libre.sh/keycloak-scim
4
0
Fork 0
Code Issues 15 Pull requests Releases 1 Activity Actions

Merge pull request #2323 from abstractj/KEYCLOAK-2585

Browse source 
KEYCLOAK-2585: Changes on Brute force messages
This commit is contained in:
Stian Thorgersen 2016-03-04 08:18:16 +01:00
commit afdbdb285d
4 changed files with 4 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
services/src/main/java/org/keycloak/authentication/AuthenticationProcessor.java
View file

@ -569,7 +569,7 @@ public class AuthenticationProcessor {
} else if (e.getError() == AuthenticationFlowError.USER_TEMPORARILY_DISABLED) { } else if (e.getError() == AuthenticationFlowError.USER_TEMPORARILY_DISABLED) {
logger.failedAuthentication(e); logger.failedAuthentication(e);
event.error(Errors.USER_TEMPORARILY_DISABLED); event.error(Errors.USER_TEMPORARILY_DISABLED);
return ErrorPage.error(session, Messages.ACCOUNT_TEMPORARILY_DISABLED); return ErrorPage.error(session, Messages.INVALID_USER);
} else if (e.getError() == AuthenticationFlowError.INVALID_CLIENT_SESSION) { } else if (e.getError() == AuthenticationFlowError.INVALID_CLIENT_SESSION) {
logger.failedAuthentication(e); logger.failedAuthentication(e);

2
services/src/main/java/org/keycloak/authentication/authenticators/browser/AbstractUsernameFormAuthenticator.java
View file

@ -65,7 +65,7 @@ public abstract class AbstractUsernameFormAuthenticator extends AbstractFormAuth
protected Response temporarilyDisabledUser(AuthenticationFlowContext context) { protected Response temporarilyDisabledUser(AuthenticationFlowContext context) {
return context.form() return context.form()
.setError(Messages.ACCOUNT_TEMPORARILY_DISABLED).createLogin(); .setError(Messages.INVALID_USER).createLogin();
} }
protected Response invalidCredentials(AuthenticationFlowContext context) { protected Response invalidCredentials(AuthenticationFlowContext context) {

2
testsuite/integration-arquillian/tests/other/console/src/test/java/org/keycloak/testsuite/console/realm/SecurityDefensesTest.java
View file

@ -41,7 +41,7 @@ import static org.junit.Assert.*;
public class SecurityDefensesTest extends AbstractRealmTest { public class SecurityDefensesTest extends AbstractRealmTest {
public static final String INVALID_PWD_MSG = "Invalid username or password."; public static final String INVALID_PWD_MSG = "Invalid username or password.";
public static final String ACC_DISABLED_MSG = "Account is temporarily disabled, contact admin or try again later."; public static final String ACC_DISABLED_MSG = "Invalid username or password.";
public static final short ATTEMPTS_BAD_PWD = 2; public static final short ATTEMPTS_BAD_PWD = 2;
public static final short ATTEMPTS_GOOD_PWD = 1; public static final short ATTEMPTS_GOOD_PWD = 1;

2
testsuite/integration/src/test/java/org/keycloak/testsuite/forms/BruteForceTest.java
View file

@ -359,7 +359,7 @@ public class BruteForceTest {
loginPage.assertCurrent(); loginPage.assertCurrent();
String src = driver.getPageSource(); String src = driver.getPageSource();
Assert.assertEquals("Account is temporarily disabled, contact admin or try again later.", loginPage.getError()); Assert.assertEquals("Invalid username or password.", loginPage.getError());
events.expectLogin().session((String) null).error(Errors.USER_TEMPORARILY_DISABLED) events.expectLogin().session((String) null).error(Errors.USER_TEMPORARILY_DISABLED)
.detail(Details.USERNAME, "test-user@localhost") .detail(Details.USERNAME, "test-user@localhost")
.removeDetail(Details.CONSENT) .removeDetail(Details.CONSENT)