Skip to content
Browse files

[bugfix] Do not change user password if none was provided. Assumes th…

…at resetting a password to empty is never allowed once is has been set.
  • Loading branch information...
1 parent eb66f85 commit 80d313594cc65deb9f1117dbccd5cfaa317f11b8 @wolfgangmm wolfgangmm committed Jan 11, 2014
Showing with 6 additions and 1 deletion.
  1. +6 −1 src/org/exist/security/AbstractRealm.java
View
7 src/org/exist/security/AbstractRealm.java
@@ -430,7 +430,12 @@ public boolean updateAccount(final Account account) throws PermissionDeniedExcep
}
}
- updatingAccount.setPassword(account.getPassword());
+ final String passwd = account.getPassword();
+ if (passwd != null) {
+ // if password is empty, ignore it to keep the old one
+ // assumes that empty passwords should never be allowed
+ updatingAccount.setPassword(account.getPassword());
+ }
updatingAccount.setUserMask(account.getUserMask());
//update the metadata

0 comments on commit 80d3135

Please sign in to comment.
Something went wrong with that request. Please try again.