Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Merge pull request #116 from wolfgangmm/develop

Ignore null password for user account
  • Loading branch information...
commit 96cade2cc67cc88c5825af7ac0c62ede9acf91db 2 parents 0e3cc8c + 80d3135
Dmitriy Shabanov shabanovd authored
Showing with 6 additions and 1 deletion.
  1. +6 −1 src/org/exist/security/AbstractRealm.java
7 src/org/exist/security/AbstractRealm.java
View
@@ -430,7 +430,12 @@ public boolean updateAccount(final Account account) throws PermissionDeniedExcep
}
}
- updatingAccount.setPassword(account.getPassword());
+ final String passwd = account.getPassword();
+ if (passwd != null) {
+ // if password is empty, ignore it to keep the old one
+ // assumes that empty passwords should never be allowed
Dannes Wessels Owner
dizzzz added a note

empty password = zero length string?

Dmitriy Shabanov Collaborator

null here mean password was not set

Dannes Wessels Owner
dizzzz added a note

right but "if password is empty" means for me string("") ; my fault :-)

Dmitriy Shabanov Collaborator

there several types of "emptiness" ... -)

Dannes Wessels Owner
dizzzz added a note

hmmmm it is a different between 'non-existent' and 'empty' no?

Dmitriy Shabanov Collaborator

now you have to smile -)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
+ updatingAccount.setPassword(account.getPassword());
+ }
updatingAccount.setUserMask(account.getUserMask());
//update the metadata

1 comment on commit 96cade2

Dannes Wessels

empty password = zero length string?

Dmitriy Shabanov

null here mean password was not set

Dannes Wessels

right but "if password is empty" means for me string("") ; my fault :-)

Dmitriy Shabanov

there several types of "emptiness" ... -)

Dannes Wessels

hmmmm it is a different between 'non-existent' and 'empty' no?

Dmitriy Shabanov

now you have to smile -)

Adam Retter
Owner

I think, that simply

1) null means do not change
2) empty string means an empty password
3) any other string means a non-empty password

Surely it does not need to be any more complicated?

Please sign in to comment.
Something went wrong with that request. Please try again.