opensingular / singular-keycloak-database-federation

Keycloak User Storage SPI for Relational Databases (Keycloak User Federation, supports postgresql, mysql, oracle and mysql)
Apache License 2.0
120 stars 57 forks source link

Inexistent username trying to login caused a server exception instead… #9

Closed dla-c-box closed 2 years ago

dla-c-box commented 2 years ago

… of just refusing access.

e.g. If you try to login with username "xyz" and that this user is not found in the DB, the ResultSet of the query trying to fetch the password hash for this user will be empty (i.e. 0 rows returned) and Keycloak would show an error similar to this (with a long stack trace in the server log):

We are sorry...
Unexpected error when handling authentication request to identity provider.

This PR fixes this problem in readString (used to get the password), and the same weakness found in readInt and readBoolean.

Also, BCrypt.checkpw requires a hash that contains some characters, and we don't have any if the user is not found, so validateCredentials will just return false in that scenario (i.e. the user is not found, so the credentials are not valid).