[
https://issues.apache.org/jira/browse/FTPSERVER-183?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
David Latorre updated FTPSERVER-183:
------------------------------------
Description:
I suppose that as a result of the change in the strategy to encrypt passwords
in DBUserManager, getUserByName() -called by the authenticate() method -
returns an User object with the password field unset.
When trying to use the "save" method , this line throws a NullPointerException
map.put(ATTR_PASSWORD,
escapeString(passwordEncryptor.encrypt(user.getPassword())));
My reason to use this method is that I call DBUserManager.save() to update the
user in the database with last-login information.
I'm providing a patch although maybe there's a more elegant solution. The
same modification is done in PropertiesUserManager for coherence.
Important Note: with my provided path , the user's password should not be
included in the WHERE query of "updateStatement" as there's a chance that for a
PasswordEncryptor, the result of passwordEncryptor.encrypt is not the same
as the stored password even if matches() returns true.
was:
I suppose that as a result of the change in the strategy to encrypt passwords
in DBUserManager, getUserByName() -called by the authenticate() method -
returns an User object with the password field unset.
When trying to use the "save" method , this line throws a NullPointerException
map.put(ATTR_PASSWORD,
escapeString(passwordEncryptor.encrypt(user.getPassword())));
I'm providing a patch although maybe there's a more elegant solution.
Summary: DBUserManager and PropertiesUserManager are not storing the
password in the User object after in "authenticate()" (was: DBUserManager is
not storing the password in the User object)
> DBUserManager and PropertiesUserManager are not storing the password in the
> User object after in "authenticate()"
> ------------------------------------------------------------------------------------------------------------------
>
> Key: FTPSERVER-183
> URL: https://issues.apache.org/jira/browse/FTPSERVER-183
> Project: FtpServer
> Issue Type: Bug
> Components: Core
> Affects Versions: 1.0-M4
> Reporter: David Latorre
> Priority: Minor
> Attachments: UserManagers.patch
>
>
> I suppose that as a result of the change in the strategy to encrypt passwords
> in DBUserManager, getUserByName() -called by the authenticate() method -
> returns an User object with the password field unset.
> When trying to use the "save" method , this line throws a
> NullPointerException
> map.put(ATTR_PASSWORD,
> escapeString(passwordEncryptor.encrypt(user.getPassword())));
> My reason to use this method is that I call DBUserManager.save() to update
> the user in the database with last-login information.
> I'm providing a patch although maybe there's a more elegant solution. The
> same modification is done in PropertiesUserManager for coherence.
> Important Note: with my provided path , the user's password should not be
> included in the WHERE query of "updateStatement" as there's a chance that for
> a PasswordEncryptor, the result of passwordEncryptor.encrypt is not the
> same as the stored password even if matches() returns true.
>
>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
