Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Comparing changes

Choose two branches to see what's changed or to start a new pull request. If you need to, you can also compare across forks.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also compare across forks.
...
  • 2 commits
  • 1 file changed
  • 7 commit comments
  • 2 contributors
Commits on Jan 11, 2014
@wolfgangmm wolfgangmm [bugfix] Do not change user password if none was provided. Assumes th…
…at resetting a password to empty is never allowed once is has been set.
80d3135
Commits on Jan 12, 2014
@shabanovd shabanovd Merge pull request #116 from wolfgangmm/develop
Ignore null password for user account
96cade2
Showing with 6 additions and 1 deletion.
  1. +6 −1 src/org/exist/security/AbstractRealm.java
View
7 src/org/exist/security/AbstractRealm.java
@@ -430,7 +430,12 @@ public boolean updateAccount(final Account account) throws PermissionDeniedExcep
}
}
- updatingAccount.setPassword(account.getPassword());
+ final String passwd = account.getPassword();
+ if (passwd != null) {
+ // if password is empty, ignore it to keep the old one
+ // assumes that empty passwords should never be allowed
+ updatingAccount.setPassword(account.getPassword());
+ }
updatingAccount.setUserMask(account.getUserMask());
//update the metadata

Showing you all comments on commits in this comparison.

@dizzzz
Owner

empty password = zero length string?

@shabanovd
Collaborator

null here mean password was not set

@dizzzz
Owner

right but "if password is empty" means for me string("") ; my fault :-)

@shabanovd
Collaborator

there several types of "emptiness" ... -)

@dizzzz
Owner

hmmmm it is a different between 'non-existent' and 'empty' no?

@shabanovd
Collaborator

now you have to smile -)

@adamretter
Owner

I think, that simply

1) null means do not change
2) empty string means an empty password
3) any other string means a non-empty password

Surely it does not need to be any more complicated?

Something went wrong with that request. Please try again.