From 63189643741d77738b87a1acd05cf7f22fe89285 Mon Sep 17 00:00:00 2001 From: mposolda Date: Fri, 4 Sep 2015 12:21:33 +0200 Subject: [PATCH] KEYCLOAK-1802 --- .../ldap/idm/store/ldap/LDAPOperationManager.java | 4 ++++ .../directgrant/ValidatePassword.java | 2 +- .../FederationProvidersIntegrationTest.java | 14 +++++++++++++- 3 files changed, 18 insertions(+), 2 deletions(-) diff --git a/federation/ldap/src/main/java/org/keycloak/federation/ldap/idm/store/ldap/LDAPOperationManager.java b/federation/ldap/src/main/java/org/keycloak/federation/ldap/idm/store/ldap/LDAPOperationManager.java index 3e28dfe767..215034afa9 100644 --- a/federation/ldap/src/main/java/org/keycloak/federation/ldap/idm/store/ldap/LDAPOperationManager.java +++ b/federation/ldap/src/main/java/org/keycloak/federation/ldap/idm/store/ldap/LDAPOperationManager.java @@ -327,6 +327,10 @@ public class LDAPOperationManager { InitialContext authCtx = null; try { + if (password == null || password.isEmpty()) { + throw new Exception("Empty password used"); + } + Hashtable env = new Hashtable(this.connectionProperties); env.put(Context.SECURITY_PRINCIPAL, dn); diff --git a/services/src/main/java/org/keycloak/authentication/authenticators/directgrant/ValidatePassword.java b/services/src/main/java/org/keycloak/authentication/authenticators/directgrant/ValidatePassword.java index 7399eef0d0..cff7f37196 100755 --- a/services/src/main/java/org/keycloak/authentication/authenticators/directgrant/ValidatePassword.java +++ b/services/src/main/java/org/keycloak/authentication/authenticators/directgrant/ValidatePassword.java @@ -31,7 +31,7 @@ public class ValidatePassword extends AbstractDirectGrantAuthenticator { MultivaluedMap inputData = context.getHttpRequest().getDecodedFormParameters(); List credentials = new LinkedList<>(); String password = inputData.getFirst(CredentialRepresentation.PASSWORD); - if (password == null) { + if (password == null || password.isEmpty()) { if (context.getUser() != null) { context.getEvent().user(context.getUser()); } diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/FederationProvidersIntegrationTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/FederationProvidersIntegrationTest.java index 3a860115c7..11d9a37034 100755 --- a/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/FederationProvidersIntegrationTest.java +++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/FederationProvidersIntegrationTest.java @@ -27,6 +27,7 @@ import org.keycloak.models.UserFederationProvider; import org.keycloak.models.UserFederationProviderModel; import org.keycloak.models.UserModel; import org.keycloak.models.utils.KeycloakModelUtils; +import org.keycloak.representations.AccessToken; import org.keycloak.services.managers.RealmManager; import org.keycloak.testsuite.OAuthClient; import org.keycloak.testsuite.pages.AccountPasswordPage; @@ -43,6 +44,8 @@ import org.openqa.selenium.WebDriver; import java.util.List; import java.util.Map; +import static org.junit.Assert.assertEquals; + /** * @author Marek Posolda */ @@ -247,6 +250,16 @@ public class FederationProvidersIntegrationTest { Assert.assertEquals("john@email.org", profilePage.getEmail()); } + @Test + public void loginLdapWithDirectGrant() throws Exception { + OAuthClient.AccessTokenResponse response = oauth.doGrantAccessTokenRequest("password", "johnkeycloak", "Password1"); + assertEquals(200, response.getStatusCode()); + AccessToken accessToken = oauth.verifyToken(response.getAccessToken()); + + response = oauth.doGrantAccessTokenRequest("password", "johnkeycloak", ""); + assertEquals(401, response.getStatusCode()); + } + @Test public void loginLdapWithEmail() { loginPage.open(); @@ -260,7 +273,6 @@ public class FederationProvidersIntegrationTest { public void loginLdapWithoutPassword() { loginPage.open(); loginPage.login("john@email.org", ""); - Assert.assertEquals("Invalid username or password.", loginPage.getError()); }