inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-08-14 17:58:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix for ALFCOM-3086 - admin enforced to enter an old password when changing their own password.

Browse Source 
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@15017 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Kevin Roast
2009-06-29 19:28:36 +00:00
parent 67e14e9e63
commit 422ec06961
1 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
source/java/org/alfresco/repo/web/scripts/person/ChangePasswordPost.java
View File

@@ -94,7 +94,7 @@ public class ChangePasswordPost extends DeclarativeWebScript
// admin users can change/set a password without knowing the old one // admin users can change/set a password without knowing the old one
boolean isAdmin = authorityService.hasAdminAuthority(); boolean isAdmin = authorityService.hasAdminAuthority();
if (!isAdmin) if (!isAdmin || (userName.equalsIgnoreCase(authenticationService.getCurrentUserName())))
{ {
if (!json.has(PARAM_OLDPW) || json.getString(PARAM_OLDPW).length() == 0) if (!json.has(PARAM_OLDPW) || json.getString(PARAM_OLDPW).length() == 0)
{ {
@@ -111,7 +111,8 @@ public class ChangePasswordPost extends DeclarativeWebScript
newPassword = json.getString(PARAM_NEWPW); newPassword = json.getString(PARAM_NEWPW);
// update the password // update the password
if (!isAdmin) // an Admin user can update without knowing the original pass - but must know their own!
if (!isAdmin || (userName.equalsIgnoreCase(authenticationService.getCurrentUserName())))
{ {
authenticationService.updateAuthentication(userName, oldPassword.toCharArray(), newPassword.toCharArray()); authenticationService.updateAuthentication(userName, oldPassword.toCharArray(), newPassword.toCharArray());
} }