Hello, I found it to be confusing, that if you go to the account preferences page of a user (/rhn/account/UserDetails.do) and change the user's confirm password only (e.g. remove one of the dots), the message when you hit the 'Update' button states:
'User information updated' I'm not 100% sure about the expected behavior there, but I think if both passwords don't match we actually shouldn't display a success message (even if one of the passwords is the placeholder). The attached patch refines the class UserEditActionHelper and adds the password mismatch error as soon as both passwords don't match. Greetings, Johannes -- SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg)
>From 5c07c2b9824ff125a0d5f66426b3fe996d94a213 Mon Sep 17 00:00:00 2001 From: Johannes Renner <jren...@suse.de> Date: Mon, 28 Mar 2011 13:45:25 +0200 Subject: [PATCH] Do not show success message when passwords don't match --- .../frontend/action/user/UserEditActionHelper.java | 18 ++++++++++-------- 1 files changed, 10 insertions(+), 8 deletions(-) diff --git a/java/code/src/com/redhat/rhn/frontend/action/user/UserEditActionHelper.java b/java/code/src/com/redhat/rhn/frontend/action/user/UserEditActionHelper.java index 68f6ce0..c455642 100644 --- a/java/code/src/com/redhat/rhn/frontend/action/user/UserEditActionHelper.java +++ b/java/code/src/com/redhat/rhn/frontend/action/user/UserEditActionHelper.java @@ -40,16 +40,18 @@ public abstract class UserEditActionHelper extends RhnAction { //get validation errors ActionErrors errors = RhnValidationHelper.validateDynaActionForm(this, form); - //Make sure password and passwordConfirm are equal + //Add an error in case of password mismatch + String pw = (String)form.get(UserActionHelper.DESIRED_PASS); + String conf = (String)form.get(UserActionHelper.DESIRED_PASS_CONFIRM); + if (!pw.equals(conf)) { + errors.add(ActionMessages.GLOBAL_MESSAGE, + new ActionMessage("error.password_mismatch")); + } + + //Make sure password is not the placeholder if (!UserActionHelper.PLACEHOLDER_PASSWORD.equals( form.get(UserActionHelper.DESIRED_PASS))) { - String pw = (String)form.get(UserActionHelper.DESIRED_PASS); - String conf = (String)form.get(UserActionHelper.DESIRED_PASS_CONFIRM); - if (!pw.equals(conf)) { - errors.add(ActionMessages.GLOBAL_MESSAGE, - new ActionMessage("error.password_mismatch")); - } - else if (errors.isEmpty()) { + if (errors.isEmpty()) { //Set the password only if there are no errors at all targetUser.setPassword(pw); } -- 1.7.3.4
_______________________________________________ Spacewalk-devel mailing list Spacewalk-devel@redhat.com https://www.redhat.com/mailman/listinfo/spacewalk-devel