#86 Force valid response if the user/email is invalid (#87)

src/main/java/io/phasetwo/keycloak/magic/auth/MagicLinkAuthenticator.java

@@ -83,10 +83,14 @@ public void action(AuthenticationFlowContext context) {
  if (user == null
  || MagicLink.trimToNull(user.getEmail()) == null
  || !MagicLink.isValidEmail(user.getEmail())) {
- context.getEvent().event(EventType.LOGIN_ERROR).error(Errors.INVALID_EMAIL);
- Response challengeResponse =
- challenge(context, getDefaultChallengeMessage(context), FIELD_USERNAME);
- context.failureChallenge(AuthenticationFlowError.INVALID_USER, challengeResponse);
+ context.getEvent()
+ .detail(AbstractUsernameFormAuthenticator.ATTEMPTED_USERNAME, email)
+ .event(EventType.LOGIN_ERROR).error(Errors.INVALID_EMAIL);
+ context
+ .getAuthenticationSession()
+ .setAuthNote(AbstractUsernameFormAuthenticator.ATTEMPTED_USERNAME, email);
+ log.debugf("user attempted to login with username/email: %s", email);
+ context.forceChallenge(context.form().createForm("view-email.ftl"));
  return;
  }
 

src/main/java/io/phasetwo/keycloak/magic/auth/MagicLinkContinuationAuthenticator.java

@@ -127,10 +127,14 @@ public void action(AuthenticationFlowContext context) {
  if (user == null
  || MagicLink.trimToNull(user.getEmail()) == null
  || !MagicLink.isValidEmail(user.getEmail())) {
- context.getEvent().event(EventType.LOGIN_ERROR).error(Errors.INVALID_EMAIL);
- Response challengeResponse =
- challenge(context, getDefaultChallengeMessage(context), FIELD_USERNAME);
- context.failureChallenge(AuthenticationFlowError.INVALID_USER, challengeResponse);
+ context.getEvent()
+ .detail(AbstractUsernameFormAuthenticator.ATTEMPTED_USERNAME, email)
+ .event(EventType.LOGIN_ERROR).error(Errors.INVALID_EMAIL);
+ context
+ .getAuthenticationSession()
+ .setAuthNote(AbstractUsernameFormAuthenticator.ATTEMPTED_USERNAME, email);
+ log.debugf("user attempted to login with username/email: %s", email);
+ context.forceChallenge(context.form().createForm("view-email.ftl"));
  return;
  }