libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions

KEYCLOAK-5019 Fixes for password managers

Browse source
This commit is contained in:
stianst 2017-12-19 12:24:20 +01:00 committed by Stian Thorgersen
parent 61fe554617
commit 465675ac28
4 changed files with 28 additions and 26 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
services/src/main/java/org/keycloak/authentication/requiredactions/UpdatePassword.java
View file

@ -75,6 +75,7 @@ public class UpdatePassword implements RequiredActionProvider, RequiredActionFac
@Override @Override
public void requiredActionChallenge(RequiredActionContext context) { public void requiredActionChallenge(RequiredActionContext context) {
Response challenge = context.form() Response challenge = context.form()
.setAttribute("username", context.getAuthenticationSession().getAuthenticatedUser().getUsername())
.createResponse(UserModel.RequiredAction.UPDATE_PASSWORD); .createResponse(UserModel.RequiredAction.UPDATE_PASSWORD);
context.challenge(challenge); context.challenge(challenge);
} }
@ -93,6 +94,7 @@ public class UpdatePassword implements RequiredActionProvider, RequiredActionFac
if (Validation.isBlank(passwordNew)) { if (Validation.isBlank(passwordNew)) {
Response challenge = context.form() Response challenge = context.form()
.setAttribute("username", context.getAuthenticationSession().getAuthenticatedUser().getUsername())
.setError(Messages.MISSING_PASSWORD) .setError(Messages.MISSING_PASSWORD)
.createResponse(UserModel.RequiredAction.UPDATE_PASSWORD); .createResponse(UserModel.RequiredAction.UPDATE_PASSWORD);
context.challenge(challenge); context.challenge(challenge);
@ -100,6 +102,7 @@ public class UpdatePassword implements RequiredActionProvider, RequiredActionFac
return; return;
} else if (!passwordNew.equals(passwordConfirm)) { } else if (!passwordNew.equals(passwordConfirm)) {
Response challenge = context.form() Response challenge = context.form()
.setAttribute("username", context.getAuthenticationSession().getAuthenticatedUser().getUsername())
.setError(Messages.NOTMATCH_PASSWORD) .setError(Messages.NOTMATCH_PASSWORD)
.createResponse(UserModel.RequiredAction.UPDATE_PASSWORD); .createResponse(UserModel.RequiredAction.UPDATE_PASSWORD);
context.challenge(challenge); context.challenge(challenge);
@ -113,6 +116,7 @@ public class UpdatePassword implements RequiredActionProvider, RequiredActionFac
} catch (ModelException me) { } catch (ModelException me) {
errorEvent.detail(Details.REASON, me.getMessage()).error(Errors.PASSWORD_REJECTED); errorEvent.detail(Details.REASON, me.getMessage()).error(Errors.PASSWORD_REJECTED);
Response challenge = context.form() Response challenge = context.form()
.setAttribute("username", context.getAuthenticationSession().getAuthenticatedUser().getUsername())
.setError(me.getMessage(), me.getParameters()) .setError(me.getMessage(), me.getParameters())
.createResponse(UserModel.RequiredAction.UPDATE_PASSWORD); .createResponse(UserModel.RequiredAction.UPDATE_PASSWORD);
context.challenge(challenge); context.challenge(challenge);
@ -120,6 +124,7 @@ public class UpdatePassword implements RequiredActionProvider, RequiredActionFac
} catch (Exception ape) { } catch (Exception ape) {
errorEvent.detail(Details.REASON, ape.getMessage()).error(Errors.PASSWORD_REJECTED); errorEvent.detail(Details.REASON, ape.getMessage()).error(Errors.PASSWORD_REJECTED);
Response challenge = context.form() Response challenge = context.form()
.setAttribute("username", context.getAuthenticationSession().getAuthenticatedUser().getUsername())
.setError(ape.getMessage()) .setError(ape.getMessage())
.createResponse(UserModel.RequiredAction.UPDATE_PASSWORD); .createResponse(UserModel.RequiredAction.UPDATE_PASSWORD);
context.challenge(challenge); context.challenge(challenge);

11
themes/src/main/resources/theme/base/account/password.ftl
View file

@ -11,8 +11,7 @@
</div> </div>
<form action="${url.passwordUrl}" class="form-horizontal" method="post"> <form action="${url.passwordUrl}" class="form-horizontal" method="post">
<input type="text" readonly value="this is not a login form" style="display: none;"> <input type="text" id="username" name="username" value="${(account.username!'')}" autocomplete="username" readonly="readonly" style="display:none;">
<input type="password" readonly value="this is not a login form" style="display: none;">
<#if password.passwordSet> <#if password.passwordSet>
<div class="form-group"> <div class="form-group">
@ -21,7 +20,7 @@
</div> </div>
<div class="col-sm-10 col-md-10"> <div class="col-sm-10 col-md-10">
<input type="password" class="form-control" id="password" name="password" autofocus autocomplete="off"> <input type="password" class="form-control" id="password" name="password" autofocus autocomplete="current-password">
</div> </div>
</div> </div>
</#if> </#if>
@ -34,7 +33,7 @@
</div> </div>
<div class="col-sm-10 col-md-10"> <div class="col-sm-10 col-md-10">
<input type="password" class="form-control" id="password-new" name="password-new" autocomplete="off"> <input type="password" class="form-control" id="password-new" name="password-new" autocomplete="new-password">
</div> </div>
</div> </div>
@ -44,7 +43,7 @@
</div> </div>
<div class="col-sm-10 col-md-10"> <div class="col-sm-10 col-md-10">
<input type="password" class="form-control" id="password-confirm" name="password-confirm" autocomplete="off"> <input type="password" class="form-control" id="password-confirm" name="password-confirm" autocomplete="new-password">
</div> </div>
</div> </div>
@ -57,4 +56,4 @@
</div> </div>
</form> </form>
</@layout.mainLayout> </@layout.mainLayout>

10
themes/src/main/resources/theme/base/login/login-update-password.ftl
View file

@ -6,15 +6,15 @@
${msg("updatePasswordTitle")} ${msg("updatePasswordTitle")}
<#elseif section = "form"> <#elseif section = "form">
<form id="kc-passwd-update-form" class="${properties.kcFormClass!}" action="${url.loginAction}" method="post"> <form id="kc-passwd-update-form" class="${properties.kcFormClass!}" action="${url.loginAction}" method="post">
<input type="text" readonly value="this is not a login form" style="display: none;"> <input type="text" id="username" name="username" value="${username}" autocomplete="username" readonly="readonly" style="display:none;"/>
<input type="password" readonly value="this is not a login form" style="display: none;"> <input type="password" id="password" name="password" autocomplete="current-password" style="display:none;"/>
<div class="${properties.kcFormGroupClass!}"> <div class="${properties.kcFormGroupClass!}">
<div class="${properties.kcLabelWrapperClass!}"> <div class="${properties.kcLabelWrapperClass!}">
<label for="password-new" class="${properties.kcLabelClass!}">${msg("passwordNew")}</label> <label for="password-new" class="${properties.kcLabelClass!}">${msg("passwordNew")}</label>
</div> </div>
<div class="${properties.kcInputWrapperClass!}"> <div class="${properties.kcInputWrapperClass!}">
<input type="password" id="password-new" name="password-new" class="${properties.kcInputClass!}" autofocus autocomplete="off" /> <input type="password" id="password-new" name="password-new" class="${properties.kcInputClass!}" autofocus autocomplete="new-password" />
</div> </div>
</div> </div>
@ -23,7 +23,7 @@
<label for="password-confirm" class="${properties.kcLabelClass!}">${msg("passwordConfirm")}</label> <label for="password-confirm" class="${properties.kcLabelClass!}">${msg("passwordConfirm")}</label>
</div> </div>
<div class="${properties.kcInputWrapperClass!}"> <div class="${properties.kcInputWrapperClass!}">
<input type="password" id="password-confirm" name="password-confirm" class="${properties.kcInputClass!}" autocomplete="off" /> <input type="password" id="password-confirm" name="password-confirm" class="${properties.kcInputClass!}" autocomplete="new-password" />
</div> </div>
</div> </div>
@ -39,4 +39,4 @@
</div> </div>
</form> </form>
</#if> </#if>
</@layout.registrationLayout> </@layout.registrationLayout>

28
themes/src/main/resources/theme/base/login/register.ftl
View file

@ -6,19 +6,6 @@
${msg("registerWithTitleHtml",(realm.displayNameHtml!''))?no_esc} ${msg("registerWithTitleHtml",(realm.displayNameHtml!''))?no_esc}
<#elseif section = "form"> <#elseif section = "form">
<form id="kc-register-form" class="${properties.kcFormClass!}" action="${url.registrationAction}" method="post"> <form id="kc-register-form" class="${properties.kcFormClass!}" action="${url.registrationAction}" method="post">
<input type="text" readonly value="this is not a login form" style="display: none;">
<input type="password" readonly value="this is not a login form" style="display: none;">
<#if !realm.registrationEmailAsUsername>
<div class="${properties.kcFormGroupClass!} ${messagesPerField.printIfExists('username',properties.kcFormGroupErrorClass!)}">
<div class="${properties.kcLabelWrapperClass!}">
<label for="username" class="${properties.kcLabelClass!}">${msg("username")}</label>
</div>
<div class="${properties.kcInputWrapperClass!}">
<input type="text" id="username" class="${properties.kcInputClass!}" name="username" value="${(register.formData.username!'')}" />
</div>
</div>
</#if>
<div class="${properties.kcFormGroupClass!} ${messagesPerField.printIfExists('firstName',properties.kcFormGroupErrorClass!)}"> <div class="${properties.kcFormGroupClass!} ${messagesPerField.printIfExists('firstName',properties.kcFormGroupErrorClass!)}">
<div class="${properties.kcLabelWrapperClass!}"> <div class="${properties.kcLabelWrapperClass!}">
<label for="firstName" class="${properties.kcLabelClass!}">${msg("firstName")}</label> <label for="firstName" class="${properties.kcLabelClass!}">${msg("firstName")}</label>
@ -42,17 +29,28 @@
<label for="email" class="${properties.kcLabelClass!}">${msg("email")}</label> <label for="email" class="${properties.kcLabelClass!}">${msg("email")}</label>
</div> </div>
<div class="${properties.kcInputWrapperClass!}"> <div class="${properties.kcInputWrapperClass!}">
<input type="text" id="email" class="${properties.kcInputClass!}" name="email" value="${(register.formData.email!'')}" /> <input type="text" id="email" class="${properties.kcInputClass!}" name="email" value="${(register.formData.email!'')}" autocomplete="email" />
</div> </div>
</div> </div>
<#if !realm.registrationEmailAsUsername>
<div class="${properties.kcFormGroupClass!} ${messagesPerField.printIfExists('username',properties.kcFormGroupErrorClass!)}">
<div class="${properties.kcLabelWrapperClass!}">
<label for="username" class="${properties.kcLabelClass!}">${msg("username")}</label>
</div>
<div class="${properties.kcInputWrapperClass!}">
<input type="text" id="username" class="${properties.kcInputClass!}" name="username" value="${(register.formData.username!'')}" autocomplete="username" />
</div>
</div>
</#if>
<#if passwordRequired> <#if passwordRequired>
<div class="${properties.kcFormGroupClass!} ${messagesPerField.printIfExists('password',properties.kcFormGroupErrorClass!)}"> <div class="${properties.kcFormGroupClass!} ${messagesPerField.printIfExists('password',properties.kcFormGroupErrorClass!)}">
<div class="${properties.kcLabelWrapperClass!}"> <div class="${properties.kcLabelWrapperClass!}">
<label for="password" class="${properties.kcLabelClass!}">${msg("password")}</label> <label for="password" class="${properties.kcLabelClass!}">${msg("password")}</label>
</div> </div>
<div class="${properties.kcInputWrapperClass!}"> <div class="${properties.kcInputWrapperClass!}">
<input type="password" id="password" class="${properties.kcInputClass!}" name="password" /> <input type="password" id="password" class="${properties.kcInputClass!}" name="password" autocomplete="new-password"/>
</div> </div>
</div> </div>