From 96db7e31541cfda93e790ef7dbd95c1754f24f5a Mon Sep 17 00:00:00 2001 From: Gilvan Filho Date: Thu, 4 Apr 2024 10:01:45 -0300 Subject: [PATCH] fix NotContainsUsernamePasswordPolicyProvider: reversed check closes #28389 Signed-off-by: Gilvan Filho --- .../NotContainsUsernamePasswordPolicyProvider.java | 2 +- .../org/keycloak/testsuite/forms/RegisterTest.java | 11 +++++++---- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/server-spi-private/src/main/java/org/keycloak/policy/NotContainsUsernamePasswordPolicyProvider.java b/server-spi-private/src/main/java/org/keycloak/policy/NotContainsUsernamePasswordPolicyProvider.java index c0958c525b..7d1e020b48 100644 --- a/server-spi-private/src/main/java/org/keycloak/policy/NotContainsUsernamePasswordPolicyProvider.java +++ b/server-spi-private/src/main/java/org/keycloak/policy/NotContainsUsernamePasswordPolicyProvider.java @@ -36,7 +36,7 @@ public class NotContainsUsernamePasswordPolicyProvider implements PasswordPolicy if (username == null) { return null; } - return username.contains(password) ? new PolicyError(ERROR_MESSAGE) : null; + return password.contains(username) ? new PolicyError(ERROR_MESSAGE) : null; } @Override diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/RegisterTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/RegisterTest.java index cf167b38c6..1587862339 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/RegisterTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/RegisterTest.java @@ -608,16 +608,19 @@ public class RegisterTest extends AbstractTestRealmKeycloakTest { loginPage.clickRegister(); registerPage.assertCurrent(); - registerPage.register("firstName", "lastName", "registerUserNotContainsUsername@email", "registerUserNotContainsUsername", "registerUserNotContainsUsername", "registerUserNotContainsUsername"); - + registerPage.register("firstName", "lastName", "registerUserNotContainsUsername@email", "Bob", "Bob123", "Bob123"); assertTrue(registerPage.isCurrent()); assertEquals("Invalid password: Can not contains the username.", registerPage.getInputPasswordErrors().getPasswordError()); - try (Response response = adminClient.realm("test").users().create(UserBuilder.create().username("registerUserNotContainsUsername").build())) { + registerPage.register("firstName", "lastName", "registerUserNotContainsUsername@email", "Bob", "123Bob", "123Bob"); + assertTrue(registerPage.isCurrent()); + assertEquals("Invalid password: Can not contains the username.", registerPage.getInputPasswordErrors().getPasswordError()); + + try (Response response = adminClient.realm("test").users().create(UserBuilder.create().username("Bob").build())) { assertEquals(Response.Status.CREATED.getStatusCode(), response.getStatus()); } - registerPage.register("firstName", "lastName", "registerUserNotContainsUsername@email", "registerUserNotContainsUsername", "registerUserNotContainsUsername", "registerUserNotContainsUsername"); + registerPage.register("firstName", "lastName", "registerUserNotContainsUsername@email", "Bob", "registerUserNotContainsUsername", "registerUserNotContainsUsername"); assertTrue(registerPage.isCurrent()); assertEquals("Username already exists.", registerPage.getInputAccountErrors().getUsernameError());