Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Remove the attempt in brute force when the off-thread finishes #31951

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
pedroigor merged 1 commit into from
Aug 6, 2024
Merged

Remove the attempt in brute force when the off-thread finishes #31951

pedroigor merged 1 commit into from
Aug 6, 2024

Conversation

@rmartinc
Copy link
Contributor

@rmartinc rmartinc commented Aug 6, 2024

Closes #31881

The PR removes the user attempt ensuring the off-thread for brute-force has also been executed. Previously it was removed when the request finished and, as the brute force is working off-thread, there can be a race again in that last part (less probably but it can happen). With this change I could execute the test 30 times in the CI and 50 times locally without issues.

@rmartinc rmartinc requested a review from a team as a code owner August 6, 2024 17:19
@pedroigor pedroigor enabled auto-merge (rebase) August 6, 2024 18:13
rmartinc
rmartinc commented Aug 6, 2024
View reviewed changes
services/src/main/java/org/keycloak/services/managers/DefaultBlockingBruteForceProtector.java
@Override
protected void commitImpl() {
// remove or wait the main thread to finish
loginAttempts.computeIfPresent(userId, (k, v) -> v.isEmpty()? null : v.substring(0, v.length() - OFF_THREAD_STARTED.length()));
Copy link
Contributor Author

@rmartinc rmartinc Aug 6, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If you prefer:

v.endsWith(OFF_THREAD_STARTED)? v.substring(0, v.length() - OFF_THREAD_STARTED.length()) : null

Just let me know. It should be the same but maybe it's more clear.

Copy link
Contributor

@pedroigor pedroigor Aug 6, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It might happen to not have the suffix appended to the value? If not, works for me.

Copy link
Contributor Author

@rmartinc rmartinc Aug 6, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No, or it has the suffix appended (off-thread is finishing first) or it is empty (main thread finished first). I think it's the same.

@pedroigor pedroigor merged commit 8a09905 into keycloak:main Aug 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pedroigor pedroigor pedroigor approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Flaky test: org.keycloak.testsuite.forms.BruteForceTest#testRaceAttackPermanentLockout

2 participants

@rmartinc @pedroigor