fix: avoid double-submission in password change and recovery code scr… #40263

jackie-linz · 2025-06-05T03:59:37Z

These 2 screens could potentially be the last screen before the user gets authenticated. So a double submission would result in a ModelDuplicateException when the 2 submissions gets processed at the same time, and an error for the end user.

ahus1 · 2025-06-05T06:20:09Z

@jackie-linz - can you please add a sign-off to your commit as outlined in the CONTRIBUTING.md file in the repository?

The "Test OLM" test is unfortunately flaky, see #40099 and we're working on it. I'll try to find some time later this week to see why the Forms IT test fails as it might be related to the changes in this PR.

…eens Signed-off-by: Jackie Weng <jweng@linz.govt.nz>

jackie-linz · 2025-06-05T22:11:14Z

@jackie-linz - can you please add a sign-off to your commit as outlined in the CONTRIBUTING.md file in the repository?

The "Test OLM" test is unfortunately flaky, see #40099 and we're working on it. I'll try to find some time later this week to see why the Forms IT test fails as it might be related to the changes in this PR.

commit updated. looks better now?

Forms IT test passed too - looks like that is flaky?

ahus1 · 2025-06-06T06:47:29Z

@jackie-linz - thank you, this now looks good.

Out of curiosity: It seems that you added name for some of the buttons. Can you please elaborate on that?

ahus1 · 2025-06-06T06:48:32Z

@ssilvert / @edewit - can yo please review the login form changes? Thanks!

ahus1 · 2025-06-06T06:49:43Z

@ssilvert / @edewit - oh, sorry for this, it seems that the GitHub UI confused me and my approval was sufficient to get it merged. Still, if you have comments about this, let me know.

jackie-linz · 2025-06-06T06:57:15Z

@jackie-linz - thank you, this now looks good.

Out of curiosity: It seems that you added name for some of the buttons. Can you please elaborate on that?

@ahus1 the name is needed so that the button can be easily referenced in the onsubmit event handler

the 2 login-recovery-authn-code-input.ftl pages didn't need it, as their submit button is already named login

jackie-linz requested review from a team as code owners June 5, 2025 03:59

keycloak-github-bot bot added team/ui labels Jun 5, 2025

ssilvert added team/core-clients and removed team/ui labels Jun 5, 2025

fix: avoid double-submission in password change and recovery code scr…

7b29009

…eens Signed-off-by: Jackie Weng <jweng@linz.govt.nz>

jackie-linz force-pushed the fix/double-submission branch from e91d996 to 7b29009 Compare June 5, 2025 21:22

ahus1 enabled auto-merge (squash) June 6, 2025 06:42

ahus1 approved these changes Jun 6, 2025

View reviewed changes

ahus1 merged commit f692add into keycloak:main Jun 6, 2025
75 checks passed

jackie-linz mentioned this pull request Jun 6, 2025

fix: avoid double-submission in password change and recovery code screens #40306

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

fix: avoid double-submission in password change and recovery code scr… #40263

fix: avoid double-submission in password change and recovery code scr… #40263

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

fix: avoid double-submission in password change and recovery code scr… #40263

fix: avoid double-submission in password change and recovery code scr… #40263

Uh oh!

Conversation

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!