Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-18111

Next attempt in InnerTreeEvaluatorNode will get previous transient state

    XMLWordPrintable

    Details

    • Bug
    • Status: Open
    • Major
    • Resolution: Unresolved
    • 7.0.0, 7.1.0, 7.0.1, 7.0.2
    • None
    • trees
    • Rank:
      1|i059cm:

      Description

      Bug description

      When using Inner Tree Evaluator node and getting transient state information, the priority will be retrieving secure state. Hence, result in getting previous state information retrieved to continue the flow. 

      How to reproduce the issue

      1. Create 2 authentication trees called mainTree and subTree as shown in img1 & img2
      2. In mainTree, select subtree as Inner Tree Evaluator.
      3. Trigger the mainTree for authentication :
      http://am.example.com:8080/openam/XUI/?service=mainTree#login/
      
      1. Enter wrong credential for 1st attempt (e.g demo with password as "test")
      2. Enter correct credential for 2nd attempt (e.g demo with password as "Ch4ng31t")
      Expected behaviour
      User is redirect to user profile page
      Current behaviour
      Inner Tree Evaluator node outcome is False
      

       

      Code analysis

      As first attempt, password is stored as secure state. The next attempt will first return secure state if found.

      org/forgerock/openam/auth/nodes/framework/InnerTreeEvaluatorNode.java
      private JsonValue populateInnerTransientState(TreeContext context) throws NodeProcessException {
          JsonValue transientState = json(object());
          List<InputState> innerInputs = tree.visitNodes(new InputCollector());
          innerInputs.stream()
                  .filter(input -> context.getTransientState(input.name) != null)
                  .forEach(input -> transientState.put(input.name, context.getTransientState(input.name).getObject()));
      
      
      org/forgerock/openam/auth/node/api/TreeContext.java
      public JsonValue getTransientState(String stateKey) {
          if (secureState.isDefined(stateKey)) {
              return secureState.get(stateKey);
          } else if (transientState.isDefined(stateKey)) {
              return transientState.get(stateKey);
          }
          return null;
      }
      

        Attachments

        1. img1.png
          img1.png
          354 kB
        2. img2.png
          img2.png
          310 kB

          Issue Links

            Activity

              People

              Unassigned Unassigned
              wanning.tan WanNing Tan
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Dates

                Created:
                Updated: