branch feature/234-ErreurAuLogin created (now 5a91ae9c)
This is an automated email from the git hooks/post-receive script. New change to branch feature/234-ErreurAuLogin in repository pollen. See https://gitlab.nuiton.org/chorem/pollen.git at 5a91ae9c refs #234 : Prevent NPE on salt and try to add alternative LoginProvider fallback This branch includes the following new commits: new 5a91ae9c refs #234 : Prevent NPE on salt and try to add alternative LoginProvider fallback The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "adds" were already present in the repository and have only been added to this reference. Detailed log of new commits: commit 5a91ae9c887148623668352db73a497b4273b990 Author: jcouteau <couteau@codelutin.com> Date: Tue Nov 26 16:47:40 2019 +0100 refs #234 : Prevent NPE on salt and try to add alternative LoginProvider fallback -- To stop receiving notification emails like this one, please contact chorem.org SCM administrator <admin+scm@chorem.org>.
This is an automated email from the git hooks/post-receive script. New commit to branch feature/234-ErreurAuLogin in repository pollen. See https://gitlab.nuiton.org/chorem/pollen.git commit 5a91ae9c887148623668352db73a497b4273b990 Author: jcouteau <couteau@codelutin.com> Date: Tue Nov 26 16:47:40 2019 +0100 refs #234 : Prevent NPE on salt and try to add alternative LoginProvider fallback --- .../services/service/security/SecurityService.java | 23 ++++++++++++++++++++-- 1 file changed, 21 insertions(+), 2 deletions(-) diff --git a/pollen-services/src/main/java/org/chorem/pollen/services/service/security/SecurityService.java b/pollen-services/src/main/java/org/chorem/pollen/services/service/security/SecurityService.java index 3bbe4979..881f64ab 100644 --- a/pollen-services/src/main/java/org/chorem/pollen/services/service/security/SecurityService.java +++ b/pollen-services/src/main/java/org/chorem/pollen/services/service/security/SecurityService.java @@ -117,7 +117,16 @@ public class SecurityService extends PollenServiceSupport { try { checkUserPassword(user, password); } catch (PollenInvalidPasswordException e) { - throw new PollenAuthenticationException(e); + boolean valid = false; + for (UserCredential credential : user.getUserCredential()) { + valid = valid || getUserCredentialDao().isCredentialValid(credential.getProvider(), + credential.getUserId(), + user.getTopiaId(), + login); + } + if (!valid) { + throw new PollenAuthenticationException(e); + } } if (!user.isEmailValidated()) { @@ -332,10 +341,20 @@ public class SecurityService extends PollenServiceSupport { public void checkUserPassword(PollenUser user, String password) throws PollenInvalidPasswordException { String encodedPassword = null; - if (password != null) { + if (password != null && user.getSalt() != null) { encodedPassword = serviceContext.encodePassword(user.getSalt(), password); } boolean valid = Objects.equals(encodedPassword, user.getPassword()); + + if (!valid) { + for (UserCredential credential : user.getUserCredential()) { + valid = valid || getUserCredentialDao().isCredentialValid(credential.getProvider(), + credential.getUserId(), + user.getTopiaId(), + credential.getEmail()); + } + } + if (user.isBanned() || !valid) { throw new PollenInvalidPasswordException(); } -- To stop receiving notification emails like this one, please contact chorem.org SCM administrator <admin+scm@chorem.org>.
participants (1)
-
chorem.org scm