[SYNCOPE-928] check existing password before store the new one
Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/a4d49291 Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/a4d49291 Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/a4d49291 Branch: refs/heads/1_1_X Commit: a4d492918b04cbde4c570f43ad0ee4f3c461a958 Parents: 162ff57 Author: fmartelli <fabio.marte...@gmail.com> Authored: Thu Sep 1 16:04:20 2016 +0200 Committer: fmartelli <fabio.marte...@gmail.com> Committed: Thu Sep 1 16:04:20 2016 +0200 ---------------------------------------------------------------------- .../core/persistence/validation/entity/SyncopeUserValidator.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/syncope/blob/a4d49291/core/src/main/java/org/apache/syncope/core/persistence/validation/entity/SyncopeUserValidator.java ---------------------------------------------------------------------- diff --git a/core/src/main/java/org/apache/syncope/core/persistence/validation/entity/SyncopeUserValidator.java b/core/src/main/java/org/apache/syncope/core/persistence/validation/entity/SyncopeUserValidator.java index e471f0e..5b98783 100644 --- a/core/src/main/java/org/apache/syncope/core/persistence/validation/entity/SyncopeUserValidator.java +++ b/core/src/main/java/org/apache/syncope/core/persistence/validation/entity/SyncopeUserValidator.java @@ -74,7 +74,8 @@ public class SyncopeUserValidator extends AbstractValidator<SyncopeUserCheck, Sy } // update user's password history with encrypted password - if (maxPPSpecHistory > 0 && object.getPassword() != null) { + if (maxPPSpecHistory > 0 && object.getPassword() != null + && !object.getPasswordHistory().contains(object.getPassword())) { object.getPasswordHistory().add(object.getPassword()); } // keep only the last maxPPSpecHistory items in user's password history
