diff --git a/events/api/src/main/java/org/keycloak/events/Errors.java b/events/api/src/main/java/org/keycloak/events/Errors.java index a0f536c324..2fa691e7c8 100755 --- a/events/api/src/main/java/org/keycloak/events/Errors.java +++ b/events/api/src/main/java/org/keycloak/events/Errors.java @@ -27,6 +27,7 @@ public interface Errors { String INVALID_SIGNATURE = "invalid_signature"; String INVALID_REGISTRATION = "invalid_registration"; String INVALID_FORM = "invalid_form"; + String EXPIRED_CODE = "expired_code"; String REGISTRATION_DISABLED = "registration_disabled"; diff --git a/forms/common-themes/src/main/resources/theme/login/base/messages/messages.properties b/forms/common-themes/src/main/resources/theme/login/base/messages/messages.properties index 7bec3b1130..5026413b5a 100755 --- a/forms/common-themes/src/main/resources/theme/login/base/messages/messages.properties +++ b/forms/common-themes/src/main/resources/theme/login/base/messages/messages.properties @@ -34,6 +34,7 @@ invalidPassword=Invalid username or password. invalidEmail=Invalid email address accountDisabled=Account is disabled, contact admin accountTemporarilyDisabled=Account is temporarily disabled, contact admin or try again later +expiredCode=Login timeout or unknown action. Please login again missingFirstName=Please specify first name missingLastName=Please specify last name diff --git a/services/src/main/java/org/keycloak/services/messages/Messages.java b/services/src/main/java/org/keycloak/services/messages/Messages.java index c2eaaaad55..0ad03522f8 100755 --- a/services/src/main/java/org/keycloak/services/messages/Messages.java +++ b/services/src/main/java/org/keycloak/services/messages/Messages.java @@ -39,6 +39,8 @@ public class Messages { public static final String INVALID_USER = "invalidUser"; + public static final String EXPIRED_CODE = "expiredCode"; + public static final String READ_ONLY_USER = "readOnlyUser"; public static final String READ_ONLY_PASSWORD = "readOnlyPassword"; diff --git a/services/src/main/java/org/keycloak/services/resources/LoginActionsService.java b/services/src/main/java/org/keycloak/services/resources/LoginActionsService.java index 1e2bd858ec..0ed09d04b9 100755 --- a/services/src/main/java/org/keycloak/services/resources/LoginActionsService.java +++ b/services/src/main/java/org/keycloak/services/resources/LoginActionsService.java @@ -275,8 +275,8 @@ public class LoginActionsService { ClientSessionModel clientSession = clientCode.getClientSession(); if (!clientCode.isValid(ClientSessionModel.Action.AUTHENTICATE) || clientSession.getUserSession() != null) { clientCode.setAction(ClientSessionModel.Action.AUTHENTICATE); - event.client(clientSession.getClient()).error(Errors.INVALID_CODE); - return Flows.forms(this.session, realm, clientSession.getClient(), uriInfo).setError(Messages.INVALID_USER) + event.client(clientSession.getClient()).error(Errors.EXPIRED_CODE); + return Flows.forms(this.session, realm, clientSession.getClient(), uriInfo).setError(Messages.EXPIRED_CODE) .setClientSessionCode(clientCode.getCode()) .createLogin(); } diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/LoginTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/LoginTest.java index 3741c30c4a..eb71e08946 100755 --- a/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/LoginTest.java +++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/LoginTest.java @@ -42,6 +42,7 @@ import org.keycloak.testsuite.pages.LoginPage; import org.keycloak.testsuite.rule.KeycloakRule; import org.keycloak.testsuite.rule.WebResource; import org.keycloak.testsuite.rule.WebRule; +import org.keycloak.util.Time; import org.openqa.selenium.WebDriver; import javax.ws.rs.client.Client; @@ -276,4 +277,22 @@ public class LoginTest { events.expectLogin().error("rejected_by_user").user((String) null).session((String) null).removeDetail(Details.USERNAME).removeDetail(Details.CODE_ID).assertEvent(); } + // KEYCLOAK-1037 + @Test + public void loginExpiredCode() { + try { + loginPage.open(); + Time.setOffset(5000); + loginPage.login("login@test.com", "password"); + + loginPage.assertCurrent(); + Assert.assertEquals("Login timeout or unknown action. Please login again", loginPage.getError()); + + events.expectLogin().user((String) null).session((String) null).error("expired_code").clearDetails().assertEvent(); + + } finally { + Time.setOffset(0); + } + } + } diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/LoginTotpTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/LoginTotpTest.java index 4673165919..d308c3e02d 100755 --- a/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/LoginTotpTest.java +++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/LoginTotpTest.java @@ -164,9 +164,9 @@ public class LoginTotpTest { loginTotpPage.login(totp.generate("totpSecret")); loginPage.assertCurrent(); - Assert.assertEquals("Invalid username or password.", loginPage.getError()); + Assert.assertEquals("Login timeout or unknown action. Please login again", loginPage.getError()); - AssertEvents.ExpectedEvent expectedEvent = events.expectLogin().error("invalid_code") + AssertEvents.ExpectedEvent expectedEvent = events.expectLogin().error("expired_code") .user((String)null) .clearDetails() .session((String) null);