KEYCLOAK-2561 Fix issues with blank password

This commit is contained in:
mposolda 2016-02-26 18:14:24 +01:00
parent d766c56eba
commit e7a5b88b2d
6 changed files with 28 additions and 4 deletions

View file

@ -86,7 +86,7 @@ public class Pbkdf2PasswordHashProvider implements PasswordHashProviderFactory,
byte[] key = getSecretKeyFactory().generateSecret(spec).getEncoded(); byte[] key = getSecretKeyFactory().generateSecret(spec).getEncoded();
return Base64.encodeBytes(key); return Base64.encodeBytes(key);
} catch (InvalidKeySpecException e) { } catch (InvalidKeySpecException e) {
throw new RuntimeException("Credential could not be encoded"); throw new RuntimeException("Credential could not be encoded", e);
} }
} }
@ -101,7 +101,7 @@ public class Pbkdf2PasswordHashProvider implements PasswordHashProviderFactory,
try { try {
return SecretKeyFactory.getInstance(PBKDF2_ALGORITHM); return SecretKeyFactory.getInstance(PBKDF2_ALGORITHM);
} catch (NoSuchAlgorithmException e) { } catch (NoSuchAlgorithmException e) {
throw new RuntimeException("PBKDF2 algorithm not found"); throw new RuntimeException("PBKDF2 algorithm not found", e);
} }
} }

View file

@ -71,7 +71,7 @@ public class CredentialValidation {
public static boolean validateHashedCredential(KeycloakSession session, RealmModel realm, UserModel user, String unhashedCredValue, UserCredentialValueModel credential) { public static boolean validateHashedCredential(KeycloakSession session, RealmModel realm, UserModel user, String unhashedCredValue, UserCredentialValueModel credential) {
if(unhashedCredValue == null){ if (unhashedCredValue == null || unhashedCredValue.isEmpty()) {
return false; return false;
} }

View file

@ -621,7 +621,7 @@ public class AccountService extends AbstractSecuredLocalService {
} }
} }
if (Validation.isEmpty(passwordNew)) { if (Validation.isBlank(passwordNew)) {
setReferrerOnPage(); setReferrerOnPage();
return account.setError(Messages.MISSING_PASSWORD).createResponse(AccountPages.PASSWORD); return account.setError(Messages.MISSING_PASSWORD).createResponse(AccountPages.PASSWORD);
} }

View file

@ -93,6 +93,7 @@ import org.keycloak.services.managers.BruteForceProtector;
import org.keycloak.services.managers.UserSessionManager; import org.keycloak.services.managers.UserSessionManager;
import org.keycloak.services.resources.AccountService; import org.keycloak.services.resources.AccountService;
import org.keycloak.common.util.Time; import org.keycloak.common.util.Time;
import org.keycloak.services.validation.Validation;
/** /**
* Base resource for managing users * Base resource for managing users
@ -707,6 +708,9 @@ public class UsersResource {
if (pass == null || pass.getValue() == null || !CredentialRepresentation.PASSWORD.equals(pass.getType())) { if (pass == null || pass.getValue() == null || !CredentialRepresentation.PASSWORD.equals(pass.getType())) {
throw new BadRequestException("No password provided"); throw new BadRequestException("No password provided");
} }
if (Validation.isBlank(pass.getValue())) {
throw new BadRequestException("Empty password not allowed");
}
UserCredentialModel cred = RepresentationToModel.convertCredential(pass); UserCredentialModel cred = RepresentationToModel.convertCredential(pass);
try { try {

View file

@ -62,6 +62,9 @@ public class ChangePasswordTest extends AbstractAccountManagementTest {
testRealmChangePasswordPage.changePasswords(correctPassword, NEW_PASSWORD, NEW_PASSWORD + "-mismatch"); testRealmChangePasswordPage.changePasswords(correctPassword, NEW_PASSWORD, NEW_PASSWORD + "-mismatch");
assertAlertError(); assertAlertError();
testRealmChangePasswordPage.changePasswords(correctPassword, " ", " ");
assertAlertError();
} }
@Test @Test

View file

@ -646,6 +646,23 @@ public class UserTest extends AbstractClientTest {
assertEquals("Keycloak Account Management", driver.getTitle()); assertEquals("Keycloak Account Management", driver.getTitle());
} }
@Test
public void resetUserInvalidPassword() {
String userId = createUser("user1", "user1@localhost");
try {
CredentialRepresentation cred = new CredentialRepresentation();
cred.setType(CredentialRepresentation.PASSWORD);
cred.setValue(" ");
cred.setTemporary(false);
realm.users().get(userId).resetPassword(cred);
fail("Expected failure");
} catch (ClientErrorException e) {
assertEquals(400, e.getResponse().getStatus());
e.getResponse().close();
}
}
private void switchEditUsernameAllowedOn() { private void switchEditUsernameAllowedOn() {
RealmRepresentation rep = realm.toRepresentation(); RealmRepresentation rep = realm.toRepresentation();
rep.setEditUsernameAllowed(true); rep.setEditUsernameAllowed(true);