libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions

page-expired error page shown when using browser back-button on forgot-password page after invalid login attempt

Browse source 
Closes #25440

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
This commit is contained in:
Douglas Palmer 2024-07-04 09:56:10 -07:00 committed by Marek Posolda
parent e79d10e71e
commit 9300903674
2 changed files with 15 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
services/src/main/java/org/keycloak/services/resources/SessionCodeChecks.java
View file

@ -53,6 +53,7 @@ import org.keycloak.services.messages.Messages;
import org.keycloak.services.util.BrowserHistoryHelper; import org.keycloak.services.util.BrowserHistoryHelper;
import org.keycloak.services.util.AuthenticationFlowURLHelper; import org.keycloak.services.util.AuthenticationFlowURLHelper;
import org.keycloak.sessions.AuthenticationSessionModel; import org.keycloak.sessions.AuthenticationSessionModel;
import org.keycloak.sessions.CommonClientSessionModel;
import org.keycloak.sessions.RootAuthenticationSessionModel; import org.keycloak.sessions.RootAuthenticationSessionModel;
@ -280,7 +281,7 @@ public class SessionCodeChecks {
} }
} }
if (execution == null || execution.equals(lastExecFromSession)) { if (execution == null || execution.equals(lastExecFromSession) || CommonClientSessionModel.ExecutionStatus.CHALLENGED.equals(authSession.getExecutionStatus().get(execution))) {
// Allow refresh of previous page // Allow refresh of previous page
clientCode = new ClientSessionCode<>(session, realm, authSession); clientCode = new ClientSessionCode<>(session, realm, authSession);
actionRequest = false; actionRequest = false;

10
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/ResetPasswordTest.java
View file

@ -376,6 +376,16 @@ public class ResetPasswordTest extends AbstractTestRealmKeycloakTest {
resetPassword("login@test.com"); resetPassword("login@test.com");
} }
@Test
public void resetPasswordBackButton() throws IOException, MessagingException {
loginPage.open();
loginPage.login("login@test.com", "wrongpassword");
loginPage.resetPassword();
resetPasswordPage.assertCurrent();
driver.navigate().back();
loginPage.assertCurrent();
}
private String resetPassword(String username) throws IOException, MessagingException { private String resetPassword(String username) throws IOException, MessagingException {
return resetPassword(username, "resetPassword"); return resetPassword(username, "resetPassword");
} }