Merge branch 'gerbermichi-reset-password'

2015-01-05 14:34:57 +01:00 · 2015-01-05 14:34:57 +01:00 · 6c8013182b
commit 6c8013182b
parent 628437c146 45a1f4361e
3 changed files with 43 additions and 1 deletions
--- a/services/src/main/java/org/keycloak/services/resources/LoginActionsService.java
+++ b/services/src/main/java/org/keycloak/services/resources/LoginActionsService.java
@ -816,6 +816,8 @@ public class LoginActionsService {

        if (user == null) {
            event.error(Errors.USER_NOT_FOUND);
+        } else if(!user.isEnabled()) {
+            event.user(user).error(Errors.USER_DISABLED);
        } else {
            UserSessionModel userSession = session.sessions().createUserSession(realm, user, username, clientConnection.getRemoteAddr(), "form", false);
            event.session(userSession);
--- a/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java
@ -686,7 +686,11 @@ public class UsersResource {

        UserModel user = session.users().getUserByUsername(username, realm);
        if (user == null) {
-            throw new NotFoundException("User not found");
+            return Flows.errors().error("User not found", Response.Status.NOT_FOUND);
+        }
+
+        if (!user.isEnabled()) {
+            return Flows.errors().error("User is disabled", Response.Status.BAD_REQUEST);
        }

        if (user.getEmail() == null) {
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/ResetPasswordTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/ResetPasswordTest.java
@ -221,6 +221,42 @@ public class ResetPasswordTest {
        events.expectRequiredAction(EventType.SEND_RESET_PASSWORD).user((String) null).session((String) null).detail(Details.USERNAME, "invalid").removeDetail(Details.EMAIL).removeDetail(Details.CODE_ID).error("user_not_found").assertEvent();
    }

+    @Test
+    public void resetPasswordDisabledUser() throws IOException, MessagingException, InterruptedException {
+        keycloakRule.configure(new KeycloakRule.KeycloakSetup() {
+            @Override
+            public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
+                session.users().getUserByUsername("login-test", appRealm).setEnabled(false);
+            }
+        });
+
+        try {
+            loginPage.open();
+            loginPage.resetPassword();
+
+            resetPasswordPage.assertCurrent();
+
+            resetPasswordPage.changePassword("login-test");
+
+            resetPasswordPage.assertCurrent();
+
+            Assert.assertEquals("You should receive an email shortly with further instructions.", resetPasswordPage.getSuccessMessage());
+
+            Thread.sleep(1000);
+
+            Assert.assertEquals(0, greenMail.getReceivedMessages().length);
+
+            events.expectRequiredAction(EventType.SEND_RESET_PASSWORD).session((String) null).user(userId).detail(Details.USERNAME, "login-test").removeDetail(Details.CODE_ID).error("user_disabled").assertEvent();
+        } finally {
+            keycloakRule.configure(new KeycloakRule.KeycloakSetup() {
+                @Override
+                public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
+                    session.users().getUserByUsername("login-test", appRealm).setEnabled(true);
+                }
+            });
+        }
+    }
+
    @Test
    public void resetPasswordWithPasswordPolicy() throws IOException, MessagingException {
        keycloakRule.update(new KeycloakRule.KeycloakSetup() {