KEYCLOAK-7081 Fixes for manual/qr mode switches on login config otp page (#5717)

2018-11-19 14:32:28 +01:00 · 2018-11-19 14:32:28 +01:00 · 3756cf629b
commit 3756cf629b
parent 0793234c19
5 changed files with 76 additions and 9 deletions
--- a/services/src/main/java/org/keycloak/authentication/requiredactions/UpdateTotp.java
+++ b/services/src/main/java/org/keycloak/authentication/requiredactions/UpdateTotp.java
@ -45,15 +45,11 @@ public class UpdateTotp implements RequiredActionProvider, RequiredActionFactory
    @Override
    public void requiredActionChallenge(RequiredActionContext context) {
        Response challenge = context.form()
-                .setAttribute("mode", getMode(context))
+                .setAttribute("mode", context.getUriInfo().getQueryParameters().getFirst("mode"))
                .createResponse(UserModel.RequiredAction.CONFIGURE_TOTP);
        context.challenge(challenge);
    }

-    private String getMode(RequiredActionContext context) {
-        return context.getUriInfo().getQueryParameters().getFirst("mode");
-    }
-
    @Override
    public void processAction(RequiredActionContext context) {
        EventBuilder event = context.getEvent();
@ -61,17 +57,18 @@ public class UpdateTotp implements RequiredActionProvider, RequiredActionFactory
        MultivaluedMap<String, String> formData = context.getHttpRequest().getDecodedFormParameters();
        String totp = formData.getFirst("totp");
        String totpSecret = formData.getFirst("totpSecret");
+        String mode = formData.getFirst("mode");

        if (Validation.isBlank(totp)) {
            Response challenge = context.form()
-                    .setAttribute("mode", getMode(context))
+                    .setAttribute("mode", mode)
                    .setError(Messages.MISSING_TOTP)
                    .createResponse(UserModel.RequiredAction.CONFIGURE_TOTP);
            context.challenge(challenge);
            return;
        } else if (!CredentialValidation.validOTP(context.getRealm(), totp, totpSecret)) {
            Response challenge = context.form()
-                    .setAttribute("mode", getMode(context))
+                    .setAttribute("mode", mode)
                    .setError(Messages.INVALID_TOTP)
                    .createResponse(UserModel.RequiredAction.CONFIGURE_TOTP);
            context.challenge(challenge);
--- a/services/src/main/java/org/keycloak/forms/login/freemarker/model/TotpBean.java
+++ b/services/src/main/java/org/keycloak/forms/login/freemarker/model/TotpBean.java
@ -64,11 +64,11 @@ public class TotpBean {
    }

    public String getManualUrl() {
-        return uriBuilder.replaceQueryParam("mode", "manual").build().toString();
+        return uriBuilder.replaceQueryParam("session_code").replaceQueryParam("mode", "manual").build().toString();
    }

    public String getQrUrl() {
-        return uriBuilder.replaceQueryParam("mode", "qr").build().toString();
+        return uriBuilder.replaceQueryParam("session_code").replaceQueryParam("mode", "qr").build().toString();
    }

    public OTPPolicy getPolicy() {
--- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/pages/LoginConfigTotpPage.java
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/pages/LoginConfigTotpPage.java
@ -39,11 +39,18 @@ public class LoginConfigTotpPage extends AbstractPage {
    @FindBy(id = "mode-manual")
    private WebElement manualLink;

+    @FindBy(className = "alert-error")
+    private WebElement loginErrorMessage;
+
    public void configure(String totp) {
        totpInput.sendKeys(totp);
        submitButton.click();
    }

+    public void submit() {
+        submitButton.click();
+    }
+
    public String getTotpSecret() {
        return totpSecret.getAttribute("value");
    }
@ -64,4 +71,8 @@ public class LoginConfigTotpPage extends AbstractPage {
        barcodeLink.click();
    }

+    public String getError() {
+        return loginErrorMessage.getText();
+    }
+
 }
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/actions/RequiredActionTotpSetupTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/actions/RequiredActionTotpSetupTest.java
@ -196,6 +196,64 @@ public class RequiredActionTotpSetupTest extends AbstractTestRealmKeycloakTest {
        assertFalse(pageSource.contains("Scan barcode?"));
    }

+    // KEYCLOAK-7081
+    @Test
+    public void setupTotpRegisterManualModeSwitchesOnBadSubmit() {
+        loginPage.open();
+        loginPage.clickRegister();
+        registerPage.register("firstName", "lastName", "setupTotpRegisterManualModeSwitchesOnBadSubmit@mail.com", "setupTotpRegisterManualModeSwitchesOnBadSubmit", "password", "password");
+
+        String pageSource = driver.getPageSource();
+
+        assertTrue(pageSource.contains("Unable to scan?"));
+        assertFalse(pageSource.contains("Scan barcode?"));
+
+        totpPage.clickManual();
+
+        pageSource = driver.getPageSource();
+
+        assertFalse(pageSource.contains("Unable to scan?"));
+        assertTrue(pageSource.contains("Scan barcode?"));
+
+        totpPage.submit();
+
+        pageSource = driver.getPageSource();
+
+        assertFalse(pageSource.contains("Unable to scan?"));
+        assertTrue(pageSource.contains("Scan barcode?"));
+
+        assertEquals("Please specify authenticator code.", totpPage.getError());
+    }
+
+    // KEYCLOAK-7081
+    @Test
+    public void setupTotpRegisterBarcodeModeSwitchesOnBadSubmit() {
+        loginPage.open();
+        loginPage.clickRegister();
+        registerPage.register("firstName", "lastName", "setupTotpRegisterBarcodeModeSwitchesOnBadSubmit@mail.com", "setupTotpRegisterBarcodeModeSwitchesOnBadSubmit", "password", "password");
+
+        String pageSource = driver.getPageSource();
+
+        assertTrue(pageSource.contains("Unable to scan?"));
+        assertFalse(pageSource.contains("Scan barcode?"));
+
+        totpPage.submit();
+
+        pageSource = driver.getPageSource();
+
+        assertTrue(pageSource.contains("Unable to scan?"));
+        assertFalse(pageSource.contains("Scan barcode?"));
+
+        assertEquals("Please specify authenticator code.", totpPage.getError());
+
+        totpPage.clickManual();
+
+        pageSource = driver.getPageSource();
+
+        assertFalse(pageSource.contains("Unable to scan?"));
+        assertTrue(pageSource.contains("Scan barcode?"));
+    }
+
    @Test
    public void setupTotpModifiedPolicy() {
        RealmResource realm = testRealm();
--- a/themes/src/main/resources/theme/base/login/login-config-totp.ftl
+++ b/themes/src/main/resources/theme/base/login/login-config-totp.ftl
@ -55,6 +55,7 @@
                <input type="text" id="totp" name="totp" autocomplete="off" class="${properties.kcInputClass!}" />
            </div>
            <input type="hidden" id="totpSecret" name="totpSecret" value="${totp.totpSecret}" />
+            <#if mode??><input type="hidden" id="mode" name="mode" value="${mode}"/></#if>
        </div>

        <input class="${properties.kcButtonClass!} ${properties.kcButtonPrimaryClass!} ${properties.kcButtonBlockClass!} ${properties.kcButtonLargeClass!}" type="submit" value="${msg("doSubmit")}"/>