Merge pull request #7216 from thisaltennakoon/pishingFix-1.6.x

[APIM Public] Validate the auth fail massege with the resourceBundle
wso2 · Jan 2, 2025 · 39e9706 · 39e9706
2 parents 0f7c494 + 9abdf6a
commit 39e9706
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 3 deletions.
diff --git a/...es/org/wso2/carbon/identity/application/authentication/endpoint/i18n/Resources.properties b/...es/org/wso2/carbon/identity/application/authentication/endpoint/i18n/Resources.properties
@@ -311,3 +311,4 @@ error.user.not.found.smsotp=User not found in the directory. Cannot proceed furt
 authenticate.button=Authenticate
 please.enter.code=Please enter the code!
 enter.phone.number=Enter Your Mobile Phone Number
+federated.login=Federated Login
diff --git a/.../wso2/carbon/identity/application/authentication/endpoint/i18n/Resources_fr_FR.properties b/.../wso2/carbon/identity/application/authentication/endpoint/i18n/Resources_fr_FR.properties
@@ -271,3 +271,4 @@ error.user.not.found.smsotp=Utilisateur introuvable dans l'annuaire. Impossible
 authenticate.button=S'uthentifier
 please.enter.code=Veuillez entrer le code !
 enter.phone.number=Entrez votre numÃ©ro de tÃ©lÃ©phone portable
+federated.login=Connexion fédérée
diff --git a/apps/authentication-portal/src/main/webapp/domain.jsp b/apps/authentication-portal/src/main/webapp/domain.jsp
@@ -27,14 +27,22 @@
 
 <%
     String domainUnknown = AuthenticationEndpointUtil.i18n(resourceBundle, "domain.unknown");
-    String errorMessage = AuthenticationEndpointUtil.i18n(resourceBundle, "authentication.failed");
+    String errorMessage = AuthenticationEndpointUtil.i18n(resourceBundle, "authentication.failed.please.retry");
     boolean loginFailed = false;
     if (Boolean.parseBoolean(request.getParameter("authFailure"))) {
         loginFailed = true;
         if (request.getParameter("authFailureMsg") != null) {
-            errorMessage = request.getParameter("authFailureMsg");
+            String error = Encode.forJava(request.getParameter("authFailureMsg"));
+            /*
+            * Only allowing error messages defined in the resourceBundle.
+            * AuthenticationEndpointUtil.i18n() will return the value of the provided key if the key is found
+            * in the resourceBundle. If the key is not found, it will return the key itself.
+            */
+            if (!error.equalsIgnoreCase(AuthenticationEndpointUtil.i18n(resourceBundle, error))) {
+                errorMessage = AuthenticationEndpointUtil.i18n(resourceBundle, error);
+            }
 
-            if (domainUnknown.equalsIgnoreCase(errorMessage)) {
+            if (domainUnknown.equalsIgnoreCase(error)) {
                 errorMessage = AuthenticationEndpointUtil.i18n(resourceBundle, "domain.cannot.be.identified");
             }
         }