Jörn Nettingsmeier wrote:
hi *!
i played around a bit, trying to add a password change option to the
user profile editor in the admin tab (see attached svn diff).
after rebuilding and restarting, i used it to change the password of a
test user. now when i try to log in as this test user and type the
correct password, i get thrown back to the login screen immediately
without any error.
This usually means that you were successfully authenticated, but don't
have the permission to view the page. There's no message for security
reasons.
-- Andreas
when i type a wrong password, i get a proper
"authentication failed" message.
any ideas what might go wrong here?
best,
jörn
------------------------------------------------------------------------
Index: java/org/apache/lenya/cms/ac/usecases/UserProfile.java
===================================================================
--- java/org/apache/lenya/cms/ac/usecases/UserProfile.java (revision
407740)
+++ java/org/apache/lenya/cms/ac/usecases/UserProfile.java (working copy)
@@ -29,7 +29,9 @@
protected static final String DESCRIPTION = "description";
protected static final String MENU_LOCALE = "defaultMenuLocale";
protected static final String DOCUMENT_LOCALE = "defaultDocumentLocale";
-
+ protected static final String NEW_PASSWORD = "newPassword";
+ protected static final String CONFIRM_NEW_PASSWORD = "confirmNewPassword";
+
/**
* Ctor.
*/
@@ -46,6 +48,12 @@
if (email.length() == 0) {
addErrorMessage("Please enter an e-mail address.");
}
+
+ String password = getParameterAsString(UserProfile.NEW_PASSWORD);
+ String password2 =
getParameterAsString(UserProfile.CONFIRM_NEW_PASSWORD);
+ if (!password.equals(password2)) {
+ addErrorMessage("The passwords do not match.");
+ }
}
/**
@@ -59,12 +67,18 @@
String email = getParameterAsString(UserProfile.EMAIL);
String defaultMenuLocale =
getParameterAsString(UserProfile.MENU_LOCALE);
String defaultDocumentLocale =
getParameterAsString(UserProfile.DOCUMENT_LOCALE);
-
+ String password = getParameterAsString(UserProfile.NEW_PASSWORD);
+
getUser().setEmail(email);
getUser().setName(fullName);
getUser().setDescription(description);
getUser().setDefaultMenuLocale(defaultMenuLocale);
getUser().setDefaultDocumentLocale(defaultDocumentLocale);
+ /* fixme: this should use the same sanity checks as in
UserPassword.java */
+ /* set password only if the password field is not empty, otherwise
skip: */
+ if (password.length() > 0) {
+ getUser().setPassword(password);
+ }
getUser().save();
}
Index: webapp/lenya/usecases/admin/userProfile.jx
===================================================================
--- webapp/lenya/usecases/admin/userProfile.jx (revision 407740)
+++ webapp/lenya/usecases/admin/userProfile.jx (working copy)
@@ -64,8 +64,17 @@
<td class="lenya-entry-caption"><label for="defaultDocumentLocale"><i18n:text>Default
Document Locale</i18n:text> *</label></td>
<td><input type="text" name="defaultDocumentLocale" class="lenya-form-element"
value="${usecase.getParameter('defaultDocumentLocale')}"/></td>
</tr>
-
+
<tr>
+ <td class="lenya-entry-caption"><label for="newPassword"><i18n:text>New
Password</i18n:text></label></td>
+ <td><input type="password" name="newPassword" class="lenya-form-element"
value=""/></td>
+ </tr>
+ <tr>
+ <td class="lenya-entry-caption"><label for="confirmNewPassword"><i18n:text>Confirm New
Password</i18n:text></label></td>
+ <td><input type="password" name="confirmNewPassword" class="lenya-form-element"
value=""/></td>
+ </tr>
+
+ <tr>
<td/>
<td>
<input i18n:attr="value" type="submit" name="submit" value="Save"/>
------------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
Andreas Hartmann
Wyona Inc. - Open Source Content Management - Apache Lenya
http://www.wyona.com http://lenya.apache.org
[EMAIL PROTECTED] [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
