Ticket #916 : Returns an error message when there is no password

habarthierry-hue · habarthierry-hue · commit 2ab458b6571f · 2025-08-19T11:42:10.000+02:00
diff --git a/src/IdServer/SimpleIdServer.IdServer.Pwd/IdServerBuilderExtensions.cs b/src/IdServer/SimpleIdServer.IdServer.Pwd/IdServerBuilderExtensions.cs
@@ -43,6 +43,7 @@ public static IdServerBuilder AddPwdAuthentication(this IdServerBuilder idServer
         idServerBuilder.Services.AddTransient<IDataSeeder, UpdateTargetsPwdWorkflowsDataseeder>();
         idServerBuilder.Services.AddTransient<IDataSeeder, AddMissingResetTmpPwdAuthDataseeder>();
         idServerBuilder.Services.AddTransient<IDataSeeder, TransformNulltranslationToEmptyArrayDataseeder>();
+        idServerBuilder.Services.AddTransient<IDataSeeder, UpdatePwdFormTranslationDataseeder>();
         idServerBuilder.Services.AddTransient<IFakerDataService, PwdAuthFakerService>();
         idServerBuilder.Services.AddTransient<IPasswordValidationService, PasswordValidationService>();
         idServerBuilder.AutomaticConfigurationOptions.Add(typeof(IdServerPasswordOptions));
diff --git a/src/IdServer/SimpleIdServer.IdServer.Pwd/Migrations/UpdatePwdFormTranslationDataseeder.cs b/src/IdServer/SimpleIdServer.IdServer.Pwd/Migrations/UpdatePwdFormTranslationDataseeder.cs
@@ -0,0 +1,43 @@
+﻿// Copyright (c) SimpleIdServer. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.
+
+using DataSeeder;
+using FormBuilder.Stores;
+using SimpleIdServer.IdServer.Stores;
+
+namespace SimpleIdServer.IdServer.Pwd.Migrations;
+
+public class UpdatePwdFormTranslationDataseeder : BaseAfterDeploymentDataSeeder
+{
+    private readonly ITransactionBuilder _transactionBuilder;
+    private readonly IFormStore _formStore;
+
+    public UpdatePwdFormTranslationDataseeder(
+        ITransactionBuilder transactionBuilder,
+        IFormStore formStore,
+        IDataSeederExecutionHistoryRepository dataSeederExecutionHistoryRepository) : base(dataSeederExecutionHistoryRepository)
+    {
+        _transactionBuilder = transactionBuilder;
+        _formStore = formStore;
+    }
+
+
+    public override string Name => nameof(UpdatePwdFormTranslationDataseeder);
+
+    protected override async Task Execute(CancellationToken cancellationToken)
+    {
+        using (var transaction = _transactionBuilder.Build())
+        {
+
+            var existingForm = await _formStore.Get(Constants.DefaultRealm, StandardPwdAuthForms.PwdForm.Id, cancellationToken);
+            if (existingForm == null)
+            {
+                return;
+            }
+
+            existingForm.ErrorMessageTranslations = StandardPwdAuthForms.PwdForm.ErrorMessageTranslations;
+            await _formStore.SaveChanges(cancellationToken);
+            await transaction.Commit(cancellationToken);
+        }
+    }
+}
diff --git a/src/IdServer/SimpleIdServer.IdServer.Pwd/Services/PasswordAuthenticationService.cs b/src/IdServer/SimpleIdServer.IdServer.Pwd/Services/PasswordAuthenticationService.cs
@@ -5,7 +5,6 @@
 using SimpleIdServer.IdServer.Helpers;
 using SimpleIdServer.IdServer.Layout.AuthFormLayout;
 using SimpleIdServer.IdServer.Options;
-using SimpleIdServer.IdServer.Resources;
 using SimpleIdServer.IdServer.Stores;
 using SimpleIdServer.IdServer.UI.Services;
 using SimpleIdServer.IdServer.UI.ViewModels;
@@ -69,6 +68,11 @@ protected override Task<CredentialsValidationResult> Validate(string realm, User
         else
         {
             var credential = authenticatedUser.Credentials.FirstOrDefault(c => c.CredentialType == Constants.AreaPwd && c.IsActive);
+            if (credential == null)
+            {
+                return Task.FromResult(CredentialsValidationResult.Error(AuthFormErrorMessages.NoCredential, AuthFormErrorMessages.NoCredential));
+            }
+
             if (!PasswordHelper.VerifyHash(credential, viewModel.Password))
             {
                 return Task.FromResult(CredentialsValidationResult.InvalidCredentials(authenticatedUser));
diff --git a/src/IdServer/SimpleIdServer.IdServer.Pwd/StandardPwdAuthForms.cs b/src/IdServer/SimpleIdServer.IdServer.Pwd/StandardPwdAuthForms.cs
@@ -109,6 +109,7 @@ public class StandardPwdAuthForms
         .AddErrorMessage(AuthFormErrorMessages.UserDoesntExist, Global.UserDoesntExist)
         .AddErrorMessage(AuthFormErrorMessages.InvalidCredential, Global.InvalidCredential)
         .AddErrorMessage(AuthFormErrorMessages.UserBlocked, Global.UserAccountIsBlocked)
+        .AddErrorMessage(AuthFormErrorMessages.NoCredential, Global.NoActivePassword)
         .Build();
 
     public static FormRecord ResetForm = AuthLayoutBuilder.New("8d416c21-2278-4e11-9544-f5a36f979b6d", "resetPwd", "resetPwd", false)
diff --git a/src/IdServer/SimpleIdServer.IdServer/Helpers/PasswordHelper.cs b/src/IdServer/SimpleIdServer.IdServer/Helpers/PasswordHelper.cs
@@ -12,6 +12,11 @@ public static class PasswordHelper
 {
     public static bool VerifyHash(UserCredential credential, string pwd)
     {
+        if(credential == null)
+        {
+            return false;
+        }
+
         if(credential.HashAlg == PasswordHashAlgs.Default)
         {
             return VerifyDefaultHash(credential.Value, pwd);

Original file line number	Diff line number	Diff line change
`@@ -12,6 +12,11 @@ public static class PasswordHelper`
`12`	`12`	`{`
`13`	`13`	`public static bool VerifyHash(UserCredential credential, string pwd)`
`14`	`14`	`{`
	`15`	`+ if(credential == null)`
	`16`	`+ {`
	`17`	`+ return false;`
	`18`	`+ }`
	`19`	`+`
`15`	`20`	`if(credential.HashAlg == PasswordHashAlgs.Default)`
`16`	`21`	`{`
`17`	`22`	`return VerifyDefaultHash(credential.Value, pwd);`