On Tue, Jan 26, 2010 at 17:04, Sergiu Dumitriu <[email protected]> wrote:
> On 01/26/2010 03:20 PM, vmassol (SVN) wrote:
>> Author: vmassol
>> Date: 2010-01-26 15:20:55 +0100 (Tue, 26 Jan 2010)
>> New Revision: 26408
>>
>> Modified:
>>
>> platform/core/trunk/xwiki-core/src/main/java/com/xpn/xwiki/user/impl/LDAP/XWikiLDAPAuthServiceImpl.java
>>
>> platform/core/trunk/xwiki-core/src/main/java/com/xpn/xwiki/user/impl/xwiki/AbstractXWikiAuthService.java
>>
>> platform/core/trunk/xwiki-core/src/main/java/com/xpn/xwiki/user/impl/xwiki/XWikiAuthServiceImpl.java
>>
>> platform/core/trunk/xwiki-core/src/main/resources/ApplicationResources.properties
>> Log:
>> XWIKI-2261: Don't give password hints
>
> Actually I would leave the nousername/nopassword messages, since this is
> a known fact that doesn't give any hints about the existence of the user.
+1
>
>> Modified:
>> platform/core/trunk/xwiki-core/src/main/java/com/xpn/xwiki/user/impl/LDAP/XWikiLDAPAuthServiceImpl.java
>> ===================================================================
>> ---
>> platform/core/trunk/xwiki-core/src/main/java/com/xpn/xwiki/user/impl/LDAP/XWikiLDAPAuthServiceImpl.java
>> 2010-01-26 14:14:24 UTC (rev 26407)
>> +++
>> platform/core/trunk/xwiki-core/src/main/java/com/xpn/xwiki/user/impl/LDAP/XWikiLDAPAuthServiceImpl.java
>> 2010-01-26 14:20:55 UTC (rev 26408)
>> @@ -115,7 +115,7 @@
>>
>> // Check for empty usernames
>> if (login.equals("")) {
>> - context.put("message", "nousername");
>> + context.put("message", "invalidcredentials");
>>
>> if (LOG.isDebugEnabled()) {
>> LOG.debug("LDAP authentication failed: login empty");
>> @@ -126,7 +126,7 @@
>>
>> // Check for empty passwords
>> if ((password == null) || (password.trim().equals(""))) {
>> - context.put("message", "nopassword");
>> + context.put("message", "invalidcredentials");
>>
>> if (LOG.isDebugEnabled()) {
>> LOG.debug("LDAP authentication failed: password null or
>> empty");
>>
>> Modified:
>> platform/core/trunk/xwiki-core/src/main/java/com/xpn/xwiki/user/impl/xwiki/XWikiAuthServiceImpl.java
>> ===================================================================
>> ---
>> platform/core/trunk/xwiki-core/src/main/java/com/xpn/xwiki/user/impl/xwiki/XWikiAuthServiceImpl.java
>> 2010-01-26 14:14:24 UTC (rev 26407)
>> +++
>> platform/core/trunk/xwiki-core/src/main/java/com/xpn/xwiki/user/impl/xwiki/XWikiAuthServiceImpl.java
>> 2010-01-26 14:20:55 UTC (rev 26408)
>> @@ -423,13 +423,13 @@
>>
>> // Check for empty usernames
>> if (cannonicalUsername.equals("")) {
>> - context.put("message", "nousername");
>> + context.put("message", "invalidcredentials");
>> return null;
>> }
>>
>> // Check for empty passwords
>> if ((password == null) || (password.trim().equals(""))) {
>> - context.put("message", "nopassword");
>> + context.put("message", "invalidcredentials");
>> return null;
>> }
>>
>
> --
> Sergiu Dumitriu
> http://purl.org/net/sergiu/
> _______________________________________________
> devs mailing list
> [email protected]
> http://lists.xwiki.org/mailman/listinfo/devs
>
--
Thomas Mortagne
_______________________________________________
devs mailing list
[email protected]
http://lists.xwiki.org/mailman/listinfo/devs
