Re: [xwiki-devs] [xwiki-notifications] r26408 - in platform/core/trunk/xwiki-core/src/main: java/com/xpn/xwiki/user/impl/LDAP java/com/xpn/xwiki/user/impl/xwiki resources

Tue, 26 Jan 2010 08:05:55 -0800 

On 01/26/2010 03:20 PM, vmassol (SVN) wrote:
> Author: vmassol
> Date: 2010-01-26 15:20:55 +0100 (Tue, 26 Jan 2010)
> New Revision: 26408
>
> Modified:
>     
> platform/core/trunk/xwiki-core/src/main/java/com/xpn/xwiki/user/impl/LDAP/XWikiLDAPAuthServiceImpl.java
>     
> platform/core/trunk/xwiki-core/src/main/java/com/xpn/xwiki/user/impl/xwiki/AbstractXWikiAuthService.java
>     
> platform/core/trunk/xwiki-core/src/main/java/com/xpn/xwiki/user/impl/xwiki/XWikiAuthServiceImpl.java
>     
> platform/core/trunk/xwiki-core/src/main/resources/ApplicationResources.properties
> Log:
> XWIKI-2261: Don't give password hints

Actually I would leave the nousername/nopassword messages, since this is 
a known fact that doesn't give any hints about the existence of the user.

> Modified: 
> platform/core/trunk/xwiki-core/src/main/java/com/xpn/xwiki/user/impl/LDAP/XWikiLDAPAuthServiceImpl.java
> ===================================================================
> --- 
> platform/core/trunk/xwiki-core/src/main/java/com/xpn/xwiki/user/impl/LDAP/XWikiLDAPAuthServiceImpl.java
>    2010-01-26 14:14:24 UTC (rev 26407)
> +++ 
> platform/core/trunk/xwiki-core/src/main/java/com/xpn/xwiki/user/impl/LDAP/XWikiLDAPAuthServiceImpl.java
>    2010-01-26 14:20:55 UTC (rev 26408)
> @@ -115,7 +115,7 @@
>
>           // Check for empty usernames
>           if (login.equals("")) {
> -            context.put("message", "nousername");
> +            context.put("message", "invalidcredentials");
>
>               if (LOG.isDebugEnabled()) {
>                   LOG.debug("LDAP authentication failed: login empty");
> @@ -126,7 +126,7 @@
>
>           // Check for empty passwords
>           if ((password == null) || (password.trim().equals(""))) {
> -            context.put("message", "nopassword");
> +            context.put("message", "invalidcredentials");
>
>               if (LOG.isDebugEnabled()) {
>                   LOG.debug("LDAP authentication failed: password null or 
> empty");
>
> Modified: 
> platform/core/trunk/xwiki-core/src/main/java/com/xpn/xwiki/user/impl/xwiki/XWikiAuthServiceImpl.java
> ===================================================================
> --- 
> platform/core/trunk/xwiki-core/src/main/java/com/xpn/xwiki/user/impl/xwiki/XWikiAuthServiceImpl.java
>       2010-01-26 14:14:24 UTC (rev 26407)
> +++ 
> platform/core/trunk/xwiki-core/src/main/java/com/xpn/xwiki/user/impl/xwiki/XWikiAuthServiceImpl.java
>       2010-01-26 14:20:55 UTC (rev 26408)
> @@ -423,13 +423,13 @@
>
>           // Check for empty usernames
>           if (cannonicalUsername.equals("")) {
> -            context.put("message", "nousername");
> +            context.put("message", "invalidcredentials");
>               return null;
>           }
>
>           // Check for empty passwords
>           if ((password == null) || (password.trim().equals(""))) {
> -            context.put("message", "nopassword");
> +            context.put("message", "invalidcredentials");
>               return null;
>           }
>

-- 
Sergiu Dumitriu
http://purl.org/net/sergiu/
_______________________________________________
devs mailing list
[email protected]
http://lists.xwiki.org/mailman/listinfo/devs

Reply via email to