server icon indicating copy to clipboard operation
server copied to clipboard
verified publisher icon bitwarden

[PM-5437] Handle client_credentials clientId that is not a valid GUID

Open trmartin4 opened this issue 2 years ago • 3 comments

Type of change

- [X] Bug fix
- [ ] New feature development
- [ ] Tech debt (refactoring, code cleanup, dependency upgrades, etc)
- [ ] Build/deploy pipeline (DevOps)
- [ ] Other

Objective

When using the client_credentials grant type, the ClientStore is used to retrieve the client information by clientId.

We were missing a check to make sure that the clientId is a valid GUID before instantiating the new GUID object. This would throw an exception and return a 500 response to users if the provided clientId could not be parsed.

Code changes

  • ClientStore.cs: Use TryParse to make sure the clientId is a valid GUID. Return null if not.

Before you submit

  • Please check for formatting errors (dotnet format --verify-no-changes) (required)
  • If making database changes - make sure you also update Entity Framework queries and/or migrations
  • Please add unit tests where it makes sense to do so (encouraged but not required)
  • If this change requires a documentation update - notify the documentation team
  • If this change has particular deployment requirements - notify the DevOps team

trmartin4 avatar Dec 23 '23 03:12 trmartin4

Codecov Report

Attention: 4 lines in your changes are missing coverage. Please review.

Comparison is base (70fac80) 36.36% compared to head (3d3fb9d) 36.36%.

Files Patch % Lines
src/Identity/IdentityServer/ClientStore.cs 0.00% 4 Missing :warning:
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #3616      +/-   ##
==========================================
- Coverage   36.36%   36.36%   -0.01%     
==========================================
  Files        1158     1158              
  Lines       55884    55887       +3     
  Branches     5376     5377       +1     
==========================================
  Hits        20324    20324              
- Misses      34614    34617       +3     
  Partials      946      946

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

codecov[bot] avatar Feb 21 '24 15:02 codecov[bot]

Quality Gate Passed Quality Gate passed

Issues
0 New issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarCloud

sonarqubecloud[bot] avatar Feb 21 '24 15:02 sonarqubecloud[bot]

Logo Checkmarx One – Scan Summary & Details807dc0c9-d6ae-4db0-bdc1-fd663f7d20d2

No New Or Fixed Issues Found

bitwarden-bot avatar Feb 21 '24 16:02 bitwarden-bot