[Mashup-dev] svn commit r18829 - in trunk/mashup/java/modules:
core/src/org/wso2/mashup
core/src/org/wso2/mashup/webapp/userprofile www
channa at wso2.com
channa at wso2.com
Thu Jul 3 05:14:35 PDT 2008
Author: channa
Date: Thu Jul 3 05:14:34 2008
New Revision: 18829
URL: http://wso2.org/svn/browse/wso2?view=rev&revision=18829
Log:
Preventing admin's password change to 'admin' at validation level. MASHUP-880.
Modified:
trunk/mashup/java/modules/core/src/org/wso2/mashup/MashupConstants.java
trunk/mashup/java/modules/core/src/org/wso2/mashup/webapp/userprofile/AddUserBean.java
trunk/mashup/java/modules/www/user.jsp
Modified: trunk/mashup/java/modules/core/src/org/wso2/mashup/MashupConstants.java
URL: http://wso2.org/svn/browse/wso2/trunk/mashup/java/modules/core/src/org/wso2/mashup/MashupConstants.java?rev=18829&r1=18828&r2=18829&view=diff
==============================================================================
--- trunk/mashup/java/modules/core/src/org/wso2/mashup/MashupConstants.java (original)
+++ trunk/mashup/java/modules/core/src/org/wso2/mashup/MashupConstants.java Thu Jul 3 05:14:34 2008
@@ -162,6 +162,7 @@
public static final int MIN_PASSWORD_LENGTH = 5;
public static final String PASSWORD_SEPARATOR = "<separator/>";
+ public static final String RESTRICTED_PASSWORD = "admin";
public static final String MASHUP_PRIVATE_FOLDER_NAME = "_private";
public static final String UNDISPATCHED_OPERATION = "undispatched";
Modified: trunk/mashup/java/modules/core/src/org/wso2/mashup/webapp/userprofile/AddUserBean.java
URL: http://wso2.org/svn/browse/wso2/trunk/mashup/java/modules/core/src/org/wso2/mashup/webapp/userprofile/AddUserBean.java?rev=18829&r1=18828&r2=18829&view=diff
==============================================================================
--- trunk/mashup/java/modules/core/src/org/wso2/mashup/webapp/userprofile/AddUserBean.java (original)
+++ trunk/mashup/java/modules/core/src/org/wso2/mashup/webapp/userprofile/AddUserBean.java Thu Jul 3 05:14:34 2008
@@ -262,6 +262,11 @@
} else if (password.indexOf(MashupConstants.PASSWORD_SEPARATOR) > -1) {
errors.put("password", "New password uses restricted string!");
valid = false;
+ // User manager does not allow a user called admin to change password to 'admin'.
+ } else if (editMode && userName.equals(MashupConstants.RESTRICTED_PASSWORD)
+ && password.equals(MashupConstants.RESTRICTED_PASSWORD)) {
+ errors.put("password", "Password not allowed!");
+ valid = false;
}
}
Modified: trunk/mashup/java/modules/www/user.jsp
URL: http://wso2.org/svn/browse/wso2/trunk/mashup/java/modules/www/user.jsp?rev=18829&r1=18828&r2=18829&view=diff
==============================================================================
--- trunk/mashup/java/modules/www/user.jsp (original)
+++ trunk/mashup/java/modules/www/user.jsp Thu Jul 3 05:14:34 2008
@@ -158,6 +158,9 @@
MashupConstants.MIN_PASSWORD_LENGTH %> characters!");
} else if (newPassword.indexOf("<%= MashupConstants.PASSWORD_SEPARATOR %>") > -1) {
$("passwordMessages_value").update("New password uses restricted string!");
+ } else if (user == "<%= MashupConstants.RESTRICTED_PASSWORD %>" && newPassword ==
+ "<%= MashupConstants.RESTRICTED_PASSWORD %>") {
+ $("passwordMessages_value").update("Password not allowed!");
} else {
var changeDetails = encodeURI(oldPassword) + "<%= MashupConstants.PASSWORD_SEPARATOR
%>" + encodeURI(newPassword);
More information about the Mashup-dev
mailing list