Merge remote-tracking branch 'upstream/master'
This commit is contained in:
commit
889fe8dd8c
7 changed files with 32 additions and 7 deletions
|
@ -107,9 +107,11 @@ public class KerberosIdentityProvider extends AbstractIdentityProvider<KerberosI
|
|||
Response response = request.getSession().getProvider(LoginFormsProvider.class)
|
||||
.setRealm(request.getRealm())
|
||||
.setUriInfo(request.getUriInfo())
|
||||
.setError("errorKerberosLogin")
|
||||
.setClient(request.getClientSession().getClient())
|
||||
.setClientSessionCode(getRelayState(request))
|
||||
.setWarning("errorKerberosLogin")
|
||||
.setStatus(Response.Status.UNAUTHORIZED)
|
||||
.createErrorPage();
|
||||
.createLogin();
|
||||
|
||||
response.getMetadata().putSingle(HttpHeaders.WWW_AUTHENTICATE, negotiateHeader);
|
||||
return AuthenticationResponse.fromResponse(response);
|
||||
|
|
|
@ -27,6 +27,7 @@ public interface Errors {
|
|||
String INVALID_SIGNATURE = "invalid_signature";
|
||||
String INVALID_REGISTRATION = "invalid_registration";
|
||||
String INVALID_FORM = "invalid_form";
|
||||
String EXPIRED_CODE = "expired_code";
|
||||
|
||||
String REGISTRATION_DISABLED = "registration_disabled";
|
||||
|
||||
|
|
|
@ -34,6 +34,7 @@ invalidPassword=Invalid username or password.
|
|||
invalidEmail=Invalid email address
|
||||
accountDisabled=Account is disabled, contact admin
|
||||
accountTemporarilyDisabled=Account is temporarily disabled, contact admin or try again later
|
||||
expiredCode=Login timeout or unknown action. Please login again
|
||||
|
||||
missingFirstName=Please specify first name
|
||||
missingLastName=Please specify last name
|
||||
|
@ -97,7 +98,7 @@ actionPasswordWarning=You need to change your password to activate your account.
|
|||
actionEmailWarning=You need to verify your email address to activate your account.
|
||||
actionFollow=Please fill in the fields below.
|
||||
|
||||
errorKerberosLogin=Unable to login with Kerberos
|
||||
errorKerberosLogin=Unable to login with Kerberos. Request Kerberos ticket or use different login mechanism
|
||||
|
||||
successHeader=Success!
|
||||
errorHeader=Error!
|
||||
|
|
|
@ -39,6 +39,8 @@ public class Messages {
|
|||
|
||||
public static final String INVALID_USER = "invalidUser";
|
||||
|
||||
public static final String EXPIRED_CODE = "expiredCode";
|
||||
|
||||
public static final String READ_ONLY_USER = "readOnlyUser";
|
||||
|
||||
public static final String READ_ONLY_PASSWORD = "readOnlyPassword";
|
||||
|
|
|
@ -275,8 +275,8 @@ public class LoginActionsService {
|
|||
ClientSessionModel clientSession = clientCode.getClientSession();
|
||||
if (!clientCode.isValid(ClientSessionModel.Action.AUTHENTICATE) || clientSession.getUserSession() != null) {
|
||||
clientCode.setAction(ClientSessionModel.Action.AUTHENTICATE);
|
||||
event.client(clientSession.getClient()).error(Errors.INVALID_CODE);
|
||||
return Flows.forms(this.session, realm, clientSession.getClient(), uriInfo).setError(Messages.INVALID_USER)
|
||||
event.client(clientSession.getClient()).error(Errors.EXPIRED_CODE);
|
||||
return Flows.forms(this.session, realm, clientSession.getClient(), uriInfo).setError(Messages.EXPIRED_CODE)
|
||||
.setClientSessionCode(clientCode.getCode())
|
||||
.createLogin();
|
||||
}
|
||||
|
|
|
@ -42,6 +42,7 @@ import org.keycloak.testsuite.pages.LoginPage;
|
|||
import org.keycloak.testsuite.rule.KeycloakRule;
|
||||
import org.keycloak.testsuite.rule.WebResource;
|
||||
import org.keycloak.testsuite.rule.WebRule;
|
||||
import org.keycloak.util.Time;
|
||||
import org.openqa.selenium.WebDriver;
|
||||
|
||||
import javax.ws.rs.client.Client;
|
||||
|
@ -276,4 +277,22 @@ public class LoginTest {
|
|||
events.expectLogin().error("rejected_by_user").user((String) null).session((String) null).removeDetail(Details.USERNAME).removeDetail(Details.CODE_ID).assertEvent();
|
||||
}
|
||||
|
||||
// KEYCLOAK-1037
|
||||
@Test
|
||||
public void loginExpiredCode() {
|
||||
try {
|
||||
loginPage.open();
|
||||
Time.setOffset(5000);
|
||||
loginPage.login("login@test.com", "password");
|
||||
|
||||
loginPage.assertCurrent();
|
||||
Assert.assertEquals("Login timeout or unknown action. Please login again", loginPage.getError());
|
||||
|
||||
events.expectLogin().user((String) null).session((String) null).error("expired_code").clearDetails().assertEvent();
|
||||
|
||||
} finally {
|
||||
Time.setOffset(0);
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -164,9 +164,9 @@ public class LoginTotpTest {
|
|||
loginTotpPage.login(totp.generate("totpSecret"));
|
||||
|
||||
loginPage.assertCurrent();
|
||||
Assert.assertEquals("Invalid username or password.", loginPage.getError());
|
||||
Assert.assertEquals("Login timeout or unknown action. Please login again", loginPage.getError());
|
||||
|
||||
AssertEvents.ExpectedEvent expectedEvent = events.expectLogin().error("invalid_code")
|
||||
AssertEvents.ExpectedEvent expectedEvent = events.expectLogin().error("expired_code")
|
||||
.user((String)null)
|
||||
.clearDetails()
|
||||
.session((String) null);
|
||||
|
|
Loading…
Reference in a new issue