Merge remote-tracking branch 'origin/6.1.x'
This commit is contained in:
commit
621ab3e7cb
|
@ -35,6 +35,7 @@ import org.springframework.security.web.WebAttributes;
|
|||
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
|
||||
import org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices;
|
||||
import org.springframework.util.Assert;
|
||||
import org.springframework.util.StringUtils;
|
||||
import org.springframework.web.filter.GenericFilterBean;
|
||||
import org.springframework.web.util.HtmlUtils;
|
||||
|
||||
|
@ -266,11 +267,17 @@ public class DefaultLoginPageGeneratingFilter extends GenericFilterBean {
|
|||
|
||||
private String getLoginErrorMessage(HttpServletRequest request) {
|
||||
HttpSession session = request.getSession(false);
|
||||
if (session != null && session
|
||||
.getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION) instanceof AuthenticationException exception) {
|
||||
return exception.getMessage();
|
||||
if (session == null) {
|
||||
return "Invalid credentials";
|
||||
}
|
||||
return "Invalid credentials";
|
||||
if (!(session
|
||||
.getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION) instanceof AuthenticationException exception)) {
|
||||
return "Invalid credentials";
|
||||
}
|
||||
if (!StringUtils.hasText(exception.getMessage())) {
|
||||
return "Invalid credentials";
|
||||
}
|
||||
return exception.getMessage();
|
||||
}
|
||||
|
||||
private String renderHiddenInputs(HttpServletRequest request) {
|
||||
|
|
|
@ -171,4 +171,18 @@ public class DefaultLoginPageGeneratingFilterTests {
|
|||
.contains("<a href=\"/saml/sso/google\">Google < > " ' &</a>");
|
||||
}
|
||||
|
||||
// gh-13768
|
||||
@Test
|
||||
public void generatesWhenExceptionWithEmptyMessageThenInvalidCredentials() throws Exception {
|
||||
DefaultLoginPageGeneratingFilter filter = new DefaultLoginPageGeneratingFilter(
|
||||
new UsernamePasswordAuthenticationFilter());
|
||||
filter.setLoginPageUrl(DefaultLoginPageGeneratingFilter.DEFAULT_LOGIN_PAGE_URL);
|
||||
MockHttpServletRequest request = new MockHttpServletRequest("GET", "/login");
|
||||
request.setQueryString("error");
|
||||
request.getSession().setAttribute(WebAttributes.AUTHENTICATION_EXCEPTION, new BadCredentialsException(null));
|
||||
MockHttpServletResponse response = new MockHttpServletResponse();
|
||||
filter.doFilter(request, response, this.chain);
|
||||
assertThat(response.getContentAsString()).contains("Invalid credentials");
|
||||
}
|
||||
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue