KEYCLOAK-3096 Remove leading/trailing spaces from login

martin-kanis · martin-kanis · commit c67d834d39ab · 2016-07-09T18:35:51.000+02:00
diff --git a/services/src/main/java/org/keycloak/authentication/authenticators/browser/AbstractUsernameFormAuthenticator.java b/services/src/main/java/org/keycloak/authentication/authenticators/browser/AbstractUsernameFormAuthenticator.java
@@ -119,6 +119,10 @@ public boolean validateUserAndPassword(AuthenticationFlowContext context, Multiv
             context.failureChallenge(AuthenticationFlowError.INVALID_USER, challengeResponse);
             return false;
         }
+
+        // remove leading and trailing whitespace
+        username = username.trim();
+
         context.getEvent().detail(Details.USERNAME, username);
         context.getClientSession().setNote(AbstractUsernameFormAuthenticator.ATTEMPTED_USERNAME, username);
 
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/LoginTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/LoginTest.java
@@ -305,6 +305,28 @@ public void loginSuccess() {
         events.expectLogin().user(userId).detail(Details.USERNAME, "login-test").assertEvent();
     }
 
+    @Test
+    public void loginWithWhitespaceSuccess() {
+        loginPage.open();
+        loginPage.login(" login-test \t ", "password");
+
+        Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
+        Assert.assertNotNull(oauth.getCurrentQuery().get(OAuth2Constants.CODE));
+
+        events.expectLogin().user(userId).detail(Details.USERNAME, "login-test").assertEvent();
+    }
+
+    @Test
+    public void loginWithEmailWhitespaceSuccess() {
+        loginPage.open();
+        loginPage.login("    login@test.com    ", "password");
+
+        Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
+        Assert.assertNotNull(oauth.getCurrentQuery().get(OAuth2Constants.CODE));
+
+        events.expectLogin().user(userId).assertEvent();
+    }
+
     @Test
     public void loginPromptNone() {
         driver.navigate().to(oauth.getLoginFormUrl().toString() + "&prompt=none");
