Repository: james-project Updated Branches: refs/heads/master bd195b983 -> d04e65506
MAILBOX-365 MailboxSession should not cary password Not only this is not used, but also it could lead to security vulnerabilities... Project: http://git-wip-us.apache.org/repos/asf/james-project/repo Commit: http://git-wip-us.apache.org/repos/asf/james-project/commit/ad104d22 Tree: http://git-wip-us.apache.org/repos/asf/james-project/tree/ad104d22 Diff: http://git-wip-us.apache.org/repos/asf/james-project/diff/ad104d22 Branch: refs/heads/master Commit: ad104d22bcc2828a6aa2ede570fb82dd61659da9 Parents: bd195b9 Author: Benoit Tellier <[email protected]> Authored: Sat Dec 15 14:05:35 2018 +0700 Committer: Benoit Tellier <[email protected]> Committed: Tue Dec 18 14:47:55 2018 +0700 ---------------------------------------------------------------------- .../java/org/apache/james/mailbox/MailboxSession.java | 7 ------- .../james/mailbox/store/SimpleMailboxSession.java | 14 +++----------- .../james/mailbox/store/StoreMailboxManager.java | 8 ++++---- .../james/jmap/methods/GetMessagesMethodTest.java | 5 ----- 4 files changed, 7 insertions(+), 27 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/james-project/blob/ad104d22/mailbox/api/src/main/java/org/apache/james/mailbox/MailboxSession.java ---------------------------------------------------------------------- diff --git a/mailbox/api/src/main/java/org/apache/james/mailbox/MailboxSession.java b/mailbox/api/src/main/java/org/apache/james/mailbox/MailboxSession.java index e2c00f9..0b6324a 100644 --- a/mailbox/api/src/main/java/org/apache/james/mailbox/MailboxSession.java +++ b/mailbox/api/src/main/java/org/apache/james/mailbox/MailboxSession.java @@ -133,13 +133,6 @@ public interface MailboxSession { String getUserName(); /** - * Return the Password for the logged in user - * - * @return password - */ - String getPassword(); - - /** * Gets acceptable localisation for this user in preference order.<br> * When localising a phrase, each <code>Locale</code> should be tried in * order until an appropriate translation is obtained. http://git-wip-us.apache.org/repos/asf/james-project/blob/ad104d22/mailbox/store/src/main/java/org/apache/james/mailbox/store/SimpleMailboxSession.java ---------------------------------------------------------------------- diff --git a/mailbox/store/src/main/java/org/apache/james/mailbox/store/SimpleMailboxSession.java b/mailbox/store/src/main/java/org/apache/james/mailbox/store/SimpleMailboxSession.java index 3d2101c..7f08b47 100644 --- a/mailbox/store/src/main/java/org/apache/james/mailbox/store/SimpleMailboxSession.java +++ b/mailbox/store/src/main/java/org/apache/james/mailbox/store/SimpleMailboxSession.java @@ -44,8 +44,6 @@ public class SimpleMailboxSession implements MailboxSession, MailboxSession.User private final String userName; - private final String password; - private boolean open = true; private final List<Locale> localePreferences; @@ -57,16 +55,15 @@ public class SimpleMailboxSession implements MailboxSession, MailboxSession.User private final SessionType type; - public SimpleMailboxSession(SessionId sessionId, String userName, String password, + public SimpleMailboxSession(SessionId sessionId, String userName, List<Locale> localePreferences, char pathSeparator, SessionType type) { - this(sessionId, userName, password, localePreferences, new ArrayList<>(), null, pathSeparator, type); + this(sessionId, userName, localePreferences, new ArrayList<>(), null, pathSeparator, type); } - public SimpleMailboxSession(SessionId sessionId, String userName, String password, + public SimpleMailboxSession(SessionId sessionId, String userName, List<Locale> localePreferences, List<String> sharedSpaces, String otherUsersSpace, char pathSeparator, SessionType type) { this.sessionId = sessionId; this.userName = userName; - this.password = password; this.otherUsersSpace = otherUsersSpace; this.sharedSpaces = sharedSpaces; this.type = type; @@ -157,11 +154,6 @@ public class SimpleMailboxSession implements MailboxSession, MailboxSession.User } @Override - public String getPassword() { - return password; - } - - @Override public char getPathDelimiter() { return pathSeparator; } http://git-wip-us.apache.org/repos/asf/james-project/blob/ad104d22/mailbox/store/src/main/java/org/apache/james/mailbox/store/StoreMailboxManager.java ---------------------------------------------------------------------- diff --git a/mailbox/store/src/main/java/org/apache/james/mailbox/store/StoreMailboxManager.java b/mailbox/store/src/main/java/org/apache/james/mailbox/store/StoreMailboxManager.java index b978ed8..4b322de 100644 --- a/mailbox/store/src/main/java/org/apache/james/mailbox/store/StoreMailboxManager.java +++ b/mailbox/store/src/main/java/org/apache/james/mailbox/store/StoreMailboxManager.java @@ -346,7 +346,7 @@ public class StoreMailboxManager implements MailboxManager { @Override public MailboxSession createSystemSession(String userName) { - return createSession(userName, null, SessionType.System); + return createSession(userName, SessionType.System); } /** @@ -356,8 +356,8 @@ public class StoreMailboxManager implements MailboxManager { * @return session */ - protected MailboxSession createSession(String userName, String password, SessionType type) { - return new SimpleMailboxSession(newSessionId(), userName, password, new ArrayList<>(), getDelimiter(), type); + protected MailboxSession createSession(String userName, SessionType type) { + return new SimpleMailboxSession(newSessionId(), userName, new ArrayList<>(), getDelimiter(), type); } private MailboxSession.SessionId newSessionId() { @@ -392,7 +392,7 @@ public class StoreMailboxManager implements MailboxManager { @Override public MailboxSession login(String userid, String passwd) throws MailboxException { if (isValidLogin(userid, passwd)) { - return createSession(userid, passwd, SessionType.User); + return createSession(userid, SessionType.User); } else { throw new BadCredentialsException(); } http://git-wip-us.apache.org/repos/asf/james-project/blob/ad104d22/server/protocols/jmap/src/test/java/org/apache/james/jmap/methods/GetMessagesMethodTest.java ---------------------------------------------------------------------- diff --git a/server/protocols/jmap/src/test/java/org/apache/james/jmap/methods/GetMessagesMethodTest.java b/server/protocols/jmap/src/test/java/org/apache/james/jmap/methods/GetMessagesMethodTest.java index 6fcac84..4032bd0 100644 --- a/server/protocols/jmap/src/test/java/org/apache/james/jmap/methods/GetMessagesMethodTest.java +++ b/server/protocols/jmap/src/test/java/org/apache/james/jmap/methods/GetMessagesMethodTest.java @@ -101,11 +101,6 @@ public class GetMessagesMethodTest { public String getUserName() { return username; } - - @Override - public String getPassword() { - return password; - } @Override public List<Locale> getLocalePreferences() { --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
