You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@wicket.apache.org by mg...@apache.org on 2016/07/19 22:14:38 UTC
[2/6] wicket git commit: WICKET-6211 clear password on detach
WICKET-6211 clear password on detach
Project: http://git-wip-us.apache.org/repos/asf/wicket/repo
Commit: http://git-wip-us.apache.org/repos/asf/wicket/commit/4054dbc7
Tree: http://git-wip-us.apache.org/repos/asf/wicket/tree/4054dbc7
Diff: http://git-wip-us.apache.org/repos/asf/wicket/diff/4054dbc7
Branch: refs/heads/master
Commit: 4054dbc7f8839a9b6dfee1fcdfc9afe4370724ce
Parents: b93e1ba
Author: Sven Meier <sv...@apache.org>
Authored: Tue Jul 19 23:50:17 2016 +0200
Committer: Martin Tzvetanov Grigorov <mg...@apache.org>
Committed: Wed Jul 20 00:10:32 2016 +0200
----------------------------------------------------------------------
.../markup/html/form/PasswordTextField.java | 50 ++++++----
.../markup/html/form/PasswordTextFieldTest.java | 97 ++++++++++++++++++++
2 files changed, 129 insertions(+), 18 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/wicket/blob/4054dbc7/wicket-core/src/main/java/org/apache/wicket/markup/html/form/PasswordTextField.java
----------------------------------------------------------------------
diff --git a/wicket-core/src/main/java/org/apache/wicket/markup/html/form/PasswordTextField.java b/wicket-core/src/main/java/org/apache/wicket/markup/html/form/PasswordTextField.java
index cbb5010..334248c 100644
--- a/wicket-core/src/main/java/org/apache/wicket/markup/html/form/PasswordTextField.java
+++ b/wicket-core/src/main/java/org/apache/wicket/markup/html/form/PasswordTextField.java
@@ -18,8 +18,6 @@ package org.apache.wicket.markup.html.form;
import org.apache.wicket.markup.ComponentTag;
import org.apache.wicket.model.IModel;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
/**
@@ -28,6 +26,10 @@ import org.slf4j.LoggerFactory;
* <p>
* By default this text field is required. If it is not, call {@link #setRequired(boolean)} with
* value of <code>false</code>.
+ * <p>
+ * Note that by default the model object is nullified after each request to prevent the entered
+ * password to be serialized along with the containing page, see {@link #setResetPassword(boolean)}
+ * for details.
*
* @author Jonathan Locke
*/
@@ -35,14 +37,8 @@ public class PasswordTextField extends TextField<String>
{
private static final long serialVersionUID = 1L;
- /** Log. */
- private static final Logger log = LoggerFactory.getLogger(PasswordTextField.class);
-
/**
- * Flag indicating whether the contents of the field should be reset each time it is rendered.
- * If <code>true</code>, the contents are emptied when the field is rendered. This is useful for
- * login forms. If <code>false</code>, the contents of the model are put into the field. This is
- * useful for entry forms where the contents of the model should be editable, or resubmitted.
+ * Should password be reset, see {@link #setResetPassword(boolean)}.
*/
private boolean resetPassword = true;
@@ -67,12 +63,9 @@ public class PasswordTextField extends TextField<String>
}
/**
- * Flag indicating whether the contents of the field should be reset each time it is rendered.
- * If <code>true</code>, the contents are emptied when the field is rendered. This is useful for
- * login forms. If <code>false</code>, the contents of the model are put into the field. This is
- * useful for entry forms where the contents of the model should be editable, or resubmitted.
+ * Should password be reset, see {@link #setResetPassword(boolean)}.
*
- * @return Returns the resetPassword.
+ * @return should password be resetted
*/
public final boolean getResetPassword()
{
@@ -80,10 +73,14 @@ public class PasswordTextField extends TextField<String>
}
/**
- * Flag indicating whether the contents of the field should be reset each time it is rendered.
- * If <code>true</code>, the contents are emptied when the field is rendered. This is useful for
- * login forms. If <code>false</code>, the contents of the model are put into the field. This is
- * useful for entry forms where the contents of the model should be editable, or resubmitted.
+ * Flag indicating whether the password should be reset after each request.
+ * Additionally any present value is not rendered into the markup.
+ * <br>
+ * If <code>true</code>, the model object is set to null after each request to prevent it
+ * being serialized along with the containing page. This is default and highly recommended
+ * for login forms. If <code>false</code> the model value is handled as in a standard
+ * {@link TextField}, this is useful for entry forms where the contents of the model should
+ * be editable, or resubmitted.
*
* @param resetPassword
* The resetPassword to set.
@@ -117,4 +114,21 @@ public class PasswordTextField extends TextField<String>
{
return new String[] {"password"};
}
+
+ /**
+ * Overriden to nullify the password.
+ */
+ @Override
+ protected void onDetach()
+ {
+ if (resetPassword) {
+ clearInput();
+
+ if (getModel() != null) {
+ setModelObject(null);
+ }
+ }
+
+ super.onDetach();
+ }
}
http://git-wip-us.apache.org/repos/asf/wicket/blob/4054dbc7/wicket-core/src/test/java/org/apache/wicket/markup/html/form/PasswordTextFieldTest.java
----------------------------------------------------------------------
diff --git a/wicket-core/src/test/java/org/apache/wicket/markup/html/form/PasswordTextFieldTest.java b/wicket-core/src/test/java/org/apache/wicket/markup/html/form/PasswordTextFieldTest.java
new file mode 100644
index 0000000..9b93fcc
--- /dev/null
+++ b/wicket-core/src/test/java/org/apache/wicket/markup/html/form/PasswordTextFieldTest.java
@@ -0,0 +1,97 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.wicket.markup.html.form;
+
+import org.apache.wicket.model.IModel;
+import org.apache.wicket.util.tester.WicketTestCase;
+import org.junit.Test;
+
+/**
+ * Test for {@link PasswordTextField}.
+ *
+ * @author svenmeier
+ */
+public class PasswordTextFieldTest extends WicketTestCase
+{
+
+ @Test
+ public void nullifyPassword()
+ {
+ TestModel model = new TestModel();
+
+ PasswordTextField field = new PasswordTextField("password", model);
+
+ field.detach();
+
+ assertNull(model.password);
+ assertTrue(model.detached);
+ }
+
+ @Test
+ public void nullifyPasswordOnNullModel()
+ {
+ PasswordTextField field = new PasswordTextField("password");
+ field.setVisible(false);
+
+ // does nothing on null model
+ field.detach();
+ }
+
+
+ @Test
+ public void nullifyNoReset()
+ {
+ TestModel model = new TestModel();
+
+ PasswordTextField field = new PasswordTextField("password", model);
+ field.setResetPassword(false);
+
+ field.detach();
+
+ assertEquals("test", model.password);
+ assertTrue(model.detached);
+ }
+
+ private class TestModel implements IModel<String>
+ {
+ public boolean detached;
+
+ public String password = "test";
+
+ @Override
+ public String getObject()
+ {
+ detached = false;
+
+ return password;
+ }
+
+ @Override
+ public void setObject(String password)
+ {
+ this.password = password;
+
+ detached = false;
+ }
+
+ @Override
+ public void detach()
+ {
+ detached = true;
+ }
+ }
+}