Hello,

I found it to be confusing, that if you go to the account preferences
page of a user (/rhn/account/UserDetails.do) and change the user's
confirm password only (e.g. remove one of the dots), the message when
you hit the 'Update' button states:

'User information updated'

I'm not 100% sure about the expected behavior there, but I think if
both passwords don't match we actually shouldn't display a success
message (even if one of the passwords is the placeholder). The attached
patch refines the class UserEditActionHelper and adds the password
mismatch error as soon as both passwords don't match.

Greetings,
Johannes

-- 
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG N├╝rnberg)
>From 5c07c2b9824ff125a0d5f66426b3fe996d94a213 Mon Sep 17 00:00:00 2001
From: Johannes Renner <jren...@suse.de>
Date: Mon, 28 Mar 2011 13:45:25 +0200
Subject: [PATCH] Do not show success message when passwords don't match

---
 .../frontend/action/user/UserEditActionHelper.java |   18 ++++++++++--------
 1 files changed, 10 insertions(+), 8 deletions(-)

diff --git a/java/code/src/com/redhat/rhn/frontend/action/user/UserEditActionHelper.java b/java/code/src/com/redhat/rhn/frontend/action/user/UserEditActionHelper.java
index 68f6ce0..c455642 100644
--- a/java/code/src/com/redhat/rhn/frontend/action/user/UserEditActionHelper.java
+++ b/java/code/src/com/redhat/rhn/frontend/action/user/UserEditActionHelper.java
@@ -40,16 +40,18 @@ public abstract class UserEditActionHelper extends RhnAction {
         //get validation errors
         ActionErrors errors = RhnValidationHelper.validateDynaActionForm(this, form);
 
-        //Make sure password and passwordConfirm are equal
+        //Add an error in case of password mismatch
+        String pw = (String)form.get(UserActionHelper.DESIRED_PASS);
+        String conf = (String)form.get(UserActionHelper.DESIRED_PASS_CONFIRM);
+        if (!pw.equals(conf)) {
+            errors.add(ActionMessages.GLOBAL_MESSAGE,
+                    new ActionMessage("error.password_mismatch"));
+        }
+
+        //Make sure password is not the placeholder
         if (!UserActionHelper.PLACEHOLDER_PASSWORD.equals(
                 form.get(UserActionHelper.DESIRED_PASS))) {
-            String pw = (String)form.get(UserActionHelper.DESIRED_PASS);
-            String conf = (String)form.get(UserActionHelper.DESIRED_PASS_CONFIRM);
-            if (!pw.equals(conf)) {
-                errors.add(ActionMessages.GLOBAL_MESSAGE,
-                        new ActionMessage("error.password_mismatch"));
-            }
-            else if (errors.isEmpty()) {
+            if (errors.isEmpty()) {
                 //Set the password only if there are no errors at all
                 targetUser.setPassword(pw);
             }
-- 
1.7.3.4

_______________________________________________
Spacewalk-devel mailing list
Spacewalk-devel@redhat.com
https://www.redhat.com/mailman/listinfo/spacewalk-devel

Reply via email to