libre.sh/keycloak-scim
4
0
Fork 0
Code Issues 15 Pull requests Releases 1 Activity Actions

KEYCLOAK-949 Disabled user with wrong credentials receive wrong error message

Browse source
This commit is contained in:
Stian Thorgersen 2015-01-14 10:10:36 +01:00
parent abd5967be3
commit 29b8c2c924
2 changed files with 63 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java
View file

@ -414,10 +414,6 @@ public class AuthenticationManager {
return AuthenticationStatus.INVALID_USER;
}
if (!user.isEnabled()) {
return AuthenticationStatus.ACCOUNT_DISABLED;
}
Set<String> types = new HashSet<String>();
for (RequiredCredentialModel credential : realm.getRequiredCredentials()) {
@ -453,6 +449,10 @@ public class AuthenticationManager {
return AuthenticationStatus.INVALID_CREDENTIALS;
}
if (!user.isEnabled()) {
return AuthenticationStatus.ACCOUNT_DISABLED;
}
if (user.isTotp() && totp == null) {
return AuthenticationStatus.MISSING_TOTP;
}
@ -471,6 +471,9 @@ public class AuthenticationManager {
if (!session.users().validCredentials(realm, user, UserCredentialModel.secret(secret))) {
return AuthenticationStatus.INVALID_CREDENTIALS;
}
if (!user.isEnabled()) {
return AuthenticationStatus.ACCOUNT_DISABLED;
}
if (!user.getRequiredActions().isEmpty()) {
return AuthenticationStatus.ACTIONS_REQUIRED;
} else {

56
testsuite/integration/src/test/java/org/keycloak/testsuite/forms/LoginTest.java
View file

@ -118,6 +118,62 @@ public class LoginTest {
events.expectLogin().user(userId).session((String) null).error("invalid_user_credentials").detail(Details.USERNAME, "login-test").removeDetail(Details.CODE_ID).assertEvent();
}
@Test
public void loginInvalidPasswordDisabledUser() {
keycloakRule.configure(new KeycloakRule.KeycloakSetup() {
@Override
public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
session.users().getUserByUsername("login-test", appRealm).setEnabled(false);
}
});
try {
loginPage.open();
loginPage.login("login-test", "invalid");
loginPage.assertCurrent();
Assert.assertEquals("Invalid username or password.", loginPage.getError());
events.expectLogin().user(userId).session((String) null).error("invalid_user_credentials").detail(Details.USERNAME, "login-test").removeDetail(Details.CODE_ID).assertEvent();
} finally {
keycloakRule.configure(new KeycloakRule.KeycloakSetup() {
@Override
public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
session.users().getUserByUsername("login-test", appRealm).setEnabled(true);
}
});
}
}
@Test
public void loginDisabledUser() {
keycloakRule.configure(new KeycloakRule.KeycloakSetup() {
@Override
public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
session.users().getUserByUsername("login-test", appRealm).setEnabled(false);
}
});
try {
loginPage.open();
loginPage.login("login-test", "password");
loginPage.assertCurrent();
Assert.assertEquals("Account is disabled, contact admin", loginPage.getError());
events.expectLogin().user(userId).session((String) null).error("user_disabled").detail(Details.USERNAME, "login-test").removeDetail(Details.CODE_ID).assertEvent();
} finally {
keycloakRule.configure(new KeycloakRule.KeycloakSetup() {
@Override
public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
session.users().getUserByUsername("login-test", appRealm).setEnabled(true);
}
});
}
}
@Test
public void loginInvalidUsername() {
loginPage.open();