You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@manifoldcf.apache.org by kw...@apache.org on 2013/06/27 17:59:03 UTC
svn commit: r1497409 - in /manifoldcf/trunk:
connectors/googledrive/connector/src/main/java/org/apache/manifoldcf/crawler/connectors/googledrive/
framework/core/src/main/java/org/apache/manifoldcf/core/connector/
Author: kwright
Date: Thu Jun 27 15:59:02 2013
New Revision: 1497409
URL: http://svn.apache.org/r1497409
Log:
Establish canonical way of keeping passwords out of HTML, using the GoogleDrive connector as an example. Part of CONNECTORS-737.
Modified:
manifoldcf/trunk/connectors/googledrive/connector/src/main/java/org/apache/manifoldcf/crawler/connectors/googledrive/GoogleDriveRepositoryConnector.java
manifoldcf/trunk/framework/core/src/main/java/org/apache/manifoldcf/core/connector/BaseConnector.java
Modified: manifoldcf/trunk/connectors/googledrive/connector/src/main/java/org/apache/manifoldcf/crawler/connectors/googledrive/GoogleDriveRepositoryConnector.java
URL: http://svn.apache.org/viewvc/manifoldcf/trunk/connectors/googledrive/connector/src/main/java/org/apache/manifoldcf/crawler/connectors/googledrive/GoogleDriveRepositoryConnector.java?rev=1497409&r1=1497408&r2=1497409&view=diff
==============================================================================
--- manifoldcf/trunk/connectors/googledrive/connector/src/main/java/org/apache/manifoldcf/crawler/connectors/googledrive/GoogleDriveRepositoryConnector.java (original)
+++ manifoldcf/trunk/connectors/googledrive/connector/src/main/java/org/apache/manifoldcf/crawler/connectors/googledrive/GoogleDriveRepositoryConnector.java Thu Jun 27 15:59:02 2013
@@ -420,8 +420,12 @@ public class GoogleDriveRepositoryConnec
clientid = StringUtils.EMPTY;
}
+ // Client password is secret, so don't put it unchanged into the form data.
if (clientsecret == null) {
clientsecret = StringUtils.EMPTY;
+ } else {
+ if (clientsecret.length() != 0)
+ clientsecret = EXISTING_VALUE_PASSWORD;
}
if (refreshtoken == null) {
@@ -532,7 +536,9 @@ public class GoogleDriveRepositoryConnec
String clientsecret = variableContext.getParameter(GoogleDriveConfig.CLIENT_SECRET_PARAM);
if (clientsecret != null) {
- parameters.setObfuscatedParameter(GoogleDriveConfig.CLIENT_SECRET_PARAM, clientsecret);
+ // Only set the password if it has been changed
+ if (!clientsecret.equals(EXISTING_VALUE_PASSWORD))
+ parameters.setObfuscatedParameter(GoogleDriveConfig.CLIENT_SECRET_PARAM, clientsecret);
}
String refreshtoken = variableContext.getParameter(GoogleDriveConfig.REFRESH_TOKEN_PARAM);
Modified: manifoldcf/trunk/framework/core/src/main/java/org/apache/manifoldcf/core/connector/BaseConnector.java
URL: http://svn.apache.org/viewvc/manifoldcf/trunk/framework/core/src/main/java/org/apache/manifoldcf/core/connector/BaseConnector.java?rev=1497409&r1=1497408&r2=1497409&view=diff
==============================================================================
--- manifoldcf/trunk/framework/core/src/main/java/org/apache/manifoldcf/core/connector/BaseConnector.java (original)
+++ manifoldcf/trunk/framework/core/src/main/java/org/apache/manifoldcf/core/connector/BaseConnector.java Thu Jun 27 15:59:02 2013
@@ -28,6 +28,12 @@ public abstract class BaseConnector impl
{
public static final String _rcsid = "@(#)$Id: BaseConnector.java 988245 2010-08-23 18:39:35Z kwright $";
+ /** This is a special password value that is used as a placeholder, so the real
+ * password does not appear in HTML at any point in the crawler UI. Effectively,
+ * a password with this value means "existing value".
+ */
+ protected static final String EXISTING_VALUE_PASSWORD = "\u0512\u0512\u0512\u0512\u0512\u0512\u0512\u0512";
+
// Config params
protected ConfigParams params = null;