[Generator-rt-devel] generator_runtime/src/java/generator/runtime/authentication ChangePasswordController.java, 1.3, 1.4

[Rick K. <ric...@us...>]

Update of /cvsroot/generator-rt/generator_runtime/src/java/generator/runtime/authentication
In directory sfp-cvsdas-2.v30.ch3.sourceforge.com:/tmp/cvs-serv28125/src/java/generator/runtime/authentication

Modified Files:
	ChangePasswordController.java 
Log Message:
trim passwords before changing and support flow parameter "allowOldPasswordAsNewPassword"

Index: ChangePasswordController.java
===================================================================
RCS file: /cvsroot/generator-rt/generator_runtime/src/java/generator/runtime/authentication/ChangePasswordController.java,v
retrieving revision 1.3
retrieving revision 1.4
diff -C2 -d -r1.3 -r1.4
*** ChangePasswordController.java	21 Oct 2008 10:52:48 -0000	1.3
--- ChangePasswordController.java	9 Apr 2010 10:37:10 -0000	1.4
***************
*** 106,112 ****
          String userType = getFlowParameter("userType", "");
  
!         String oldPassword = ParamUtils.getParameter(attributes, oldPasswordParam, "");
!         String newPassword1 = ParamUtils.getParameter(attributes, newPassword1Param, "");
!         String newPassword2 = ParamUtils.getParameter(attributes, newPassword2Param, "");
          
          LoginUser user = LoginController.getLoggedInUser(getServerSideUserState(), userType);
--- 106,112 ----
          String userType = getFlowParameter("userType", "");
  
!         String oldPassword = ParamUtils.getParameter(attributes, oldPasswordParam, "").trim();
!         String newPassword1 = ParamUtils.getParameter(attributes, newPassword1Param, "").trim();
!         String newPassword2 = ParamUtils.getParameter(attributes, newPassword2Param, "").trim();
          
          LoginUser user = LoginController.getLoggedInUser(getServerSideUserState(), userType);
***************
*** 161,164 ****
--- 161,165 ----
          boolean allowNonAlphanumeric = getFlowParameter("allowNonAlphanumeric", true);
          boolean allowSameLoginIdAndPassword = getFlowParameter("allowSameLoginIdAndPassword", true);
+         boolean allowOldPasswordAsNewPassword = getFlowParameter("allowOldPasswordAsNewPassword", true);
          int minPasswordStrength = getFlowParameter("minPasswordStrength", 0);
          int passwordMinLength = getFlowParameter("passwordMinLength", 1);
***************
*** 196,202 ****
              }
              boolean noErrors = valLength.validate(errors);
!             if (noErrors && !allowSameLoginIdAndPassword && 
!                     newPassword1.equals(ParamUtils.nvl(user.getLoginId(), ""))) {
!                 errors.add(new ValidationFailure(newPassword1Param, "passwordMatchesLoginId", newPassword1));
              }
          }
--- 197,208 ----
              }
              boolean noErrors = valLength.validate(errors);
!             if (noErrors) {
!                 if (!allowSameLoginIdAndPassword && newPassword1.equals(ParamUtils.nvl(user.getLoginId(), ""))) {
!                     errors.add(new ValidationFailure(newPassword1Param, "passwordMatchesLoginId", newPassword1));
!                 }
!                 if (!allowOldPasswordAsNewPassword &&  
!                         LoginController.encryptPassword(newPassword1, getProperties(), null, null).equals(user.getEncryptedPassword())) {
!                     errors.add(new ValidationFailure(newPassword1Param, "passwordIsOldPassword", newPassword1));
!                 }
              }
          }