diff --git a/services/src/main/java/org/keycloak/services/resources/LoginActionsService.java b/services/src/main/java/org/keycloak/services/resources/LoginActionsService.java
index 33988da..1e2bd85 100755
--- a/services/src/main/java/org/keycloak/services/resources/LoginActionsService.java
+++ b/services/src/main/java/org/keycloak/services/resources/LoginActionsService.java
@@ -152,12 +152,15 @@ public class LoginActionsService {
Response response;
boolean check(String code, ClientSessionModel.Action requiredAction) {
- if (!check(code)) return false;
- if (!clientCode.isValid(requiredAction)) {
+ if (!check(code)) {
+ return false;
+ } else if (!clientCode.isValid(requiredAction)) {
event.error(Errors.INVALID_CODE);
response = Flows.forwardToSecurityFailurePage(session, realm, uriInfo, "Invalid code, please login again through your application.");
+ return false;
+ } else {
+ return true;
}
- return true;
}
public boolean check(String code) {
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/ResetPasswordTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/ResetPasswordTest.java
index 6ac7860..5961120 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/ResetPasswordTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/ResetPasswordTest.java
@@ -48,6 +48,7 @@ import org.keycloak.testsuite.rule.GreenMailRule;
import org.keycloak.testsuite.rule.KeycloakRule;
import org.keycloak.testsuite.rule.WebResource;
import org.keycloak.testsuite.rule.WebRule;
+import org.keycloak.util.Time;
import org.openqa.selenium.WebDriver;
import javax.mail.MessagingException;
@@ -254,6 +255,39 @@ public class ResetPasswordTest {
}
@Test
+ public void resetPasswordExpiredCode() throws IOException, MessagingException, InterruptedException {
+ loginPage.open();
+ loginPage.resetPassword();
+
+ resetPasswordPage.assertCurrent();
+
+ resetPasswordPage.changePassword("login-test");
+
+ resetPasswordPage.assertCurrent();
+
+ String sessionId = events.expectRequiredAction(EventType.SEND_RESET_PASSWORD).user(userId).detail(Details.USERNAME, "login-test").detail(Details.EMAIL, "login@test.com").assertEvent().getSessionId();
+
+ Assert.assertEquals("You should receive an email shortly with further instructions.", resetPasswordPage.getSuccessMessage());
+
+ Assert.assertEquals(1, greenMail.getReceivedMessages().length);
+
+ MimeMessage message = greenMail.getReceivedMessages()[0];
+
+ String body = (String) message.getContent();
+ String changePasswordUrl = MailUtil.getLink(body);
+
+ Time.setOffset(350);
+
+ driver.navigate().to(changePasswordUrl.trim());
+
+ errorPage.assertCurrent();
+
+ Assert.assertEquals("Invalid code, please login again through your application.", errorPage.getError());
+
+ events.expectRequiredAction(EventType.RESET_PASSWORD).error("invalid_code").client((String) null).user((String) null).session((String) null).clearDetails().assertEvent();
+ }
+
+ @Test
public void resetPasswordDisabledUser() throws IOException, MessagingException, InterruptedException {
keycloakRule.configure(new KeycloakRule.KeycloakSetup() {
@Override
