You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@mina.apache.org by "David Latorre (JIRA)" <ji...@apache.org> on 2008/09/30 09:17:44 UTC

[jira] Commented: (FTPSERVER-183) DBUserManager and PropertiesUserManager are not storing the password in the User object after in "authenticate()"

    [ https://issues.apache.org/jira/browse/FTPSERVER-183?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12635691#action_12635691 ] 

David Latorre commented on FTPSERVER-183:
-----------------------------------------

Niklas, 

 Did you notice this issue? Is there any problem with my solution or some other problems you're foreseeing?




> DBUserManager and PropertiesUserManager are not storing the password in the User object after in "authenticate()" 
> ------------------------------------------------------------------------------------------------------------------
>
>                 Key: FTPSERVER-183
>                 URL: https://issues.apache.org/jira/browse/FTPSERVER-183
>             Project: FtpServer
>          Issue Type: Bug
>          Components: Core
>    Affects Versions: 1.0-M4
>            Reporter: David Latorre
>            Priority: Minor
>         Attachments: UserManagers.patch
>
>
> I suppose that as a result of the change in the strategy to encrypt passwords in DBUserManager, getUserByName()  -called by the authenticate() method - returns an User object with the password field unset.
> When trying to use the "save" method , this line throws  a NullPointerException
>   map.put(ATTR_PASSWORD, escapeString(passwordEncryptor.encrypt(user.getPassword())));
> My reason to use this method is that I call  DBUserManager.save() to update the user in the database with last-login information. 
> I'm providing a patch although maybe there's a more elegant solution.   The same modification is done in PropertiesUserManager for coherence.
> Important Note: with my provided path , the user's password should not be included in the WHERE query of "updateStatement" as there's a chance that for a  PasswordEncryptor, the result of   passwordEncryptor.encrypt  is not the same as the stored password even if matches() returns true.
>  
>  

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.