as query argument/form data.

Steps to reproduce

Create secret with ampersand, use this request:

POST {{url}}/oauth/token
Content-Type: application/x-www-form-urlencoded

grant_type=password&client_id={{ clientId }}&client_secret={{ clientSecret }}&scope=&username={{ userName }}&password={{ userPassword }}

Proposed resolution

Use machine name validation so that special chars are not allowed.

Remaining tasks

Implement

πŸ“Œ Task
Status

RTBC

Version

5.2

Component

Code

Created by

πŸ‡§πŸ‡ͺBelgium borisson_ Mechelen, πŸ‡§πŸ‡ͺ

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

  • Issue created by @borisson_
  • Status changed to RTBC 11 months ago
  • πŸ‡ΊπŸ‡¦Ukraine sickness29

    Hi @borisson_
    the field secret actually is not related to the module consumer even though it's on consumer entity.
    The field is added by https://www.drupal.org/project/simple_oauth β†’ to consumer entity, so if there's need for it's validation I believe you need to create this issue for simple_oauth module.

    Hi maintainers,
    please correct me if I'm wrong or mark the issue "Closed (works as designed)", thanks

  • πŸ‡ΊπŸ‡ΈUnited States eojthebrave Minneapolis, MN

    The 'secret' field is added, and managed, by the simple oauth module. So I'm going to move this issue to that queue where it's more likely to get fixed. Setting the version to 5.2.x-dev as that's the current supported branch. But @borrison_ perhaps you could chime in and let us know what version of the Simple Oauth module you're using when you encounter this.

  • Status changed to Active 10 months ago
  • πŸ‡§πŸ‡ͺBelgium borisson_ Mechelen, πŸ‡§πŸ‡ͺ

    Not sure what the version was originally, now that project is on 5.2.3.

  • Status changed to RTBC 10 months ago
  • πŸ‡ΊπŸ‡¦Ukraine sickness29

    Not reproducible on 5.2.x-dev.
    Tried to add '&' symbol to \Drupal\Tests\simple_oauth\Functional\TokenBearerFunctionalTestBase where clientSecret is randomly generated and it does not make any more tests fail.

  • Status changed to Active 9 months ago
  • πŸ‡§πŸ‡ͺBelgium BramDriesen Belgium πŸ‡§πŸ‡ͺ

    Setting back to active, as there is nothing "reviewed & tested" here.

  • Status changed to RTBC 3 months ago
  • πŸ‡ΊπŸ‡¦Ukraine sickness29

    Reviewed & Tested this on clean 5.2.x version and all is working. Attaching Postman details.

    Setting this to "Reviewed & Tested" since it is working and maintainer needs to confirm that there's nothing to do here and close the issue. If you still have issues, make sure it's not related to your custom changes on the project. Thanks

  • πŸ‡³πŸ‡±Netherlands bojan_dev
Production build 0.71.5 2024