Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Merge pull request #116 from wolfgangmm/develop
Ignore null password for user account
  • Loading branch information
shabanovd committed Jan 12, 2014
2 parents 0e3cc8c + 80d3135 commit 96cade2
Showing 1 changed file with 6 additions and 1 deletion.
7 changes: 6 additions & 1 deletion src/org/exist/security/AbstractRealm.java
Expand Up @@ -430,7 +430,12 @@ public boolean updateAccount(final Account account) throws PermissionDeniedExcep
} }
} }


updatingAccount.setPassword(account.getPassword()); final String passwd = account.getPassword();
if (passwd != null) {
// if password is empty, ignore it to keep the old one
// assumes that empty passwords should never be allowed

This comment has been minimized.

Copy link
@dizzzz

dizzzz Jan 12, 2014

Member

empty password = zero length string?

This comment has been minimized.

Copy link
@shabanovd

shabanovd Jan 12, 2014

Author Member

null here mean password was not set

This comment has been minimized.

Copy link
@dizzzz

dizzzz Jan 12, 2014

Member

right but "if password is empty" means for me string("") ; my fault :-)

This comment has been minimized.

Copy link
@shabanovd

shabanovd Jan 12, 2014

Author Member

there several types of "emptiness" ... -)

This comment has been minimized.

Copy link
@dizzzz

dizzzz Jan 12, 2014

Member

hmmmm it is a different between 'non-existent' and 'empty' no?

This comment has been minimized.

Copy link
@shabanovd

shabanovd Jan 12, 2014

Author Member

now you have to smile -)

updatingAccount.setPassword(account.getPassword());
}
updatingAccount.setUserMask(account.getUserMask()); updatingAccount.setUserMask(account.getUserMask());


//update the metadata //update the metadata
Expand Down

1 comment on commit 96cade2

@adamretter
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think, that simply

  1. null means do not change
  2. empty string means an empty password
  3. any other string means a non-empty password

Surely it does not need to be any more complicated?

Please sign in to comment.