e.g. If you try to login with username "xyz" and that this user is not found in the DB, the ResultSet of the query trying to fetch the password hash for this user will be empty (i.e. 0 rows returned) and Keycloak would show an error similar to this (with a long stack trace in the server log):
We are sorry...
Unexpected error when handling authentication request to identity provider.
This PR fixes this problem in readString (used to get the password), and the same weakness found in readInt and readBoolean.
Also, BCrypt.checkpw requires a hash that contains some characters, and we don't have any if the user is not found, so validateCredentials will just return false in that scenario (i.e. the user is not found, so the credentials are not valid).
… of just refusing access.
e.g. If you try to login with username "xyz" and that this user is not found in the DB, the ResultSet of the query trying to fetch the password hash for this user will be empty (i.e. 0 rows returned) and Keycloak would show an error similar to this (with a long stack trace in the server log):
This PR fixes this problem in readString (used to get the password), and the same weakness found in readInt and readBoolean.
Also, BCrypt.checkpw requires a hash that contains some characters, and we don't have any if the user is not found, so validateCredentials will just return false in that scenario (i.e. the user is not found, so the credentials are not valid).