Author: channa Date: Thu Jul 3 05:14:34 2008 New Revision: 18829 URL: http://wso2.org/svn/browse/wso2?view=rev&revision=18829
Log: Preventing admin's password change to 'admin' at validation level. MASHUP-880. Modified: trunk/mashup/java/modules/core/src/org/wso2/mashup/MashupConstants.java trunk/mashup/java/modules/core/src/org/wso2/mashup/webapp/userprofile/AddUserBean.java trunk/mashup/java/modules/www/user.jsp Modified: trunk/mashup/java/modules/core/src/org/wso2/mashup/MashupConstants.java URL: http://wso2.org/svn/browse/wso2/trunk/mashup/java/modules/core/src/org/wso2/mashup/MashupConstants.java?rev=18829&r1=18828&r2=18829&view=diff ============================================================================== --- trunk/mashup/java/modules/core/src/org/wso2/mashup/MashupConstants.java (original) +++ trunk/mashup/java/modules/core/src/org/wso2/mashup/MashupConstants.java Thu Jul 3 05:14:34 2008 @@ -162,6 +162,7 @@ public static final int MIN_PASSWORD_LENGTH = 5; public static final String PASSWORD_SEPARATOR = "<separator/>"; + public static final String RESTRICTED_PASSWORD = "admin"; public static final String MASHUP_PRIVATE_FOLDER_NAME = "_private"; public static final String UNDISPATCHED_OPERATION = "undispatched"; Modified: trunk/mashup/java/modules/core/src/org/wso2/mashup/webapp/userprofile/AddUserBean.java URL: http://wso2.org/svn/browse/wso2/trunk/mashup/java/modules/core/src/org/wso2/mashup/webapp/userprofile/AddUserBean.java?rev=18829&r1=18828&r2=18829&view=diff ============================================================================== --- trunk/mashup/java/modules/core/src/org/wso2/mashup/webapp/userprofile/AddUserBean.java (original) +++ trunk/mashup/java/modules/core/src/org/wso2/mashup/webapp/userprofile/AddUserBean.java Thu Jul 3 05:14:34 2008 @@ -262,6 +262,11 @@ } else if (password.indexOf(MashupConstants.PASSWORD_SEPARATOR) > -1) { errors.put("password", "New password uses restricted string!"); valid = false; + // User manager does not allow a user called admin to change password to 'admin'. + } else if (editMode && userName.equals(MashupConstants.RESTRICTED_PASSWORD) + && password.equals(MashupConstants.RESTRICTED_PASSWORD)) { + errors.put("password", "Password not allowed!"); + valid = false; } } Modified: trunk/mashup/java/modules/www/user.jsp URL: http://wso2.org/svn/browse/wso2/trunk/mashup/java/modules/www/user.jsp?rev=18829&r1=18828&r2=18829&view=diff ============================================================================== --- trunk/mashup/java/modules/www/user.jsp (original) +++ trunk/mashup/java/modules/www/user.jsp Thu Jul 3 05:14:34 2008 @@ -158,6 +158,9 @@ MashupConstants.MIN_PASSWORD_LENGTH %> characters!"); } else if (newPassword.indexOf("<%= MashupConstants.PASSWORD_SEPARATOR %>") > -1) { $("passwordMessages_value").update("New password uses restricted string!"); + } else if (user == "<%= MashupConstants.RESTRICTED_PASSWORD %>" && newPassword == + "<%= MashupConstants.RESTRICTED_PASSWORD %>") { + $("passwordMessages_value").update("Password not allowed!"); } else { var changeDetails = encodeURI(oldPassword) + "<%= MashupConstants.PASSWORD_SEPARATOR %>" + encodeURI(newPassword); _______________________________________________ Mashup-dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/mashup-dev
