libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions

Fix test for brute force detection of recovery codes (#20784)

Browse source
This commit is contained in:
Jon Koops 2023-06-05 17:55:30 +02:00 committed by GitHub
parent 2b16fda3a1
commit 8eee3f434b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/RecoveryAuthnCodesAuthenticatorTest.java
View file

@ -28,7 +28,6 @@ import org.keycloak.testsuite.pages.SetupRecoveryAuthnCodesPage;
import org.keycloak.testsuite.util.FlowUtil; import org.keycloak.testsuite.util.FlowUtil;
import org.openqa.selenium.WebDriver; import org.openqa.selenium.WebDriver;
import org.junit.Assert; import org.junit.Assert;
import org.keycloak.testsuite.util.WaitUtils;
import java.util.Arrays; import java.util.Arrays;
import java.util.List; import java.util.List;
@ -206,16 +205,15 @@ public class RecoveryAuthnCodesAuthenticatorTest extends AbstractTestRealmKeyclo
long randomNumber = (long)Math.random()*1000000000000L; long randomNumber = (long)Math.random()*1000000000000L;
enterRecoveryAuthnCodePage.enterRecoveryAuthnCode(String.valueOf(randomNumber)); enterRecoveryAuthnCodePage.enterRecoveryAuthnCode(String.valueOf(randomNumber));
enterRecoveryAuthnCodePage.clickSignInButton(); enterRecoveryAuthnCodePage.clickSignInButton();
WaitUtils.waitForPageToLoad();
enterRecoveryAuthnCodePage.assertCurrent(); enterRecoveryAuthnCodePage.assertCurrent();
String feedbackText = enterRecoveryAuthnCodePage.getFeedbackText(); String feedbackText = enterRecoveryAuthnCodePage.getFeedbackText();
Assert.assertEquals(feedbackText, "Invalid recovery authentication code"); Assert.assertEquals("Invalid recovery authentication code", feedbackText);
} }
// Now enter the right code which should not work // Now enter the right code which should not work
enterRecoveryAuthnCodePage.enterRecoveryAuthnCode(generatedRecoveryAuthnCodes.get(enterRecoveryAuthnCodePage.getRecoveryAuthnCodeToEnterNumber())); enterRecoveryAuthnCodePage.enterRecoveryAuthnCode(generatedRecoveryAuthnCodes.get(enterRecoveryAuthnCodePage.getRecoveryAuthnCodeToEnterNumber()));
enterRecoveryAuthnCodePage.clickSignInButton(); enterRecoveryAuthnCodePage.clickSignInButton();
// Message changes after exhausting number of brute force attempts // Message changes after exhausting number of brute force attempts
Assert.assertEquals(enterRecoveryAuthnCodePage.getFeedbackText(), "Invalid username or password."); Assert.assertEquals("Invalid username or password.", enterRecoveryAuthnCodePage.getFeedbackText());
enterRecoveryAuthnCodePage.assertAccountLinkAvailability(false); enterRecoveryAuthnCodePage.assertAccountLinkAvailability(false);
} finally { } finally {
RealmRepresentation rep = testRealm().toRepresentation(); RealmRepresentation rep = testRealm().toRepresentation();