Nemcio/SCM-Manager
1
0
Fork 0
mirror of https://github.com/scm-manager/scm-manager.git synced 2026-02-02 04:39:14 +01:00
Code Issues Packages Projects Releases Activity

anonymous user should not have permission to change password or autocomplete

Browse Source
This commit is contained in:
Eduard Heimbuch
2019-10-17 11:08:55 +02:00
parent a33acf5326
commit 1fd6337f64
6 changed files with 48 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
scm-webapp/src/main/java/sonia/scm/user/DefaultUserManager.java
View File

@@ -48,6 +48,7 @@ import sonia.scm.SCMContextProvider;
import sonia.scm.TransformFilter;
import sonia.scm.search.SearchRequest;
import sonia.scm.search.SearchUtil;
import sonia.scm.security.Authentications;
import sonia.scm.util.CollectionAppender;
import sonia.scm.util.Util;
@@ -378,7 +379,7 @@ public class DefaultUserManager extends AbstractUserManager
public void changePasswordForLoggedInUser(String oldPassword, String newPassword) {
User user = get((String) SecurityUtils.getSubject().getPrincipals().getPrimaryPrincipal());
if (!user.getPassword().equals(oldPassword)) {
if (!isAnonymousUser(user) && !user.getPassword().equals(oldPassword)) {
throw new InvalidPasswordException(ContextEntry.ContextBuilder.entity("PasswordChange", "-").in(User.class, user.getName()));
}
@@ -397,13 +398,17 @@ public class DefaultUserManager extends AbstractUserManager
if (user == null) {
throw new NotFoundException(User.class, userId);
}
if (!isTypeDefault(user)) {
if (!isTypeDefault(user) || isAnonymousUser(user)) {
throw new ChangePasswordNotAllowedException(ContextEntry.ContextBuilder.entity("PasswordChange", "-").in(User.class, user.getName()), user.getType());
}
user.setPassword(newPassword);
this.modify(user);
}
private boolean isAnonymousUser(User user) {
return Authentications.isSubjectAnonymous(user.getName());
}
//~--- fields ---------------------------------------------------------------
private final UserDAO userDAO;