diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/pages/LoginPage.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/pages/LoginPage.java index 4058afc1fe5..a2680848e83 100755 --- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/pages/LoginPage.java +++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/pages/LoginPage.java @@ -155,6 +155,10 @@ public class LoginPage extends LanguageComboboxAwarePage { return !driver.findElements(By.id("username")).isEmpty(); } + public boolean isEmailInputPresent() { + return !driver.findElements(By.id("email")).isEmpty(); + } + public boolean isRegisterLinkPresent() { return !driver.findElements(By.linkText("Register")).isEmpty(); } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/organization/authentication/OrganizationAuthenticationTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/organization/authentication/OrganizationAuthenticationTest.java index 4b1e95cf1cf..42f1c06df00 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/organization/authentication/OrganizationAuthenticationTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/organization/authentication/OrganizationAuthenticationTest.java @@ -311,10 +311,55 @@ public class OrganizationAuthenticationTest extends AbstractOrganizationTest { for (int i = 0; i < 3; i++) { loginPage.login("wrong-password"); loginPage.assertAttemptedUsernameAvailability(true); + Assert.assertFalse(loginPage.isEmailInputPresent()); Assert.assertTrue(loginPage.isPasswordInputPresent()); } } + @Test + public void testHideUsernameKeptAfterPasswordFailuresBruteForceEnabled() { + testRealm().organizations().get(createOrganization().getId()); + + RealmRepresentation realm = testRealm().toRepresentation(); + realm.setBruteForceProtected(true); + realm.setBruteForceStrategy(RealmRepresentation.BruteForceStrategy.MULTIPLE); + realm.setFailureFactor(1); + realm.setMaxDeltaTimeSeconds(30); + realm.setMaxFailureWaitSeconds(30); + realm.setWaitIncrementSeconds(30); + testRealm().update(realm); + getCleanup().addCleanup(() -> { + RealmRepresentation r = testRealm().toRepresentation(); + r.setBruteForceProtected(false); + testRealm().update(r); + }); + + String email = "existing-user@" + organizationName + ".org"; + createUser(realm.getRealm(), "existing-user", memberPassword, "John", "Doe", email); + openIdentityFirstLoginPage(email, false, null, false, false); + loginPage.assertAttemptedUsernameAvailability(true); + Assert.assertTrue(loginPage.isPasswordInputPresent()); + + loginPage.login("wrong-password"); + loginPage.assertAttemptedUsernameAvailability(true); + Assert.assertTrue(loginPage.isPasswordInputPresent()); + loginPage.login("wrong-password"); + loginPage.assertAttemptedUsernameAvailability(true); + Assert.assertTrue(loginPage.isPasswordInputPresent()); + + openIdentityFirstLoginPage(email, false, null, false, false); + realm.setRegistrationEmailAsUsername(true); + testRealm().update(realm); + loginPage.login("wrong-password"); + loginPage.assertAttemptedUsernameAvailability(true); + Assert.assertFalse(loginPage.isEmailInputPresent()); + Assert.assertTrue(loginPage.isPasswordInputPresent()); + loginPage.login("wrong-password"); + loginPage.assertAttemptedUsernameAvailability(true); + Assert.assertFalse(loginPage.isEmailInputPresent()); + Assert.assertTrue(loginPage.isPasswordInputPresent()); + } + @Test public void testUsernameExposureWhenEnteringEmail() { OrganizationResource organization = testRealm().organizations().get(createOrganization().getId());