KEYCLOAK-2561 Fix issues with blank password
This commit is contained in:
parent
d766c56eba
commit
e7a5b88b2d
6 changed files with 28 additions and 4 deletions
|
@ -86,7 +86,7 @@ public class Pbkdf2PasswordHashProvider implements PasswordHashProviderFactory,
|
||||||
byte[] key = getSecretKeyFactory().generateSecret(spec).getEncoded();
|
byte[] key = getSecretKeyFactory().generateSecret(spec).getEncoded();
|
||||||
return Base64.encodeBytes(key);
|
return Base64.encodeBytes(key);
|
||||||
} catch (InvalidKeySpecException e) {
|
} catch (InvalidKeySpecException e) {
|
||||||
throw new RuntimeException("Credential could not be encoded");
|
throw new RuntimeException("Credential could not be encoded", e);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -101,7 +101,7 @@ public class Pbkdf2PasswordHashProvider implements PasswordHashProviderFactory,
|
||||||
try {
|
try {
|
||||||
return SecretKeyFactory.getInstance(PBKDF2_ALGORITHM);
|
return SecretKeyFactory.getInstance(PBKDF2_ALGORITHM);
|
||||||
} catch (NoSuchAlgorithmException e) {
|
} catch (NoSuchAlgorithmException e) {
|
||||||
throw new RuntimeException("PBKDF2 algorithm not found");
|
throw new RuntimeException("PBKDF2 algorithm not found", e);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -71,7 +71,7 @@ public class CredentialValidation {
|
||||||
|
|
||||||
|
|
||||||
public static boolean validateHashedCredential(KeycloakSession session, RealmModel realm, UserModel user, String unhashedCredValue, UserCredentialValueModel credential) {
|
public static boolean validateHashedCredential(KeycloakSession session, RealmModel realm, UserModel user, String unhashedCredValue, UserCredentialValueModel credential) {
|
||||||
if(unhashedCredValue == null){
|
if (unhashedCredValue == null || unhashedCredValue.isEmpty()) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -621,7 +621,7 @@ public class AccountService extends AbstractSecuredLocalService {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (Validation.isEmpty(passwordNew)) {
|
if (Validation.isBlank(passwordNew)) {
|
||||||
setReferrerOnPage();
|
setReferrerOnPage();
|
||||||
return account.setError(Messages.MISSING_PASSWORD).createResponse(AccountPages.PASSWORD);
|
return account.setError(Messages.MISSING_PASSWORD).createResponse(AccountPages.PASSWORD);
|
||||||
}
|
}
|
||||||
|
|
|
@ -93,6 +93,7 @@ import org.keycloak.services.managers.BruteForceProtector;
|
||||||
import org.keycloak.services.managers.UserSessionManager;
|
import org.keycloak.services.managers.UserSessionManager;
|
||||||
import org.keycloak.services.resources.AccountService;
|
import org.keycloak.services.resources.AccountService;
|
||||||
import org.keycloak.common.util.Time;
|
import org.keycloak.common.util.Time;
|
||||||
|
import org.keycloak.services.validation.Validation;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Base resource for managing users
|
* Base resource for managing users
|
||||||
|
@ -707,6 +708,9 @@ public class UsersResource {
|
||||||
if (pass == null || pass.getValue() == null || !CredentialRepresentation.PASSWORD.equals(pass.getType())) {
|
if (pass == null || pass.getValue() == null || !CredentialRepresentation.PASSWORD.equals(pass.getType())) {
|
||||||
throw new BadRequestException("No password provided");
|
throw new BadRequestException("No password provided");
|
||||||
}
|
}
|
||||||
|
if (Validation.isBlank(pass.getValue())) {
|
||||||
|
throw new BadRequestException("Empty password not allowed");
|
||||||
|
}
|
||||||
|
|
||||||
UserCredentialModel cred = RepresentationToModel.convertCredential(pass);
|
UserCredentialModel cred = RepresentationToModel.convertCredential(pass);
|
||||||
try {
|
try {
|
||||||
|
|
|
@ -62,6 +62,9 @@ public class ChangePasswordTest extends AbstractAccountManagementTest {
|
||||||
|
|
||||||
testRealmChangePasswordPage.changePasswords(correctPassword, NEW_PASSWORD, NEW_PASSWORD + "-mismatch");
|
testRealmChangePasswordPage.changePasswords(correctPassword, NEW_PASSWORD, NEW_PASSWORD + "-mismatch");
|
||||||
assertAlertError();
|
assertAlertError();
|
||||||
|
|
||||||
|
testRealmChangePasswordPage.changePasswords(correctPassword, " ", " ");
|
||||||
|
assertAlertError();
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
|
|
|
@ -646,6 +646,23 @@ public class UserTest extends AbstractClientTest {
|
||||||
assertEquals("Keycloak Account Management", driver.getTitle());
|
assertEquals("Keycloak Account Management", driver.getTitle());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void resetUserInvalidPassword() {
|
||||||
|
String userId = createUser("user1", "user1@localhost");
|
||||||
|
|
||||||
|
try {
|
||||||
|
CredentialRepresentation cred = new CredentialRepresentation();
|
||||||
|
cred.setType(CredentialRepresentation.PASSWORD);
|
||||||
|
cred.setValue(" ");
|
||||||
|
cred.setTemporary(false);
|
||||||
|
realm.users().get(userId).resetPassword(cred);
|
||||||
|
fail("Expected failure");
|
||||||
|
} catch (ClientErrorException e) {
|
||||||
|
assertEquals(400, e.getResponse().getStatus());
|
||||||
|
e.getResponse().close();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
private void switchEditUsernameAllowedOn() {
|
private void switchEditUsernameAllowedOn() {
|
||||||
RealmRepresentation rep = realm.toRepresentation();
|
RealmRepresentation rep = realm.toRepresentation();
|
||||||
rep.setEditUsernameAllowed(true);
|
rep.setEditUsernameAllowed(true);
|
||||||
|
|
Loading…
Reference in a new issue