[KEYCLOAK-1211] Fixed Active Directory users authenticating without providing a password

2015-04-15 16:59:55 +02:00 · 2015-04-15 16:59:55 +02:00 · 770d2d8a4c
commit 770d2d8a4c
parent 5ef1ddb9f1
2 changed files with 9 additions and 1 deletions
--- a/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java
+++ b/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java
@ -551,7 +551,7 @@ public class AuthenticationManager {
                credentials.add(UserCredentialModel.totp(totp));
            }

-            if (password == null && passwordToken == null) {
+            if ((password == null || password.isEmpty()) && (passwordToken == null || passwordToken.isEmpty())) {
                logger.debug("Password not provided");
                return AuthenticationStatus.MISSING_PASSWORD;
            }
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/FederationProvidersIntegrationTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/FederationProvidersIntegrationTest.java
@ -202,6 +202,14 @@ public class FederationProvidersIntegrationTest {
        Assert.assertNotNull(oauth.getCurrentQuery().get(OAuth2Constants.CODE));
    }

+    @Test
+    public void loginLdapWithoutPassword() {
+        loginPage.open();
+        loginPage.login("john@email.org", "");
+
+        Assert.assertEquals("Invalid username or password.", loginPage.getError());
+    }
+
    @Test
    public void passwordChangeLdap() throws Exception {
        changePasswordPage.open();