GitHub-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Merge branch '6.0.x' into 6.1.x 

Closes gh-14117
pull/14134/head
Josh Cummings 2 years ago
parent
42225371d7 4990373cf9
commit
bcef8f98aa
No known key found for this signature in database
GPG Key ID: A306A51F43B8E5A5
2 changed files with 25 additions and 4 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 15
      web/src/main/java/org/springframework/security/web/authentication/ui/DefaultLoginPageGeneratingFilter.java
  2. 14
      web/src/test/java/org/springframework/security/web/authentication/DefaultLoginPageGeneratingFilterTests.java

15
web/src/main/java/org/springframework/security/web/authentication/ui/DefaultLoginPageGeneratingFilter.java
Unescape View File

@ -35,6 +35,7 @@ import org.springframework.security.web.WebAttributes; @@ -35,6 +35,7 @@ import org.springframework.security.web.WebAttributes;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;
import org.springframework.web.filter.GenericFilterBean;
import org.springframework.web.util.HtmlUtils;
@ -266,11 +267,17 @@ public class DefaultLoginPageGeneratingFilter extends GenericFilterBean { @@ -266,11 +267,17 @@ public class DefaultLoginPageGeneratingFilter extends GenericFilterBean {
private String getLoginErrorMessage(HttpServletRequest request) {
HttpSession session = request.getSession(false);
if (session != null && session
.getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION) instanceof AuthenticationException exception) {
return exception.getMessage();
if (session == null) {
return "Invalid credentials";
}
return "Invalid credentials";
if (!(session
.getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION) instanceof AuthenticationException exception)) {
return "Invalid credentials";
}
if (!StringUtils.hasText(exception.getMessage())) {
return "Invalid credentials";
}
return exception.getMessage();
}
private String renderHiddenInputs(HttpServletRequest request) {

14
web/src/test/java/org/springframework/security/web/authentication/DefaultLoginPageGeneratingFilterTests.java
Unescape View File

@ -171,4 +171,18 @@ public class DefaultLoginPageGeneratingFilterTests { @@ -171,4 +171,18 @@ public class DefaultLoginPageGeneratingFilterTests {
.contains("<a href=\"/saml/sso/google\">Google &lt; &gt; &quot; &#39; &amp;</a>");
}
// gh-13768
@Test
public void generatesWhenExceptionWithEmptyMessageThenInvalidCredentials() throws Exception {
DefaultLoginPageGeneratingFilter filter = new DefaultLoginPageGeneratingFilter(
new UsernamePasswordAuthenticationFilter());
filter.setLoginPageUrl(DefaultLoginPageGeneratingFilter.DEFAULT_LOGIN_PAGE_URL);
MockHttpServletRequest request = new MockHttpServletRequest("GET", "/login");
request.setQueryString("error");
request.getSession().setAttribute(WebAttributes.AUTHENTICATION_EXCEPTION, new BadCredentialsException(null));
MockHttpServletResponse response = new MockHttpServletResponse();
filter.doFilter(request, response, this.chain);
assertThat(response.getContentAsString()).contains("Invalid credentials");
}
}

Write Preview
Loading…
Cancel
Save