From 770d2d8a4c18b20eb59dc7edfd648be81dce326e Mon Sep 17 00:00:00 2001 From: Tilen Faganel Date: Wed, 15 Apr 2015 16:59:55 +0200 Subject: [PATCH] [KEYCLOAK-1211] Fixed Active Directory users authenticating without providing a password --- .../keycloak/services/managers/AuthenticationManager.java | 2 +- .../federation/FederationProvidersIntegrationTest.java | 8 ++++++++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java b/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java index bd512df819..0d9c9dbd87 100755 --- a/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java +++ b/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java @@ -551,7 +551,7 @@ public class AuthenticationManager { credentials.add(UserCredentialModel.totp(totp)); } - if (password == null && passwordToken == null) { + if ((password == null || password.isEmpty()) && (passwordToken == null || passwordToken.isEmpty())) { logger.debug("Password not provided"); return AuthenticationStatus.MISSING_PASSWORD; } diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/FederationProvidersIntegrationTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/FederationProvidersIntegrationTest.java index 929029eef5..4af2a6c696 100755 --- a/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/FederationProvidersIntegrationTest.java +++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/FederationProvidersIntegrationTest.java @@ -202,6 +202,14 @@ public class FederationProvidersIntegrationTest { Assert.assertNotNull(oauth.getCurrentQuery().get(OAuth2Constants.CODE)); } + @Test + public void loginLdapWithoutPassword() { + loginPage.open(); + loginPage.login("john@email.org", ""); + + Assert.assertEquals("Invalid username or password.", loginPage.getError()); + } + @Test public void passwordChangeLdap() throws Exception { changePasswordPage.open();