Merge pull request #1144 from TFaga/master
[KEYCLOAK-1211] Fixed AD users authenticating without providing a password
This commit is contained in:
commit
af736a29f1
2 changed files with 9 additions and 1 deletions
|
@ -601,7 +601,7 @@ public class AuthenticationManager {
|
|||
credentials.add(UserCredentialModel.totp(totp));
|
||||
}
|
||||
|
||||
if (password == null && passwordToken == null) {
|
||||
if ((password == null || password.isEmpty()) && (passwordToken == null || passwordToken.isEmpty())) {
|
||||
logger.debug("Password not provided");
|
||||
return AuthenticationStatus.MISSING_PASSWORD;
|
||||
}
|
||||
|
|
|
@ -202,6 +202,14 @@ public class FederationProvidersIntegrationTest {
|
|||
Assert.assertNotNull(oauth.getCurrentQuery().get(OAuth2Constants.CODE));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void loginLdapWithoutPassword() {
|
||||
loginPage.open();
|
||||
loginPage.login("john@email.org", "");
|
||||
|
||||
Assert.assertEquals("Invalid username or password.", loginPage.getError());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void passwordChangeLdap() throws Exception {
|
||||
changePasswordPage.open();
|
||||
|
|
Loading…
Reference in a new issue