Commit 45762bb1 authored by Gaston Dombiak's avatar Gaston Dombiak Committed by gato

Validate that a username was provided. JM-1462

git-svn-id: http://svn.igniterealtime.org/svn/repos/openfire/trunk@10886 b35dd754-fafc-0310-a699-88a17e54d16e
parent 86b5a715
...@@ -57,7 +57,7 @@ ...@@ -57,7 +57,7 @@
String nonce = ParamUtils.getParameter(request, "nonce"); String nonce = ParamUtils.getParameter(request, "nonce");
// The user auth token: // The user auth token:
AuthToken authToken; AuthToken authToken = null;
// Check the request/response for a login token // Check the request/response for a login token
...@@ -69,12 +69,6 @@ ...@@ -69,12 +69,6 @@
loginUsername = JID.escapeNode(loginUsername); loginUsername = JID.escapeNode(loginUsername);
} }
try { try {
if (LoginLimitManager.getInstance().hasHitConnectionLimit(loginUsername, request.getRemoteAddr())) {
throw new UnauthorizedException("User '" + loginUsername +"' or address '" + request.getRemoteAddr() + "' has his login attempt limit.");
}
if (!AdminManager.getInstance().isUserAdmin(loginUsername, true)) {
throw new UnauthorizedException("User '" + loginUsername + "' not allowed to login.");
}
if (secret != null && nodeID != null) { if (secret != null && nodeID != null) {
if (StringUtils.hash(AdminConsolePlugin.secret).equals(secret) && ClusterManager.isClusterMember(Base64.decode(nodeID, Base64.URL_SAFE))) { if (StringUtils.hash(AdminConsolePlugin.secret).equals(secret) && ClusterManager.isClusterMember(Base64.decode(nodeID, Base64.URL_SAFE))) {
authToken = new AuthToken(loginUsername); authToken = new AuthToken(loginUsername);
...@@ -93,12 +87,26 @@ ...@@ -93,12 +87,26 @@
} }
} }
else { else {
authToken = AuthFactory.authenticate(loginUsername, password); // Check that a username was provided before trying to verify credentials
if (loginUsername != null) {
if (LoginLimitManager.getInstance().hasHitConnectionLimit(loginUsername, request.getRemoteAddr())) {
throw new UnauthorizedException("User '" + loginUsername +"' or address '" + request.getRemoteAddr() + "' has his login attempt limit.");
}
if (!AdminManager.getInstance().isUserAdmin(loginUsername, true)) {
throw new UnauthorizedException("User '" + loginUsername + "' not allowed to login.");
}
authToken = AuthFactory.authenticate(loginUsername, password);
}
else {
errors.put("unauthorized", LocaleUtils.getLocalizedString("login.failed.unauthorized"));
}
}
if (errors.isEmpty()) {
LoginLimitManager.getInstance().recordSuccessfulAttempt(loginUsername, request.getRemoteAddr());
session.setAttribute("jive.admin.authToken", authToken);
response.sendRedirect(go(url));
return;
} }
LoginLimitManager.getInstance().recordSuccessfulAttempt(loginUsername, request.getRemoteAddr());
session.setAttribute("jive.admin.authToken", authToken);
response.sendRedirect(go(url));
return;
} }
catch (ConnectionException ue) { catch (ConnectionException ue) {
Log.debug(ue); Log.debug(ue);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment