You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@syncope.apache.org by fm...@apache.org on 2016/09/01 14:31:22 UTC

[2/3] syncope git commit: [SYNCOPE-928] check existing password before store the new one

[SYNCOPE-928] check existing password before store the new one


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/d3c779f6
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/d3c779f6
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/d3c779f6

Branch: refs/heads/1_2_X
Commit: d3c779f6b0581a6df69526b393c402577d3b95ec
Parents: a5333a6
Author: fmartelli <fa...@gmail.com>
Authored: Thu Sep 1 16:02:38 2016 +0200
Committer: fmartelli <fa...@gmail.com>
Committed: Thu Sep 1 16:02:38 2016 +0200

----------------------------------------------------------------------
 .../core/persistence/validation/entity/SyncopeUserValidator.java  | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/syncope/blob/d3c779f6/core/src/main/java/org/apache/syncope/core/persistence/validation/entity/SyncopeUserValidator.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/syncope/core/persistence/validation/entity/SyncopeUserValidator.java b/core/src/main/java/org/apache/syncope/core/persistence/validation/entity/SyncopeUserValidator.java
index 2b90197..8c66c5a 100644
--- a/core/src/main/java/org/apache/syncope/core/persistence/validation/entity/SyncopeUserValidator.java
+++ b/core/src/main/java/org/apache/syncope/core/persistence/validation/entity/SyncopeUserValidator.java
@@ -81,7 +81,8 @@ public class SyncopeUserValidator extends AbstractValidator<SyncopeUserCheck, Sy
             }
 
             // update user's password history with encrypted password
-            if (maxPPSpecHistory > 0 && user.getPassword() != null) {
+            if (maxPPSpecHistory > 0 && user.getPassword() != null
+                    && !user.getPasswordHistory().contains(user.getPassword())) {
                 user.getPasswordHistory().add(user.getPassword());
             }
             // keep only the last maxPPSpecHistory items in user's password history