perf: update client secret length limitation for apikey and oauth (#1…

…2047)

* perf: update client secret length limitation for apikey and oauth

* perf: update check in question model

* test: update ut

packages/fx-core/resource/package.nls.json

@@ -367,7 +367,7 @@
   "core.createProjectQuestion.OauthClientSecretConfirm": "Teams Toolkit uploads the client id/secret for OAuth Registration to Teams Developer Portal. It is used by Teams client to securely access your API at runtime. Teams Toolkit doesn't store your client id/secret.",
   "core.createProjectQuestion.apiMessageExtensionAuth.title": "Authentication Type",
   "core.createProjectQuestion.apiMessageExtensionAuth.placeholder": "Select an authentication type",
-  "core.createProjectQuestion.invalidApiKey.message": "Client secret is invalid. The length of secret should be >= 10 and <= 128",
+  "core.createProjectQuestion.invalidApiKey.message": "Invalid client secret. It should be 10 to 512 characters long.",
   "core.createProjectQuestion.invalidUrl.message": "Enter a valid HTTP URL without authentication to access your OpenAPI description document.",
   "core.createProjectQuestion.apiSpec.operation.title": "Select Operation(s) Teams Can Interact with",
   "core.createProjectQuestion.apiSpec.copilotOperation.title": "Select Operation(s) Copilot Can Interact with",
@@ -850,7 +850,7 @@
   "driver.apiKey.log.skipCreateApiKey": "Environment variable %s exists. Skip creating API key.",
   "driver.apiKey.log.apiKeyNotFound": "Environment variable %s exists but unable to retrieve API key from Developer Portal. Check manually if API key exists.",
   "driver.apiKey.error.nameTooLong": "The name for API key is too long. The maximum character length is 128.",
-  "driver.apiKey.error.clientSecretInvalid": "Invalid client secret. It should be 10 to 128 characters long.",
+  "driver.apiKey.error.clientSecretInvalid": "Invalid client secret. It should be 10 to 512 characters long.",
   "driver.apiKey.error.domainInvalid": "Invalid domain. Please follow these rules: 1. Max %d domain(s) per API key. 2. Use comma to separate domains.",
   "driver.apiKey.error.failedToGetDomain": "Unable to get domain from API specification. Make sure your API specification is valid.",
   "driver.apiKey.error.clientSecretFromScratchInvalid": "Invalid client secret. If you start with a new API, refer to the README file for details.",

packages/fx-core/src/component/driver/apiKey/utility/constants.ts

@@ -12,5 +12,5 @@ export const logMessageKeys = {
 };
 
 export const maxDomainPerApiKey = 1;
-export const maxSecretLength = 128;
+export const maxSecretLength = 512;
 export const minSecretLength = 10;

packages/fx-core/src/component/driver/oauth/utility/constants.ts

@@ -11,6 +11,6 @@ export const logMessageKeys = {
   successUpdateOauth: "driver.oauth.log.successUpdateOauth",
 };
 
-export const maxSecretLength = 128;
+export const maxSecretLength = 512;
 export const minSecretLength = 10;
 export const maxDomainPerOauth = 1;

packages/fx-core/src/question/other.ts

@@ -811,7 +811,7 @@ export function apiSpecApiKeyQuestion(): IQTreeNode {
       forgetLastValue: true,
       validation: {
         validFunc: (input: string): string | undefined => {
-          if (input.length < 10 || input.length > 128) {
+          if (input.length < 10 || input.length > 512) {
             return getLocalizedString("core.createProjectQuestion.invalidApiKey.message");
           }
 
@@ -1039,7 +1039,7 @@ function oauthClientSecretQuestion(): TextInputQuestion {
     forgetLastValue: true,
     validation: {
       validFunc: (input: string): string | undefined => {
-        if (input.length < 10 || input.length > 128) {
+        if (input.length < 10 || input.length > 512) {
           return getLocalizedString("core.createProjectQuestion.invalidApiKey.message");
         }
 

packages/fx-core/tests/component/driver/apiKey/create.test.ts

@@ -334,7 +334,7 @@ describe("CreateApiKeyDriver", () => {
 
   it("should throw error if name is too long", async () => {
     const args: any = {
-      name: "a".repeat(129),
+      name: "a".repeat(513),
       appId: "mockedAppId",
       primaryClientSecret: "mockedClientSecret",
       apiSpecPath: "mockedPath",

packages/fx-core/tests/component/driver/oauth/create.test.ts

@@ -448,7 +448,7 @@ describe("CreateOauthDriver", () => {
 
   it("should throw error if name is too long", async () => {
     const args: any = {
-      name: "a".repeat(129),
+      name: "a".repeat(513),
       appId: "mockedAppId",
       apiSpecPath: "mockedPath",
       clientId: "mockedClientId",

packages/fx-core/tests/question/question.test.ts

@@ -1030,10 +1030,7 @@ describe("apiKeyQuestion", async () => {
     const question = apiSpecApiKeyQuestion();
     const validation = (question.data as TextInputQuestion).validation;
     const result = (validation as FuncValidation<string>).validFunc("abc");
-    assert.equal(
-      result,
-      "Client secret is invalid. The length of secret should be >= 10 and <= 128"
-    );
+    assert.equal(result, "Invalid client secret. It should be 10 to 512 characters long.");
   });
 });
 
@@ -1167,10 +1164,7 @@ describe("oauthQuestion", async () => {
     const question = oauthQuestion().children![1];
     const validation = (question.data as TextInputQuestion).validation;
     const result = (validation as FuncValidation<string>).validFunc("abc");
-    assert.equal(
-      result,
-      "Client secret is invalid. The length of secret should be >= 10 and <= 128"
-    );
+    assert.equal(result, "Invalid client secret. It should be 10 to 512 characters long.");
   });
 
   it("client id additionalValidationOnAccept passed", async () => {