From 6526c3c882a27bfcb32b3df3308d3fb8620a2175 Mon Sep 17 00:00:00 2001
From: rjy7 <rjy7@440791e1-c2bf-4c1e-ad7c-caf3f8b0ebe8>
Date: Thu, 8 Apr 2010 20:13:35 +0000
Subject: [PATCH] NIHVIVO-331 Merge revision from rel-1.0-maint branch: Provide
 appropriate error message when a new user logs in, is prompted to change
 password, and re-enters the original password instead of a new one.

---
 .../webapp/controller/edit/Authenticate.java  | 26 +++++++++++++------
 1 file changed, 18 insertions(+), 8 deletions(-)

diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/Authenticate.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/Authenticate.java
index dace2e945..e54bd9e8e 100644
--- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/Authenticate.java
+++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/Authenticate.java
@@ -73,7 +73,7 @@ public class Authenticate extends VitroHttpServlet  {
             */
             String userEnteredPasswordAfterMd5Conversion=f.getLoginPassword(); // won't be null
             if ( userEnteredPasswordAfterMd5Conversion.equals("") ) { // shouldn't get through JS form verification
-                f.setErrorMsg( "loginPassword","please enter a password" );
+                f.setErrorMsg( "loginPassword","Please enter a password" );
                 f.setLoginStatus("bad_password");
                 response.sendRedirect(loginUrl);
                 return;
@@ -107,30 +107,40 @@ public class Authenticate extends VitroHttpServlet  {
                         f.setErrorMsg( "loginPassword", "Please try entering provided password again" );
                         f.setLoginStatus("first_login_mistyped");
                     } else if (user.getOldPassword().equals( userEnteredPasswordAfterMd5Conversion ) ) {
-                        f.setErrorMsg( "loginPassword", "Please pick a different password from initially provided one" );
+                        f.setErrorMsg( "loginPassword", "Please pick a different password from the one provided initially" );
                         f.setLoginStatus("changing_password_repeated_old");
                     } else { // successfully provided different, private password
-                        f.setErrorMsg( "loginPassword", "Please re-enter new private password" );
+                        f.setErrorMsg( "loginPassword", "Please re-enter new private password for confirmation" );
                         user.setMd5password(userEnteredPasswordAfterMd5Conversion);
                         user.setLoginCount(1);
                         userDao.updateUser(user);
                         f.setLoginStatus("changing_password");
-                    }
+                    }                    
+                } else if (f.getLoginStatus().equals("first_login_changing_password")) { // User has been prompted to change password, but has re-entered the original one
+                    f.setErrorMsg( "loginPassword", "Please pick a different password from the one provided initially" ); // store password in database but force immediate re-entry
+                    user.setOldPassword(user.getMd5password());
+                    userDao.updateUser(user);
+                    f.setLoginStatus("first_login_changing_password");                                       
                 } else { // entered a password that matches initial md5password in database; now force them to change it
                     // oldpassword could be null or not null depending on number of mistries
                     f.setErrorMsg( "loginPassword", "Please now choose a private password" ); // store password in database but force immediate re-entry
                     user.setOldPassword(user.getMd5password());
                     userDao.updateUser(user);
-                    f.setLoginStatus("first_login_changing_password");
+                    f.setLoginStatus("first_login_changing_password");     
                 }
                 response.sendRedirect(loginUrl);
                 return;
             } else if ( user.getMd5password()==null ) { // DBA has forced entry of a new password for user with a loginCount > 0
                 if ( user.getOldPassword() != null && user.getOldPassword().equals( userEnteredPasswordAfterMd5Conversion ) ) {
-                    f.setErrorMsg( "loginPassword", "Please pick a different password from your old one" );
+                    f.setErrorMsg( "loginPassword", "Please pick a different password from your previous one" );
                     f.setLoginStatus("changing_password_repeated_old");
-                } else {
-                    f.setErrorMsg( "loginPassword", "Please re-enter new password" );
+                } else if (f.getLoginStatus().equals("changing_password")){ // User has been prompted to change password, but has re-entered the original one
+                    f.setErrorMsg( "loginPassword", "Please pick a different password from the one provided initially" );
+                    user.setMd5password(userEnteredPasswordAfterMd5Conversion);
+                    userDao.updateUser(user);
+                    f.setLoginStatus("changing_password");                                           
+                } else { // User has entered provided password; now prompt to change password
+                    f.setErrorMsg( "loginPassword", "Please re-enter new password for confirmation" );
                     user.setMd5password(userEnteredPasswordAfterMd5Conversion);
                     userDao.updateUser(user);
                     f.setLoginStatus("changing_password");