Validate that a username was provided. JM-1462

git-svn-id: http://svn.igniterealtime.org/svn/repos/openfire/trunk@10886 b35dd754-fafc-0310-a699-88a17e54d16e

Validate that a username was provided. JM-1462
git-svn-id: http://svn.igniterealtime.org/svn/repos/openfire/trunk@10886 b35dd754-fafc-0310-a699-88a17e54d16e
45762bb1 · Gaston Dombiak · gato · 86b5a715 · 45762bb1
Commit 45762bb1 authored Nov 14, 2008 by Gaston Dombiak Committed by gato Nov 14, 2008
Hide whitespace changes
Inline Side-by-side

Showing with 20 additions and 12 deletions

login.jsp src/web/login.jsp +20 -12

No files found.
--- a/src/web/login.jsp
+++ b/src/web/login.jsp
@@ -57,7 +57,7 @@
    String nonce = ParamUtils.getParameter(request, "nonce");

    // The user auth token:
-    AuthToken authToken;
+    AuthToken authToken = null;

    // Check the request/response for a login token

@@ -69,12 +69,6 @@
            loginUsername = JID.escapeNode(loginUsername);
        }
        try {
-            if (LoginLimitManager.getInstance().hasHitConnectionLimit(loginUsername, request.getRemoteAddr())) {
-                throw new UnauthorizedException("User '" + loginUsername +"' or address '" + request.getRemoteAddr() + "' has his login attempt limit.");
-            }
-            if (!AdminManager.getInstance().isUserAdmin(loginUsername, true)) {
-                throw new UnauthorizedException("User '" + loginUsername + "' not allowed to login.");
-            }
            if (secret != null && nodeID != null) {
                if (StringUtils.hash(AdminConsolePlugin.secret).equals(secret) && ClusterManager.isClusterMember(Base64.decode(nodeID, Base64.URL_SAFE))) {
                    authToken = new AuthToken(loginUsername);
@@ -93,12 +87,26 @@
                }
            }
            else {
-                authToken = AuthFactory.authenticate(loginUsername, password);
+                // Check that a username was provided before trying to verify credentials
+                if (loginUsername != null) {
+                    if (LoginLimitManager.getInstance().hasHitConnectionLimit(loginUsername, request.getRemoteAddr())) {
+                        throw new UnauthorizedException("User '" + loginUsername +"' or address '" + request.getRemoteAddr() + "' has his login attempt limit.");
+                    }
+                    if (!AdminManager.getInstance().isUserAdmin(loginUsername, true)) {
+                        throw new UnauthorizedException("User '" + loginUsername + "' not allowed to login.");
+                    }
+                    authToken = AuthFactory.authenticate(loginUsername, password);
+                }
+                else {
+                    errors.put("unauthorized", LocaleUtils.getLocalizedString("login.failed.unauthorized"));
+                }
+            }
+            if (errors.isEmpty()) {
+                LoginLimitManager.getInstance().recordSuccessfulAttempt(loginUsername, request.getRemoteAddr());
+                session.setAttribute("jive.admin.authToken", authToken);
+                response.sendRedirect(go(url));
+                return;
            }
-            LoginLimitManager.getInstance().recordSuccessfulAttempt(loginUsername, request.getRemoteAddr());
-            session.setAttribute("jive.admin.authToken", authToken);
-            response.sendRedirect(go(url));
-            return;
        }
        catch (ConnectionException ue) {
            Log.debug(ue);