page-expired error page shown when using browser back-button on forgot-password page after invalid login attempt
Closes #25440 Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
This commit is contained in:
Douglas Palmer
Marek Posolda
parent
e79d10e71e
commit
9300903674
2 changed files with 15 additions and 4 deletions
|
|
@ -53,6 +53,7 @@ import org.keycloak.services.messages.Messages;
|
||||||
import org.keycloak.services.util.BrowserHistoryHelper;
|
import org.keycloak.services.util.BrowserHistoryHelper;
|
||||||
import org.keycloak.services.util.AuthenticationFlowURLHelper;
|
import org.keycloak.services.util.AuthenticationFlowURLHelper;
|
||||||
import org.keycloak.sessions.AuthenticationSessionModel;
|
import org.keycloak.sessions.AuthenticationSessionModel;
|
||||||
|
import org.keycloak.sessions.CommonClientSessionModel;
|
||||||
import org.keycloak.sessions.RootAuthenticationSessionModel;
|
import org.keycloak.sessions.RootAuthenticationSessionModel;
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -280,7 +281,7 @@ public class SessionCodeChecks {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (execution == null || execution.equals(lastExecFromSession)) {
|
if (execution == null || execution.equals(lastExecFromSession) || CommonClientSessionModel.ExecutionStatus.CHALLENGED.equals(authSession.getExecutionStatus().get(execution))) {
|
||||||
// Allow refresh of previous page
|
// Allow refresh of previous page
|
||||||
clientCode = new ClientSessionCode<>(session, realm, authSession);
|
clientCode = new ClientSessionCode<>(session, realm, authSession);
|
||||||
actionRequest = false;
|
actionRequest = false;
|
||||||
|
|
|
||||||
|
|
@ -376,6 +376,16 @@ public class ResetPasswordTest extends AbstractTestRealmKeycloakTest {
|
||||||
resetPassword("login@test.com");
|
resetPassword("login@test.com");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void resetPasswordBackButton() throws IOException, MessagingException {
|
||||||
|
loginPage.open();
|
||||||
|
loginPage.login("login@test.com", "wrongpassword");
|
||||||
|
loginPage.resetPassword();
|
||||||
|
resetPasswordPage.assertCurrent();
|
||||||
|
driver.navigate().back();
|
||||||
|
loginPage.assertCurrent();
|
||||||
|
}
|
||||||
|
|
||||||
private String resetPassword(String username) throws IOException, MessagingException {
|
private String resetPassword(String username) throws IOException, MessagingException {
|
||||||
return resetPassword(username, "resetPassword");
|
return resetPassword(username, "resetPassword");
|
||||||
}
|
}
|
||||||
|
|
@ -463,7 +473,7 @@ public class ResetPasswordTest extends AbstractTestRealmKeycloakTest {
|
||||||
loginPage.resetPassword();
|
loginPage.resetPassword();
|
||||||
|
|
||||||
resetPasswordPage.assertCurrent();
|
resetPasswordPage.assertCurrent();
|
||||||
|
|
||||||
resetPasswordPage.changePassword(username);
|
resetPasswordPage.changePassword(username);
|
||||||
|
|
||||||
loginPage.assertCurrent();
|
loginPage.assertCurrent();
|
||||||
|
|
@ -1059,12 +1069,12 @@ public class ResetPasswordTest extends AbstractTestRealmKeycloakTest {
|
||||||
@Test
|
@Test
|
||||||
public void resetPasswordBeforeUserIsDisabled() throws IOException, MessagingException {
|
public void resetPasswordBeforeUserIsDisabled() throws IOException, MessagingException {
|
||||||
initiateResetPasswordFromResetPasswordPage("login-test");
|
initiateResetPasswordFromResetPasswordPage("login-test");
|
||||||
|
|
||||||
assertEquals(1, greenMail.getReceivedMessages().length);
|
assertEquals(1, greenMail.getReceivedMessages().length);
|
||||||
MimeMessage message = greenMail.getReceivedMessages()[0];
|
MimeMessage message = greenMail.getReceivedMessages()[0];
|
||||||
String changePasswordUrl = MailUtils.getPasswordResetEmailLink(message);
|
String changePasswordUrl = MailUtils.getPasswordResetEmailLink(message);
|
||||||
events.expectRequiredAction(EventType.SEND_RESET_PASSWORD).session((String)null).user(userId).detail(Details.USERNAME, "login-test").detail(Details.EMAIL, "login@test.com").assertEvent();
|
events.expectRequiredAction(EventType.SEND_RESET_PASSWORD).session((String)null).user(userId).detail(Details.USERNAME, "login-test").detail(Details.EMAIL, "login@test.com").assertEvent();
|
||||||
|
|
||||||
UserRepresentation user = findUser("login-test");
|
UserRepresentation user = findUser("login-test");
|
||||||
user.setEnabled(false);
|
user.setEnabled(false);
|
||||||
updateUser(user);
|
updateUser(user);
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue