keycloak-aplcache
Changes
services/src/main/java/org/keycloak/authentication/authenticators/directgrant/ValidateUsername.java 2(+1 -1)
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/BruteForceTest.java 12(+9 -3)
Details
diff --git a/services/src/main/java/org/keycloak/authentication/authenticators/directgrant/ValidateUsername.java b/services/src/main/java/org/keycloak/authentication/authenticators/directgrant/ValidateUsername.java
index a1cbbe5..6f19366 100755
--- a/services/src/main/java/org/keycloak/authentication/authenticators/directgrant/ValidateUsername.java
+++ b/services/src/main/java/org/keycloak/authentication/authenticators/directgrant/ValidateUsername.java
@@ -85,7 +85,7 @@ public class ValidateUsername extends AbstractDirectGrantAuthenticator {
if (context.getProtector().isTemporarilyDisabled(context.getSession(), context.getRealm(), user)) {
context.getEvent().user(user);
context.getEvent().error(Errors.USER_TEMPORARILY_DISABLED);
- Response challengeResponse = errorResponse(Response.Status.BAD_REQUEST.getStatusCode(), "invalid_grant", "Account temporarily disabled");
+ Response challengeResponse = errorResponse(Response.Status.UNAUTHORIZED.getStatusCode(), "invalid_grant", "Invalid user credentials");
context.failure(AuthenticationFlowError.INVALID_USER, challengeResponse);
return;
}
diff --git a/services/src/main/java/org/keycloak/protocol/oidc/endpoints/TokenEndpoint.java b/services/src/main/java/org/keycloak/protocol/oidc/endpoints/TokenEndpoint.java
index 562a208..fbb0ab1 100644
--- a/services/src/main/java/org/keycloak/protocol/oidc/endpoints/TokenEndpoint.java
+++ b/services/src/main/java/org/keycloak/protocol/oidc/endpoints/TokenEndpoint.java
@@ -485,7 +485,7 @@ public class TokenEndpoint {
UserModel user = authSession.getAuthenticatedUser();
if (user.getRequiredActions() != null && user.getRequiredActions().size() > 0) {
event.error(Errors.RESOLVE_REQUIRED_ACTIONS);
- throw new ErrorResponseException(OAuthErrorException.INVALID_GRANT, "Account is not fully set up", Response.Status.BAD_REQUEST);
+ throw new ErrorResponseException(OAuthErrorException.INVALID_GRANT, "Invalid user credentials", Response.Status.UNAUTHORIZED);
}
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/BruteForceTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/BruteForceTest.java
index 6741577..a8fe41b 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/BruteForceTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/BruteForceTest.java
@@ -164,7 +164,8 @@ public class BruteForceTest extends AbstractTestRealmKeycloakTest {
Assert.assertNull(response.getAccessToken());
Assert.assertNotNull(response.getError());
Assert.assertEquals("invalid_grant", response.getError());
- Assert.assertEquals("Account temporarily disabled", response.getErrorDescription());
+ Assert.assertEquals("Invalid user credentials", response.getErrorDescription());
+ assertUserDisabledEvent();
events.clear();
}
clearUserFailures();
@@ -207,7 +208,8 @@ public class BruteForceTest extends AbstractTestRealmKeycloakTest {
assertTokenNull(response);
Assert.assertNotNull(response.getError());
Assert.assertEquals(response.getError(), "invalid_grant");
- Assert.assertEquals(response.getErrorDescription(), "Account temporarily disabled");
+ Assert.assertEquals("Invalid user credentials", response.getErrorDescription());
+ assertUserDisabledEvent();
events.clear();
}
clearUserFailures();
@@ -254,7 +256,8 @@ public class BruteForceTest extends AbstractTestRealmKeycloakTest {
assertTokenNull(response);
Assert.assertNotNull(response.getError());
Assert.assertEquals(response.getError(), "invalid_grant");
- Assert.assertEquals(response.getErrorDescription(), "Account temporarily disabled");
+ Assert.assertEquals("Invalid user credentials", response.getErrorDescription());
+ assertUserDisabledEvent();
events.clear();
}
clearUserFailures();
@@ -541,4 +544,7 @@ public class BruteForceTest extends AbstractTestRealmKeycloakTest {
events.clear();
}
+ private void assertUserDisabledEvent() {
+ events.expect(EventType.LOGIN_ERROR).error(Errors.USER_TEMPORARILY_DISABLED).assertEvent();
+ }
}
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/AccessTokenTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/AccessTokenTest.java
index 601231f..961bf19 100755
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/AccessTokenTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/AccessTokenTest.java
@@ -611,7 +611,7 @@ public class AccessTokenTest extends AbstractKeycloakTest {
Response response = executeGrantAccessTokenRequest(grantTarget);
- assertEquals(400, response.getStatus());
+ assertEquals(401, response.getStatus());
response.close();
{
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ResourceOwnerPasswordCredentialsGrantTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ResourceOwnerPasswordCredentialsGrantTest.java
index efaf4bd..81debe1 100755
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ResourceOwnerPasswordCredentialsGrantTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ResourceOwnerPasswordCredentialsGrantTest.java
@@ -330,10 +330,10 @@ public class ResourceOwnerPasswordCredentialsGrantTest extends AbstractKeycloakT
OAuthClient.AccessTokenResponse response = oauth.doGrantAccessTokenRequest("secret", "test-user@localhost", "password");
- assertEquals(400, response.getStatusCode());
+ assertEquals(401, response.getStatusCode());
assertEquals("invalid_grant", response.getError());
- assertEquals("Account is not fully set up", response.getErrorDescription());
+ assertEquals("Invalid user credentials", response.getErrorDescription());
events.expectLogin()
.client("resource-owner")
@@ -361,10 +361,10 @@ public class ResourceOwnerPasswordCredentialsGrantTest extends AbstractKeycloakT
OAuthClient.AccessTokenResponse response = oauth.doGrantAccessTokenRequest("secret", "test-user@localhost", "password");
- assertEquals(400, response.getStatusCode());
+ assertEquals(401, response.getStatusCode());
assertEquals("invalid_grant", response.getError());
- assertEquals("Account is not fully set up", response.getErrorDescription());
+ assertEquals("Invalid user credentials", response.getErrorDescription());
setTimeOffset(0);