support invalid password for keycloak v2

nordicdyno · nordicdyno · commit 9e9d48d34cb5 · 2025-03-07T13:12:47.000+05:00
diff --git a/pkg/provider/keycloak/example/authError-invalidPassword-v2.html b/pkg/provider/keycloak/example/authError-invalidPassword-v2.html
@@ -0,0 +1,175 @@
+<!DOCTYPE html>
+<html class="login-pf" lang="en">
+
+<head>
+  <meta charset="utf-8">
+  <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+  <meta name="robots" content="noindex, nofollow">
+  <meta name="color-scheme" content="light dark">
+  <meta name="viewport" content="width=device-width, initial-scale=1">
+
+  <title>Sign in to internal</title>
+  <link rel="icon" href="/resources/kb6gy/login/keycloak.v2/img/favicon.ico" />
+  <link href="/resources/kb6gy/common/keycloak/vendor/patternfly-v5/patternfly.min.css" rel="stylesheet" />
+  <link href="/resources/kb6gy/common/keycloak/vendor/patternfly-v5/patternfly-addons.css" rel="stylesheet" />
+  <link href="/resources/kb6gy/login/keycloak.v2/css/styles.css" rel="stylesheet" />
+  <script type="importmap">
+    {
+        "imports": {
+            "rfc4648": "/resources/kb6gy/common/keycloak/vendor/rfc4648/rfc4648.js"
+        }
+    }
+  </script>
+  <script type="module" async blocking="render">
+    const DARK_MODE_CLASS = "pf-v5-theme-dark";
+    const mediaQuery = window.matchMedia("(prefers-color-scheme: dark)");
+
+    updateDarkMode(mediaQuery.matches);
+    mediaQuery.addEventListener("change", (event) => updateDarkMode(event.matches));
+
+    function updateDarkMode(isEnabled) {
+      const { classList } = document.documentElement;
+
+      if (isEnabled) {
+        classList.add(DARK_MODE_CLASS);
+      } else {
+        classList.remove(DARK_MODE_CLASS);
+      }
+    }
+  </script>
+  <script type="module" src="/resources/kb6gy/login/keycloak.v2/js/passwordVisibility.js"></script>
+  <script type="module">
+    import { startSessionPolling } from "/resources/kb6gy/login/keycloak.v2/js/authChecker.js";
+
+    startSessionPolling(
+      "/realms/internal/login-actions/restart?client_id=urn%3Aamazon%3Awebservices&tab_id=tabId&client_data=clientData&skip_logout=true"
+    );
+  </script>
+  <script type="module">
+    import { checkAuthSession } from "/resources/kb6gy/login/keycloak.v2/js/authChecker.js";
+
+    checkAuthSession(
+      "sessionId"
+    );
+  </script>
+  <script>
+    // Workaround for https://bugzilla.mozilla.org/show_bug.cgi?id=1404468
+    const isFirefox = true;
+  </script>
+  <SCRIPT> if (typeof history.replaceState === 'function') {  history.replaceState({}, "some title", "https://my.domain/realms/internal/login-actions/authenticate?execution=uuid&client_id=urn%3Aamazon%3Awebservices&tab_id=tabId&client_data=clientData"); }</SCRIPT></head>
+
+<body id="keycloak-bg" class="">
+<div class="pf-v5-c-login">
+  <div class="pf-v5-c-login__container">
+    <header id="kc-header" class="pf-v5-c-login__header">
+      <div id="kc-header-wrapper"
+           class="pf-v5-c-brand">internal</div>
+    </header>
+    <main class="pf-v5-c-login__main">
+      <div class="pf-v5-c-login__main-header">
+        <h1 class="pf-v5-c-title pf-m-3xl" id="kc-page-title"><!-- template: login.ftl -->
+
+          Sign in to your account
+
+        </h1>
+      </div>
+      <div class="pf-v5-c-login__main-body">
+
+
+        <!-- template: login.ftl -->
+
+        <div id="kc-form">
+          <div id="kc-form-wrapper">
+            <form id="kc-form-login" class="pf-v5-c-form" onsubmit="login.disabled = true; return true;" action="https://my.domain/realms/internal/login-actions/authenticate?session_code=sessionId&amp;execution=uuid&amp;client_id=urn%3Aamazon%3Awebservices&amp;tab_id=tabId&amp;client_data=clientData" method="post" novalidate="novalidate">
+
+              <div class="pf-v5-c-form__group">
+                <div class="pf-v5-c-form__label">
+                  <label for="username" class="pf-v5-c-form__label">
+        <span class="pf-v5-c-form__label-text">
+                                        Username or email
+
+        </span>
+                  </label>
+                </div>
+
+                <span class="pf-v5-c-form-control pf-m-error">
+        <input id="username" name="username" value="aorlovskiy" type="text" autocomplete="username" autofocus
+               aria-invalid="true"/>
+    <span class="pf-v5-c-form-control__utilities">
+        <span class="pf-v5-c-form-control__icon pf-m-status">
+          <i class="fas fa-exclamation-circle" aria-hidden="true"></i>
+        </span>
+    </span>
+    </span>
+
+                <div id="input-error-container-username">
+                  <div class="pf-v5-c-form__helper-text" aria-live="polite">
+                    <div class="pf-v5-c-helper-text">
+                      <div class="pf-v5-c-helper-text__item pf-m-error" id="input-error-username">
+                        <span class="pf-v5-c-helper-text__item-text pf-m-error kc-feedback-text">
+                            Invalid username or password.
+                        </span>
+                      </div>
+                    </div>
+                  </div>
+                </div>
+              </div>
+
+
+              <div class="pf-v5-c-form__group">
+                <div class="pf-v5-c-form__label">
+                  <label for="password" class="pf-v5-c-form__label">
+        <span class="pf-v5-c-form__label-text">
+            Password
+        </span>
+                  </label>
+                </div>
+
+                <div class="pf-v5-c-input-group">
+                  <div class="pf-v5-c-input-group__item pf-m-fill">
+        <span class="pf-v5-c-form-control ">
+          <input id="password" name="password" value="" type="password" autocomplete="current-password"
+                 aria-invalid=""/>
+        </span>
+                  </div>
+                  <div class="pf-v5-c-input-group__item">
+                    <button class="pf-v5-c-button pf-m-control" type="button" aria-label="Show password"
+                            aria-controls="password" data-password-toggle
+                            data-icon-show="fa-eye fas" data-icon-hide="fa-eye-slash fas"
+                            data-label-show="Show password" data-label-hide="Hide password">
+                      <i class="fa-eye fas" aria-hidden="true"></i>
+                    </button>
+                  </div>
+                </div>
+
+                <div id="input-error-container-password">
+                </div>
+              </div>
+
+
+              <div class="pf-v5-c-form__group">
+              </div>
+
+              <input type="hidden" id="id-hidden-input" name="credentialId" />
+              <div class="pf-v5-c-form__group">
+                <div class="pf-v5-c-form__actions">
+                  <button class="pf-v5-c-button pf-m-primary pf-m-block " name="login" id="kc-login" type="submit">Sign In</button>
+                </div>
+              </div>
+            </form>
+          </div>
+        </div>
+
+
+
+      </div>
+      <div class="pf-v5-c-login__main-footer">
+        <!-- template: login.ftl -->
+
+
+      </div>
+    </main>
+
+  </div>
+</div>
+</html>
diff --git a/pkg/provider/keycloak/keycloak.go b/pkg/provider/keycloak/keycloak.go
@@ -32,9 +32,11 @@ type Client struct {
 	authErrorValidator *authErrorValidator
 }
 
-const (
-	DefaultAuthErrorElement = "span#input-error"
-	DefaultAuthErrorMessage = "Invalid username or password."
+var (
+	defaultAuthErrorElementV1 = "span#input-error"
+	defaultAuthErrorElementV2 = "div#input-error-username"
+	DefaultAuthErrorElement   = fmt.Sprintf("%s, %s", defaultAuthErrorElementV1, defaultAuthErrorElementV2)
+	DefaultAuthErrorMessage   = "Invalid username or password."
 )
 
 type authErrorValidator struct {
diff --git a/pkg/provider/keycloak/keycloak_test.go b/pkg/provider/keycloak/keycloak_test.go
@@ -303,6 +303,7 @@ func TestClient_CustomizeAuthErrorValidator_CustomSetup(t *testing.T) {
 	require.Equal(t, authErrorValidator.httpMessageRE.String(), ErrMessage1+"|"+ErrMessage2)
 	require.Equal(t, authErrorValidator.httpElement, httpElement)
 }
+
 func TestClient_passwordValid_DefaultValidator(t *testing.T) {
 	// Test with the default auth error message and the default HTTP element
 	idpAccount := cfg.IDPAccount{
@@ -312,13 +313,25 @@ func TestClient_passwordValid_DefaultValidator(t *testing.T) {
 	authErrorValidator, err := CustomizeAuthErrorValidator(&idpAccount)
 	require.Nil(t, err)
 
-	data, err := os.ReadFile("example/authError-invalidPassword.html")
-	require.Nil(t, err)
+	tCases := []struct {
+		name string
+		file string
+	}{
+		{name: "v1", file: "example/authError-invalidPassword.html"},
+		{name: "v2", file: "example/authError-invalidPassword-v2.html"},
+	}
 
-	doc, err := goquery.NewDocumentFromReader(bytes.NewReader(data))
-	require.Nil(t, err)
+	for _, tc := range tCases {
+		t.Run(tc.name, func(t *testing.T) {
+			data, err := os.ReadFile(tc.file)
+			require.Nil(t, err)
 
-	require.Equal(t, passwordValid(doc, authErrorValidator), false)
+			doc, err := goquery.NewDocumentFromReader(bytes.NewReader(data))
+			require.Nil(t, err)
+
+			require.Equal(t, passwordValid(doc, authErrorValidator), false)
+		})
+	}
 }
 
 func TestClient_passwordValid_CustomValidator(t *testing.T) {

Original file line number	Diff line number	Diff line change
`@@ -32,9 +32,11 @@ type Client struct {`
`32`	`32`	`authErrorValidator *authErrorValidator`
`33`	`33`	`}`
`34`	`34`
`35`		`-const (`
`36`		`- DefaultAuthErrorElement = "span#input-error"`
`37`		`- DefaultAuthErrorMessage = "Invalid username or password."`
	`35`	`+var (`
	`36`	`+ defaultAuthErrorElementV1 = "span#input-error"`
	`37`	`+ defaultAuthErrorElementV2 = "div#input-error-username"`
	`38`	`+ DefaultAuthErrorElement = fmt.Sprintf("%s, %s", defaultAuthErrorElementV1, defaultAuthErrorElementV2)`
	`39`	`+ DefaultAuthErrorMessage = "Invalid username or password."`
`38`	`40`	`)`
`39`	`41`
`40`	`42`	`type authErrorValidator struct {`