libre.sh/keycloak-scim
4
0
Fork 0
Code Issues 15 Pull requests Releases 1 Activity Actions

KEYCLOAK-5420

Browse source
This commit is contained in:
Bill Burke 2017-12-15 12:16:24 -05:00
parent 1c38cec10f
commit 7cb39c2dfc
3 changed files with 25 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
services/src/main/java/org/keycloak/authentication/authenticators/browser/AbstractUsernameFormAuthenticator.java
View file

@ -125,7 +125,8 @@ public abstract class AbstractUsernameFormAuthenticator extends AbstractFormAuth
context.getEvent().user(user); context.getEvent().user(user);
context.getEvent().error(Errors.USER_DISABLED); context.getEvent().error(Errors.USER_DISABLED);
Response challengeResponse = disabledUser(context); Response challengeResponse = disabledUser(context);
context.failureChallenge(AuthenticationFlowError.USER_DISABLED, challengeResponse); // this is not a failure so don't call failureChallenge.
context.forceChallenge(challengeResponse);
return false; return false;
} }
if (context.getRealm().isBruteForceProtected()) { if (context.getRealm().isBruteForceProtected()) {
@ -133,7 +134,8 @@ public abstract class AbstractUsernameFormAuthenticator extends AbstractFormAuth
context.getEvent().user(user); context.getEvent().user(user);
context.getEvent().error(Errors.USER_TEMPORARILY_DISABLED); context.getEvent().error(Errors.USER_TEMPORARILY_DISABLED);
Response challengeResponse = temporarilyDisabledUser(context); Response challengeResponse = temporarilyDisabledUser(context);
context.failureChallenge(AuthenticationFlowError.USER_TEMPORARILY_DISABLED, challengeResponse); // this is not a failure so don't call failureChallenge.
context.forceChallenge(challengeResponse);
return false; return false;
} }
} }

2
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/FineGrainAdminUnitTest.java
View file

@ -389,7 +389,7 @@ public class FineGrainAdminUnitTest extends AbstractKeycloakTest {
return true; return true;
} }
//@Test @Test
public void testDemo() throws Exception { public void testDemo() throws Exception {
testingClient.server().run(FineGrainAdminUnitTest::setupDemo); testingClient.server().run(FineGrainAdminUnitTest::setupDemo);
Thread.sleep(1000000000); Thread.sleep(1000000000);

20
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/BruteForceTest.java
View file

@ -45,6 +45,7 @@ import org.keycloak.testsuite.util.RealmRepUtil;
import org.keycloak.testsuite.util.UserBuilder; import org.keycloak.testsuite.util.UserBuilder;
import java.net.MalformedURLException; import java.net.MalformedURLException;
import java.util.Collections;
import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertEquals;
@ -67,6 +68,10 @@ public class BruteForceTest extends AbstractTestRealmKeycloakTest {
testRealm.setBruteForceProtected(true); testRealm.setBruteForceProtected(true);
testRealm.setFailureFactor(2); testRealm.setFailureFactor(2);
testRealm.setMaxDeltaTimeSeconds(200);
testRealm.setMaxFailureWaitSeconds(1000);
testRealm.setWaitIncrementSeconds(50);
testRealm.setQuickLoginCheckMilliSeconds(0L);
userId = user.getId(); userId = user.getId();
@ -286,6 +291,21 @@ public class BruteForceTest extends AbstractTestRealmKeycloakTest {
loginSuccess(); loginSuccess();
} }
@Test
public void testWait() throws Exception {
loginSuccess();
loginInvalidPassword();
loginInvalidPassword();
expectTemporarilyDisabled();
// KEYCLOAK-5420
// Test to make sure that temporarily disabled doesn't increment failure count
testingClient.testing().setTimeOffset(Collections.singletonMap("offset", String.valueOf(52)));
loginSuccess();
clearUserFailures();
clearAllUserFailures();
loginSuccess();
}
@Test @Test
public void testBrowserInvalidPasswordDifferentCase() throws Exception { public void testBrowserInvalidPasswordDifferentCase() throws Exception {
loginSuccess("test-user@localhost"); loginSuccess("test-user@localhost");