litvinovg/vitro
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

NIHVIVO-331 Merge revision from rel-1.0-maint branch: Provide appropriate error message when a new user logs in, is prompted to change password, and re-enters the original password instead of a new one.

Browse source
This commit is contained in:
rjy7 2010-04-08 20:13:35 +00:00
parent 10b7ba78af
commit 6526c3c882
1 changed files with 18 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

26
webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/Authenticate.java
View file

@ -73,7 +73,7 @@ public class Authenticate extends VitroHttpServlet {
*/ */
String userEnteredPasswordAfterMd5Conversion=f.getLoginPassword(); // won't be null String userEnteredPasswordAfterMd5Conversion=f.getLoginPassword(); // won't be null
if ( userEnteredPasswordAfterMd5Conversion.equals("") ) { // shouldn't get through JS form verification if ( userEnteredPasswordAfterMd5Conversion.equals("") ) { // shouldn't get through JS form verification
f.setErrorMsg( "loginPassword","please enter a password" ); f.setErrorMsg( "loginPassword","Please enter a password" );
f.setLoginStatus("bad_password"); f.setLoginStatus("bad_password");
response.sendRedirect(loginUrl); response.sendRedirect(loginUrl);
return; return;
@ -107,30 +107,40 @@ public class Authenticate extends VitroHttpServlet {
f.setErrorMsg( "loginPassword", "Please try entering provided password again" ); f.setErrorMsg( "loginPassword", "Please try entering provided password again" );
f.setLoginStatus("first_login_mistyped"); f.setLoginStatus("first_login_mistyped");
} else if (user.getOldPassword().equals( userEnteredPasswordAfterMd5Conversion ) ) { } else if (user.getOldPassword().equals( userEnteredPasswordAfterMd5Conversion ) ) {
f.setErrorMsg( "loginPassword", "Please pick a different password from initially provided one" ); f.setErrorMsg( "loginPassword", "Please pick a different password from the one provided initially" );
f.setLoginStatus("changing_password_repeated_old"); f.setLoginStatus("changing_password_repeated_old");
} else { // successfully provided different, private password } else { // successfully provided different, private password
f.setErrorMsg( "loginPassword", "Please re-enter new private password" ); f.setErrorMsg( "loginPassword", "Please re-enter new private password for confirmation" );
user.setMd5password(userEnteredPasswordAfterMd5Conversion); user.setMd5password(userEnteredPasswordAfterMd5Conversion);
user.setLoginCount(1); user.setLoginCount(1);
userDao.updateUser(user); userDao.updateUser(user);
f.setLoginStatus("changing_password"); f.setLoginStatus("changing_password");
} }
} else if (f.getLoginStatus().equals("first_login_changing_password")) { // User has been prompted to change password, but has re-entered the original one
f.setErrorMsg( "loginPassword", "Please pick a different password from the one provided initially" ); // store password in database but force immediate re-entry
user.setOldPassword(user.getMd5password());
userDao.updateUser(user);
f.setLoginStatus("first_login_changing_password");
} else { // entered a password that matches initial md5password in database; now force them to change it } else { // entered a password that matches initial md5password in database; now force them to change it
// oldpassword could be null or not null depending on number of mistries // oldpassword could be null or not null depending on number of mistries
f.setErrorMsg( "loginPassword", "Please now choose a private password" ); // store password in database but force immediate re-entry f.setErrorMsg( "loginPassword", "Please now choose a private password" ); // store password in database but force immediate re-entry
user.setOldPassword(user.getMd5password()); user.setOldPassword(user.getMd5password());
userDao.updateUser(user); userDao.updateUser(user);
f.setLoginStatus("first_login_changing_password"); f.setLoginStatus("first_login_changing_password");
} }
response.sendRedirect(loginUrl); response.sendRedirect(loginUrl);
return; return;
} else if ( user.getMd5password()==null ) { // DBA has forced entry of a new password for user with a loginCount > 0 } else if ( user.getMd5password()==null ) { // DBA has forced entry of a new password for user with a loginCount > 0
if ( user.getOldPassword() != null && user.getOldPassword().equals( userEnteredPasswordAfterMd5Conversion ) ) { if ( user.getOldPassword() != null && user.getOldPassword().equals( userEnteredPasswordAfterMd5Conversion ) ) {
f.setErrorMsg( "loginPassword", "Please pick a different password from your old one" ); f.setErrorMsg( "loginPassword", "Please pick a different password from your previous one" );
f.setLoginStatus("changing_password_repeated_old"); f.setLoginStatus("changing_password_repeated_old");
} else { } else if (f.getLoginStatus().equals("changing_password")){ // User has been prompted to change password, but has re-entered the original one
f.setErrorMsg( "loginPassword", "Please re-enter new password" ); f.setErrorMsg( "loginPassword", "Please pick a different password from the one provided initially" );
user.setMd5password(userEnteredPasswordAfterMd5Conversion);
userDao.updateUser(user);
f.setLoginStatus("changing_password");
} else { // User has entered provided password; now prompt to change password
f.setErrorMsg( "loginPassword", "Please re-enter new password for confirmation" );
user.setMd5password(userEnteredPasswordAfterMd5Conversion); user.setMd5password(userEnteredPasswordAfterMd5Conversion);
userDao.updateUser(user); userDao.updateUser(user);
f.setLoginStatus("changing_password"); f.setLoginStatus("changing_password");