fix bugs in authentication system

2026-01-21 06:52:11 +01:00 · 2010-12-04 16:18:47 +01:00
parent 8e49f50ced
commit 9fea1844d6
3 changed files with 17 additions and 3 deletions
--- a/scm-core/src/main/java/sonia/scm/user/xml/XmlUserManager.java
+++ b/scm-core/src/main/java/sonia/scm/user/xml/XmlUserManager.java
@@ -235,7 +235,12 @@ public class XmlUserManager extends AbstractUserManager
  @Override
  public void modify(User user) throws UserException, IOException
  {
-    SecurityUtil.assertIsAdmin(scurityContextProvider);
+    User currentUser = SecurityUtil.getCurrentUser(scurityContextProvider);
+
+    if (!user.equals(currentUser) &&!currentUser.isAdmin())
+    {
+      throw new ScmSecurityException("admin account is required");
+    }

    String name = user.getName();

--- a/scm-web-api/src/main/java/sonia/scm/web/security/AuthenticationResult.java
+++ b/scm-web-api/src/main/java/sonia/scm/web/security/AuthenticationResult.java
@@ -74,6 +74,7 @@ public class AuthenticationResult
   */
  public AuthenticationResult(User user)
  {
+    this.user = user;
    this.state = AuthenticationState.SUCCESS;
  }

--- a/scm-web-api/src/main/java/sonia/scm/web/security/BasicSecurityContext.java
+++ b/scm-web-api/src/main/java/sonia/scm/web/security/BasicSecurityContext.java
@@ -104,9 +104,17 @@ public class BasicSecurityContext implements WebSecurityContext
      {
        user.setLastLogin(System.currentTimeMillis());

-        if (userManager.contains(username))
+        User dbUser = userManager.get(username);
+
+        if (dbUser != null)
        {
-          userManager.modify(user);
+
+          // update properties
+          dbUser.setDisplayName(user.getDisplayName());
+          dbUser.setLastLogin(user.getLastLogin());
+          dbUser.setMail(user.getMail());
+          dbUser.setType(user.getType());
+          userManager.modify(dbUser);
        }
        else
        {