libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6

KEYCLOAK-271 Check password policy when recovering password through email

Browse source
This commit is contained in:
Stian Thorgersen 2014-01-24 14:41:57 +00:00 committed by Bruno Oliveira
parent 5160f02475
commit 544de16aad
2 changed files with 56 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
services/src/main/java/org/keycloak/services/resources/RequiredActionsService.java
View file

@ -168,6 +168,11 @@ public class RequiredActionsService {
return forms.setError(Messages.NOTMATCH_PASSWORD).forwardToAction(RequiredAction.UPDATE_PASSWORD); return forms.setError(Messages.NOTMATCH_PASSWORD).forwardToAction(RequiredAction.UPDATE_PASSWORD);
} }
String error = realm.getPasswordPolicy().validate(passwordNew);
if (error != null) {
return forms.setError(error).forwardToAction(RequiredAction.UPDATE_PASSWORD);
}
UserCredentialModel credentials = new UserCredentialModel(); UserCredentialModel credentials = new UserCredentialModel();
credentials.setType(CredentialRepresentation.PASSWORD); credentials.setType(CredentialRepresentation.PASSWORD);
credentials.setValue(passwordNew); credentials.setValue(passwordNew);

51
testsuite/integration/src/test/java/org/keycloak/testsuite/forms/ResetPasswordTest.java
View file

@ -25,6 +25,9 @@ import org.junit.Assert;
import org.junit.ClassRule; import org.junit.ClassRule;
import org.junit.Rule; import org.junit.Rule;
import org.junit.Test; import org.junit.Test;
import org.keycloak.models.PasswordPolicy;
import org.keycloak.models.RealmModel;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.testsuite.OAuthClient; import org.keycloak.testsuite.OAuthClient;
import org.keycloak.testsuite.pages.AppPage; import org.keycloak.testsuite.pages.AppPage;
import org.keycloak.testsuite.pages.AppPage.RequestType; import org.keycloak.testsuite.pages.AppPage.RequestType;
@ -125,4 +128,52 @@ public class ResetPasswordTest {
Assert.assertEquals("Invalid email.", resetPasswordPage.getMessage()); Assert.assertEquals("Invalid email.", resetPasswordPage.getMessage());
} }
@Test
public void resetPasswordWithPasswordPolicy() throws IOException, MessagingException {
keycloakRule.configure(new KeycloakRule.KeycloakSetup() {
@Override
public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
appRealm.setPasswordPolicy(new PasswordPolicy("length"));
}
});
loginPage.open();
loginPage.resetPassword();
resetPasswordPage.assertCurrent();
resetPasswordPage.changePassword("test-user@localhost");
resetPasswordPage.assertCurrent();
Assert.assertEquals("Success!", resetPasswordPage.getMessage());
Assert.assertEquals(1, greenMail.getReceivedMessages().length);
MimeMessage message = greenMail.getReceivedMessages()[0];
String body = (String) message.getContent();
String changePasswordUrl = body.split("\n")[3];
driver.navigate().to(changePasswordUrl.trim());
updatePasswordPage.assertCurrent();
updatePasswordPage.changePassword("invalid", "invalid");
Assert.assertNotEquals("Success!", resetPasswordPage.getMessage());
Assert.assertEquals("Invalid password: minimum length 8", resetPasswordPage.getMessage());
updatePasswordPage.changePassword("new-password", "new-password");
Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
oauth.openLogout();
loginPage.open();
loginPage.login("test-user@localhost", "new-password");
Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
}
} }