From 9fea1844d6c4bf17c5686b7bebce34988bb74bdb Mon Sep 17 00:00:00 2001
From: Sebastian Sdorra <sebastian.sdorra@cloudogu.com>
Date: Sat, 4 Dec 2010 16:18:47 +0100
Subject: [PATCH] fix bugs in authentication system

---
 .../main/java/sonia/scm/user/xml/XmlUserManager.java |  7 ++++++-
 .../sonia/scm/web/security/AuthenticationResult.java |  1 +
 .../sonia/scm/web/security/BasicSecurityContext.java | 12 ++++++++++--
 3 files changed, 17 insertions(+), 3 deletions(-)

diff --git a/scm-core/src/main/java/sonia/scm/user/xml/XmlUserManager.java b/scm-core/src/main/java/sonia/scm/user/xml/XmlUserManager.java
index 0798462f71..3d86cd95bc 100644
--- a/scm-core/src/main/java/sonia/scm/user/xml/XmlUserManager.java
+++ b/scm-core/src/main/java/sonia/scm/user/xml/XmlUserManager.java
@@ -235,7 +235,12 @@ public class XmlUserManager extends AbstractUserManager
   @Override
   public void modify(User user) throws UserException, IOException
   {
-    SecurityUtil.assertIsAdmin(scurityContextProvider);
+    User currentUser = SecurityUtil.getCurrentUser(scurityContextProvider);
+
+    if (!user.equals(currentUser) &&!currentUser.isAdmin())
+    {
+      throw new ScmSecurityException("admin account is required");
+    }
 
     String name = user.getName();
 
diff --git a/scm-web-api/src/main/java/sonia/scm/web/security/AuthenticationResult.java b/scm-web-api/src/main/java/sonia/scm/web/security/AuthenticationResult.java
index 9730d07f48..5a581d3212 100644
--- a/scm-web-api/src/main/java/sonia/scm/web/security/AuthenticationResult.java
+++ b/scm-web-api/src/main/java/sonia/scm/web/security/AuthenticationResult.java
@@ -74,6 +74,7 @@ public class AuthenticationResult
    */
   public AuthenticationResult(User user)
   {
+    this.user = user;
     this.state = AuthenticationState.SUCCESS;
   }
 
diff --git a/scm-web-api/src/main/java/sonia/scm/web/security/BasicSecurityContext.java b/scm-web-api/src/main/java/sonia/scm/web/security/BasicSecurityContext.java
index b611ba97dc..b0da84b804 100644
--- a/scm-web-api/src/main/java/sonia/scm/web/security/BasicSecurityContext.java
+++ b/scm-web-api/src/main/java/sonia/scm/web/security/BasicSecurityContext.java
@@ -104,9 +104,17 @@ public class BasicSecurityContext implements WebSecurityContext
       {
         user.setLastLogin(System.currentTimeMillis());
 
-        if (userManager.contains(username))
+        User dbUser = userManager.get(username);
+
+        if (dbUser != null)
         {
-          userManager.modify(user);
+
+          // update properties
+          dbUser.setDisplayName(user.getDisplayName());
+          dbUser.setLastLogin(user.getLastLogin());
+          dbUser.setMail(user.getMail());
+          dbUser.setType(user.getType());
+          userManager.modify(dbUser);
         }
         else
         {