Merge pull request #967 from mposolda/master
KEYCLOAK-1037 Bad error message on login form in case of expired code
This commit is contained in:
Marek Posolda
commit
e63900dac9
6 changed files with 27 additions and 4 deletions
|
|
@ -27,6 +27,7 @@ public interface Errors {
|
|||
String INVALID_SIGNATURE = "invalid_signature";
|
||||
String INVALID_REGISTRATION = "invalid_registration";
|
||||
String INVALID_FORM = "invalid_form";
|
||||
String EXPIRED_CODE = "expired_code";
|
||||
|
||||
String REGISTRATION_DISABLED = "registration_disabled";
|
||||
|
||||
|
|
|
|||
|
|
@ -34,6 +34,7 @@ invalidPassword=Invalid username or password.
|
|||
invalidEmail=Invalid email address
|
||||
accountDisabled=Account is disabled, contact admin
|
||||
accountTemporarilyDisabled=Account is temporarily disabled, contact admin or try again later
|
||||
expiredCode=Login timeout or unknown action. Please login again
|
||||
|
||||
missingFirstName=Please specify first name
|
||||
missingLastName=Please specify last name
|
||||
|
|
|
|||
|
|
@ -39,6 +39,8 @@ public class Messages {
|
|||
|
||||
public static final String INVALID_USER = "invalidUser";
|
||||
|
||||
public static final String EXPIRED_CODE = "expiredCode";
|
||||
|
||||
public static final String READ_ONLY_USER = "readOnlyUser";
|
||||
|
||||
public static final String READ_ONLY_PASSWORD = "readOnlyPassword";
|
||||
|
|
|
|||
|
|
@ -275,8 +275,8 @@ public class LoginActionsService {
|
|||
ClientSessionModel clientSession = clientCode.getClientSession();
|
||||
if (!clientCode.isValid(ClientSessionModel.Action.AUTHENTICATE) || clientSession.getUserSession() != null) {
|
||||
clientCode.setAction(ClientSessionModel.Action.AUTHENTICATE);
|
||||
event.client(clientSession.getClient()).error(Errors.INVALID_CODE);
|
||||
return Flows.forms(this.session, realm, clientSession.getClient(), uriInfo).setError(Messages.INVALID_USER)
|
||||
event.client(clientSession.getClient()).error(Errors.EXPIRED_CODE);
|
||||
return Flows.forms(this.session, realm, clientSession.getClient(), uriInfo).setError(Messages.EXPIRED_CODE)
|
||||
.setClientSessionCode(clientCode.getCode())
|
||||
.createLogin();
|
||||
}
|
||||
|
|
|
|||
|
|
@ -42,6 +42,7 @@ import org.keycloak.testsuite.pages.LoginPage;
|
|||
import org.keycloak.testsuite.rule.KeycloakRule;
|
||||
import org.keycloak.testsuite.rule.WebResource;
|
||||
import org.keycloak.testsuite.rule.WebRule;
|
||||
import org.keycloak.util.Time;
|
||||
import org.openqa.selenium.WebDriver;
|
||||
|
||||
import javax.ws.rs.client.Client;
|
||||
|
|
@ -276,4 +277,22 @@ public class LoginTest {
|
|||
events.expectLogin().error("rejected_by_user").user((String) null).session((String) null).removeDetail(Details.USERNAME).removeDetail(Details.CODE_ID).assertEvent();
|
||||
}
|
||||
|
||||
// KEYCLOAK-1037
|
||||
@Test
|
||||
public void loginExpiredCode() {
|
||||
try {
|
||||
loginPage.open();
|
||||
Time.setOffset(5000);
|
||||
loginPage.login("login@test.com", "password");
|
||||
|
||||
loginPage.assertCurrent();
|
||||
Assert.assertEquals("Login timeout or unknown action. Please login again", loginPage.getError());
|
||||
|
||||
events.expectLogin().user((String) null).session((String) null).error("expired_code").clearDetails().assertEvent();
|
||||
|
||||
} finally {
|
||||
Time.setOffset(0);
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -164,9 +164,9 @@ public class LoginTotpTest {
|
|||
loginTotpPage.login(totp.generate("totpSecret"));
|
||||
|
||||
loginPage.assertCurrent();
|
||||
Assert.assertEquals("Invalid username or password.", loginPage.getError());
|
||||
Assert.assertEquals("Login timeout or unknown action. Please login again", loginPage.getError());
|
||||
|
||||
AssertEvents.ExpectedEvent expectedEvent = events.expectLogin().error("invalid_code")
|
||||
AssertEvents.ExpectedEvent expectedEvent = events.expectLogin().error("expired_code")
|
||||
.user((String)null)
|
||||
.clearDetails()
|
||||
.session((String) null);
|
||||
|
|
|
|||
Loading…
Reference in a new issue