Merge pull request #2323 from abstractj/KEYCLOAK-2585

KEYCLOAK-2585: Changes on Brute force messages
2016-03-04 08:18:16 +01:00 · 2016-03-04 08:18:16 +01:00 · afdbdb285d
commit afdbdb285d
parent ad2638cc20 8d6f71e7d1
4 changed files with 4 additions and 4 deletions
--- a/services/src/main/java/org/keycloak/authentication/AuthenticationProcessor.java
+++ b/services/src/main/java/org/keycloak/authentication/AuthenticationProcessor.java
@ -569,7 +569,7 @@ public class AuthenticationProcessor {
            } else if (e.getError() == AuthenticationFlowError.USER_TEMPORARILY_DISABLED) {
                logger.failedAuthentication(e);
                event.error(Errors.USER_TEMPORARILY_DISABLED);
-                return ErrorPage.error(session, Messages.ACCOUNT_TEMPORARILY_DISABLED);
+                return ErrorPage.error(session, Messages.INVALID_USER);

            } else if (e.getError() == AuthenticationFlowError.INVALID_CLIENT_SESSION) {
                logger.failedAuthentication(e);
--- a/services/src/main/java/org/keycloak/authentication/authenticators/browser/AbstractUsernameFormAuthenticator.java
+++ b/services/src/main/java/org/keycloak/authentication/authenticators/browser/AbstractUsernameFormAuthenticator.java
@ -65,7 +65,7 @@ public abstract class AbstractUsernameFormAuthenticator extends AbstractFormAuth

    protected Response temporarilyDisabledUser(AuthenticationFlowContext context) {
        return context.form()
-                .setError(Messages.ACCOUNT_TEMPORARILY_DISABLED).createLogin();
+                .setError(Messages.INVALID_USER).createLogin();
    }

    protected Response invalidCredentials(AuthenticationFlowContext context) {
--- a/testsuite/integration-arquillian/tests/other/console/src/test/java/org/keycloak/testsuite/console/realm/SecurityDefensesTest.java
+++ b/testsuite/integration-arquillian/tests/other/console/src/test/java/org/keycloak/testsuite/console/realm/SecurityDefensesTest.java
@ -41,7 +41,7 @@ import static org.junit.Assert.*;
 public class SecurityDefensesTest extends AbstractRealmTest {
    
    public static final String INVALID_PWD_MSG = "Invalid username or password.";
-    public static final String ACC_DISABLED_MSG = "Account is temporarily disabled, contact admin or try again later.";
+    public static final String ACC_DISABLED_MSG = "Invalid username or password.";
    public static final short ATTEMPTS_BAD_PWD = 2;
    public static final short ATTEMPTS_GOOD_PWD = 1;

--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/BruteForceTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/BruteForceTest.java
@ -359,7 +359,7 @@ public class BruteForceTest {

        loginPage.assertCurrent();
        String src = driver.getPageSource();
-        Assert.assertEquals("Account is temporarily disabled, contact admin or try again later.", loginPage.getError());
+        Assert.assertEquals("Invalid username or password.", loginPage.getError());
        events.expectLogin().session((String) null).error(Errors.USER_TEMPORARILY_DISABLED)
                .detail(Details.USERNAME, "test-user@localhost")
                .removeDetail(Details.CONSENT)