Permalink
Browse files

Merge pull request #116 from wolfgangmm/develop

Ignore null password for user account
  • Loading branch information...
2 parents 0e3cc8c + 80d3135 commit 96cade2cc67cc88c5825af7ac0c62ede9acf91db @shabanovd shabanovd committed Jan 12, 2014
Showing with 6 additions and 1 deletion.
  1. +6 −1 src/org/exist/security/AbstractRealm.java
@@ -430,7 +430,12 @@ public boolean updateAccount(final Account account) throws PermissionDeniedExcep
}
}
- updatingAccount.setPassword(account.getPassword());
+ final String passwd = account.getPassword();
+ if (passwd != null) {
+ // if password is empty, ignore it to keep the old one
+ // assumes that empty passwords should never be allowed
dizzzz
dizzzz Jan 12, 2014 Owner

empty password = zero length string?

shabanovd
shabanovd Jan 12, 2014 Member

null here mean password was not set

dizzzz
dizzzz Jan 12, 2014 Owner

right but "if password is empty" means for me string("") ; my fault :-)

shabanovd
shabanovd Jan 12, 2014 Member

there several types of "emptiness" ... -)

dizzzz
dizzzz Jan 12, 2014 Owner

hmmmm it is a different between 'non-existent' and 'empty' no?

shabanovd
shabanovd Jan 12, 2014 Member

now you have to smile -)

+ updatingAccount.setPassword(account.getPassword());
+ }
updatingAccount.setUserMask(account.getUserMask());
//update the metadata

1 comment on commit 96cade2

@adamretter
Owner

I think, that simply

  1. null means do not change
  2. empty string means an empty password
  3. any other string means a non-empty password

Surely it does not need to be any more complicated?

Please sign in to comment.