[FTPSERVER-183] DBUserManager and PropertiesUserManager are not storing the password in the User object after in "authenticate()" - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: 1.0.0-M4
Fix Version/s: 1.0.0-M4
Component/s: Core
Labels:
None

Description

I suppose that as a result of the change in the strategy to encrypt passwords in DBUserManager, getUserByName() -called by the authenticate() method - returns an User object with the password field unset.

When trying to use the "save" method , this line throws a NullPointerException
map.put(ATTR_PASSWORD, escapeString(passwordEncryptor.encrypt(user.getPassword())));

My reason to use this method is that I call DBUserManager.save() to update the user in the database with last-login information.

I'm providing a patch although maybe there's a more elegant solution. The same modification is done in PropertiesUserManager for coherence.

Important Note: with my provided path , the user's password should not be included in the WHERE query of "updateStatement" as there's a chance that for a PasswordEncryptor, the result of passwordEncryptor.encrypt is not the same as the stored password even if matches() returns true.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

UserManagers.patch
24/Sep/08 10:03
1 kB
David Latorre

Activity

People

Assignee:: Niklas Therning

Reporter:: David Latorre

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 24/Sep/08 09:19

Updated:: 02/Nov/08 22:24

Resolved:: 02/Nov/08 22:24