From 5698a9c241f61b8aeca3ad374e5efbd5e53374c2 Mon Sep 17 00:00:00 2001
From: Florent CHAMFROY <florent.chamfroy@graviteesource.com>
Date: Mon, 21 Oct 2024 16:15:30 +0200
Subject: [PATCH] fix: name may be null

Use the default name... by default
---
 .../io/gravitee/policy/apikey/ApiKeyPolicy.java | 12 ++++++++----
 .../policy/apikey/ApiKeyPolicyTest.java         | 17 ++++++++++++++++-
 2 files changed, 24 insertions(+), 5 deletions(-)

diff --git a/src/main/java/io/gravitee/policy/apikey/ApiKeyPolicy.java b/src/main/java/io/gravitee/policy/apikey/ApiKeyPolicy.java
index eee9bc13..b34aca57 100644
--- a/src/main/java/io/gravitee/policy/apikey/ApiKeyPolicy.java
+++ b/src/main/java/io/gravitee/policy/apikey/ApiKeyPolicy.java
@@ -197,11 +197,15 @@ public Maybe<SecurityToken> extractSecurityToken(KafkaConnectionContext ctx) {
             if (callback instanceof NameCallback nameCallback) {
                 // With SASL_PLAIN or SCRAM, we expect the username to be a md5 hash of the api-key, for security and privacy.
                 String md5ApiKey = nameCallback.getName();
-                if (md5ApiKey != null && !md5ApiKey.isBlank()) {
-                    ctx.setInternalAttribute(ATTR_INTERNAL_MD5_API_KEY, md5ApiKey);
-                    return Maybe.just(SecurityToken.forMD5ApiKey(md5ApiKey));
+                if (md5ApiKey == null || md5ApiKey.isBlank()) {
+                    md5ApiKey = nameCallback.getDefaultName();
                 }
-                return Maybe.just(SecurityToken.invalid(MD5_API_KEY));
+                if (md5ApiKey == null || md5ApiKey.isBlank()) {
+                    return Maybe.just(SecurityToken.invalid(MD5_API_KEY));
+                }
+
+                ctx.setInternalAttribute(ATTR_INTERNAL_MD5_API_KEY, md5ApiKey);
+                return Maybe.just(SecurityToken.forMD5ApiKey(md5ApiKey));
             }
         }
         return Maybe.empty();
diff --git a/src/test/java/io/gravitee/policy/apikey/ApiKeyPolicyTest.java b/src/test/java/io/gravitee/policy/apikey/ApiKeyPolicyTest.java
index 08678e80..29a3d7e0 100644
--- a/src/test/java/io/gravitee/policy/apikey/ApiKeyPolicyTest.java
+++ b/src/test/java/io/gravitee/policy/apikey/ApiKeyPolicyTest.java
@@ -532,7 +532,7 @@ void init() {
 
         @Test
         void extractSecurityToken_shouldReturnSecurityToken_whenCallbackHasName() {
-            NameCallback nameCallback = new NameCallback("prompt");
+            NameCallback nameCallback = new NameCallback("prompt", "default name");
             nameCallback.setName(API_KEY);
 
             when(ctx.callbacks()).thenReturn(new Callback[] { nameCallback });
@@ -546,6 +546,21 @@ void extractSecurityToken_shouldReturnSecurityToken_whenCallbackHasName() {
             verify(ctx).setInternalAttribute(ATTR_INTERNAL_MD5_API_KEY, API_KEY);
         }
 
+        @Test
+        void extractSecurityToken_shouldReturnSecurityToken_whenCallbackHasDefaultName() {
+            NameCallback nameCallback = new NameCallback("prompt", API_KEY);
+
+            when(ctx.callbacks()).thenReturn(new Callback[] { nameCallback });
+
+            final ApiKeyPolicy cut = new ApiKeyPolicy(configuration);
+            final TestObserver<SecurityToken> obs = cut.extractSecurityToken(ctx).test();
+
+            obs.assertValue(token ->
+                token.getTokenType().equals(SecurityToken.TokenType.MD5_API_KEY.name()) && token.getTokenValue().equals(API_KEY)
+            );
+            verify(ctx).setInternalAttribute(ATTR_INTERNAL_MD5_API_KEY, API_KEY);
+        }
+
         @Test
         void extractSecurityToken_shouldReturnEmpty_whenNoNameCallback() {
             when(ctx.callbacks()).thenReturn(new Callback[] {});