Attachment 188405 Details for Bug 266129 – Patch against openfire_src/src/java/org/jivesoftware/openfire/handler/IQAuthHandler.java

[patch] Patch against openfire_src/src/java/org/jivesoftware/openfire/handler/IQAuthHandler.java

IQAuthHandler.patch (text/plain), 1.96 KB, created by Alex Legler (RETIRED) on 2009-04-15 09:28:29 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Alex Legler (RETIRED)

Created: 2009-04-15 09:28:29 UTC

Size: 1.96 KB

patch

obsolete

>Index: IQAuthHandler.java
>===================================================================
>--- IQAuthHandler.java	(revision 10999)
>+++ IQAuthHandler.java	(working copy)
>@@ -139,14 +139,33 @@
>                         }
>     
>                         // If we're already logged in, this is a password reset
>-                        if (session.getStatus() == Session.STATUS_AUTHENTICATED) {
>-                            response = passwordReset(password, packet, username, session);
>+                        if (session.getStatus() == Session.STATUS_AUTHENTICATED
>+                                && session.getUsername().equalsIgnoreCase(
>+                                    username))
>+                        {
>+                            if (password != null
>+                                    && !password.trim().isEmpty())
>+                            {
>+                                response = passwordReset(password, packet,
>+                                    username, session);
>+                            }
>+                            else
>+                            {
>+                                response = IQ.createResultIQ(packet);
>+                                response.setError(PacketError.Condition.not_allowed);
>+                                response.setType(IQ.Type.error);
>+                            }
>                         }
>-                        else {
>+                        else if (session.getStatus() != Session.STATUS_AUTHENTICATED)
>+                        {
>                             // it is an auth attempt
>                             response = login(username, query, packet, password, session, digest);
>                             resourceBound = session.getStatus() == Session.STATUS_AUTHENTICATED;
>                         }
>+                        else
>+                        {
>+                            throw new UnauthorizedException();
>+                        }
>                     }
>                 }
>             }

Actions: View | Diff

Attachments on bug 266129: 188405