Prosoft Git

keycloak-aplcache

KEYCLOAK-5420

12/15/2017 3:16:24 PM
Bill Burke

Bill Burke

Commit: 7cb39c2

Tree: ad78bba

Parents: 1c38cec

Changes

services/src/main/java/org/keycloak/authentication/authenticators/browser/AbstractUsernameFormAuthenticator.java 6(+4 -2)

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/FineGrainAdminUnitTest.java 2(+1 -1)

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/BruteForceTest.java 20(+20 -0)

Details

services/src/main/java/org/keycloak/authentication/authenticators/browser/AbstractUsernameFormAuthenticator.java 6(+4 -2) 

diff --git a/services/src/main/java/org/keycloak/authentication/authenticators/browser/AbstractUsernameFormAuthenticator.java b/services/src/main/java/org/keycloak/authentication/authenticators/browser/AbstractUsernameFormAuthenticator.java
index 72c10f5..b944149 100755
--- a/services/src/main/java/org/keycloak/authentication/authenticators/browser/AbstractUsernameFormAuthenticator.java
+++ b/services/src/main/java/org/keycloak/authentication/authenticators/browser/AbstractUsernameFormAuthenticator.java
@@ -125,7 +125,8 @@ public abstract class AbstractUsernameFormAuthenticator extends AbstractFormAuth
             context.getEvent().user(user);
             context.getEvent().error(Errors.USER_DISABLED);
             Response challengeResponse = disabledUser(context);
-            context.failureChallenge(AuthenticationFlowError.USER_DISABLED, challengeResponse);
+            // this is not a failure so don't call failureChallenge.
+            context.forceChallenge(challengeResponse);
             return false;
         }
         if (context.getRealm().isBruteForceProtected()) {
@@ -133,7 +134,8 @@ public abstract class AbstractUsernameFormAuthenticator extends AbstractFormAuth
                 context.getEvent().user(user);
                 context.getEvent().error(Errors.USER_TEMPORARILY_DISABLED);
                 Response challengeResponse = temporarilyDisabledUser(context);
-                context.failureChallenge(AuthenticationFlowError.USER_TEMPORARILY_DISABLED, challengeResponse);
+                // this is not a failure so don't call failureChallenge.
+                context.forceChallenge(challengeResponse);
                 return false;
             }
         }

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/FineGrainAdminUnitTest.java 2(+1 -1) 

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/FineGrainAdminUnitTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/FineGrainAdminUnitTest.java
index 1df6612..15f3b41 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/FineGrainAdminUnitTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/FineGrainAdminUnitTest.java
@@ -389,7 +389,7 @@ public class FineGrainAdminUnitTest extends AbstractKeycloakTest {
         return true;
     }
     
-    //@Test
+    @Test
     public void testDemo() throws Exception {
         testingClient.server().run(FineGrainAdminUnitTest::setupDemo);
         Thread.sleep(1000000000);

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/BruteForceTest.java 20(+20 -0) 

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/BruteForceTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/BruteForceTest.java
index a8fe41b..a10ffb6 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/BruteForceTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/BruteForceTest.java
@@ -45,6 +45,7 @@ import org.keycloak.testsuite.util.RealmRepUtil;
 import org.keycloak.testsuite.util.UserBuilder;
 
 import java.net.MalformedURLException;
+import java.util.Collections;
 
 import static org.junit.Assert.assertEquals;
 
@@ -67,6 +68,10 @@ public class BruteForceTest extends AbstractTestRealmKeycloakTest {
 
         testRealm.setBruteForceProtected(true);
         testRealm.setFailureFactor(2);
+        testRealm.setMaxDeltaTimeSeconds(200);
+        testRealm.setMaxFailureWaitSeconds(1000);
+        testRealm.setWaitIncrementSeconds(50);
+        testRealm.setQuickLoginCheckMilliSeconds(0L);
 
         userId = user.getId();
 
@@ -287,6 +292,21 @@ public class BruteForceTest extends AbstractTestRealmKeycloakTest {
     }
 
     @Test
+    public void testWait() throws Exception {
+        loginSuccess();
+        loginInvalidPassword();
+        loginInvalidPassword();
+        expectTemporarilyDisabled();
+        // KEYCLOAK-5420
+        // Test to make sure that temporarily disabled doesn't increment failure count
+        testingClient.testing().setTimeOffset(Collections.singletonMap("offset", String.valueOf(52)));
+        loginSuccess();
+        clearUserFailures();
+        clearAllUserFailures();
+        loginSuccess();
+    }
+
+    @Test
     public void testBrowserInvalidPasswordDifferentCase() throws Exception {
         loginSuccess("test-user@localhost");
         loginInvalidPassword("test-User@localhost");

Bonobo Git Server (6.3.0.632) © 2015 Jakub Chodounský · Official Page · Github