svn commit: r1497409 - in /manifoldcf/trunk: connectors/googledrive/connector/src/main/java/org/apache/manifoldcf/crawler/connectors/googledrive/ framework/core/src/main/java/org/apache/manifoldcf/core/connector/

Thu, 27 Jun 2013 09:00:00 -0700 

Author: kwright
Date: Thu Jun 27 15:59:02 2013
New Revision: 1497409

URL: http://svn.apache.org/r1497409
Log:
Establish canonical way of keeping passwords out of HTML, using the GoogleDrive 
connector as an example.  Part of CONNECTORS-737.

Modified:
    
manifoldcf/trunk/connectors/googledrive/connector/src/main/java/org/apache/manifoldcf/crawler/connectors/googledrive/GoogleDriveRepositoryConnector.java
    
manifoldcf/trunk/framework/core/src/main/java/org/apache/manifoldcf/core/connector/BaseConnector.java

Modified: 
manifoldcf/trunk/connectors/googledrive/connector/src/main/java/org/apache/manifoldcf/crawler/connectors/googledrive/GoogleDriveRepositoryConnector.java
URL: 
http://svn.apache.org/viewvc/manifoldcf/trunk/connectors/googledrive/connector/src/main/java/org/apache/manifoldcf/crawler/connectors/googledrive/GoogleDriveRepositoryConnector.java?rev=1497409&r1=1497408&r2=1497409&view=diff
==============================================================================
--- 
manifoldcf/trunk/connectors/googledrive/connector/src/main/java/org/apache/manifoldcf/crawler/connectors/googledrive/GoogleDriveRepositoryConnector.java
 (original)
+++ 
manifoldcf/trunk/connectors/googledrive/connector/src/main/java/org/apache/manifoldcf/crawler/connectors/googledrive/GoogleDriveRepositoryConnector.java
 Thu Jun 27 15:59:02 2013
@@ -420,8 +420,12 @@ public class GoogleDriveRepositoryConnec
       clientid = StringUtils.EMPTY;
     }
     
+    // Client password is secret, so don't put it unchanged into the form data.
     if (clientsecret == null) {
       clientsecret = StringUtils.EMPTY;
+    } else {
+      if (clientsecret.length() != 0)
+        clientsecret = EXISTING_VALUE_PASSWORD;
     }
 
     if (refreshtoken == null) {
@@ -532,7 +536,9 @@ public class GoogleDriveRepositoryConnec
 
     String clientsecret = 
variableContext.getParameter(GoogleDriveConfig.CLIENT_SECRET_PARAM);
     if (clientsecret != null) {
-      parameters.setObfuscatedParameter(GoogleDriveConfig.CLIENT_SECRET_PARAM, 
clientsecret);
+      // Only set the password if it has been changed
+      if (!clientsecret.equals(EXISTING_VALUE_PASSWORD))
+        
parameters.setObfuscatedParameter(GoogleDriveConfig.CLIENT_SECRET_PARAM, 
clientsecret);
     }
 
     String refreshtoken = 
variableContext.getParameter(GoogleDriveConfig.REFRESH_TOKEN_PARAM);

Modified: 
manifoldcf/trunk/framework/core/src/main/java/org/apache/manifoldcf/core/connector/BaseConnector.java
URL: 
http://svn.apache.org/viewvc/manifoldcf/trunk/framework/core/src/main/java/org/apache/manifoldcf/core/connector/BaseConnector.java?rev=1497409&r1=1497408&r2=1497409&view=diff
==============================================================================
--- 
manifoldcf/trunk/framework/core/src/main/java/org/apache/manifoldcf/core/connector/BaseConnector.java
 (original)
+++ 
manifoldcf/trunk/framework/core/src/main/java/org/apache/manifoldcf/core/connector/BaseConnector.java
 Thu Jun 27 15:59:02 2013
@@ -28,6 +28,12 @@ public abstract class BaseConnector impl
 {
   public static final String _rcsid = "@(#)$Id: BaseConnector.java 988245 
2010-08-23 18:39:35Z kwright $";
 
+  /** This is a special password value that is used as a placeholder, so the 
real
+  * password does not appear in HTML at any point in the crawler UI.  
Effectively,
+  * a password with this value means "existing value".
+  */
+  protected static final String EXISTING_VALUE_PASSWORD = 
"\u0512\u0512\u0512\u0512\u0512\u0512\u0512\u0512";
+
   // Config params
   protected ConfigParams params = null;

Reply via email to