From 4c835e61e8ea2d5af2acf0c85c3c1f0d06f419df Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Wed, 26 Oct 2011 17:19:55 -0400
Subject: [PATCH] Documentation.

---
 src/com/gitblit/client/EditUserDialog.java |   84 +++++++++++++++++++++++++++++-------------
 1 files changed, 58 insertions(+), 26 deletions(-)

diff --git a/src/com/gitblit/client/EditUserDialog.java b/src/com/gitblit/client/EditUserDialog.java
index eacef24..0f666bd 100644
--- a/src/com/gitblit/client/EditUserDialog.java
+++ b/src/com/gitblit/client/EditUserDialog.java
@@ -45,9 +45,9 @@
 import javax.swing.KeyStroke;
 
 import com.gitblit.Constants.AccessRestrictionType;
-import com.gitblit.IStoredSettings;
 import com.gitblit.Keys;
 import com.gitblit.models.RepositoryModel;
+import com.gitblit.models.ServerSettings;
 import com.gitblit.models.UserModel;
 import com.gitblit.utils.StringUtils;
 
@@ -55,12 +55,14 @@
 
 	private static final long serialVersionUID = 1L;
 
+	private final String username;
+
 	private final UserModel user;
 
-	private final IStoredSettings settings;
+	private final ServerSettings settings;
 
 	private boolean isCreate;
-	
+
 	private boolean canceled = true;
 
 	private JTextField usernameField;
@@ -77,14 +79,15 @@
 
 	private Set<String> usernames;
 
-	public EditUserDialog(IStoredSettings settings) {
+	public EditUserDialog(ServerSettings settings) {
 		this(new UserModel(""), settings);
 		this.isCreate = true;
-		setTitle(Translation.get("gb.newUser"));		
+		setTitle(Translation.get("gb.newUser"));
 	}
 
-	public EditUserDialog(UserModel anUser, IStoredSettings settings) {
+	public EditUserDialog(UserModel anUser, ServerSettings settings) {
 		super();
+		this.username = anUser.username;
 		this.user = new UserModel("");
 		this.settings = settings;
 		this.usernames = new HashSet<String>();
@@ -94,7 +97,7 @@
 		setTitle(Translation.get("gb.edit") + ": " + anUser.username);
 		setIconImage(new ImageIcon(getClass().getResource("/gitblt-favicon.png")).getImage());
 	}
-	
+
 	@Override
 	protected JRootPane createRootPane() {
 		KeyStroke stroke = KeyStroke.getKeyStroke(KeyEvent.VK_ESCAPE, 0);
@@ -188,41 +191,70 @@
 			return false;
 		}
 
+		boolean rename = false;
 		// verify username uniqueness on create
 		if (isCreate) {
 			if (usernames.contains(uname.toLowerCase())) {
 				error(MessageFormat.format("Username ''{0}'' is unavailable.", uname));
 				return false;
 			}
+		} else {
+			// check rename collision
+			rename = !StringUtils.isEmpty(username) && !username.equalsIgnoreCase(uname);
+			if (rename) {
+				if (usernames.contains(uname.toLowerCase())) {
+					error(MessageFormat.format(
+							"Failed to rename ''{0}'' because ''{1}'' already exists.", username,
+							uname));
+					return false;
+				}
+			}
 		}
+		user.username = uname;
 
-		int minLength = settings.getInteger(Keys.realm.minPasswordLength, 5);
+		int minLength = settings.get(Keys.realm.minPasswordLength).getInteger(5);
 		if (minLength < 4) {
 			minLength = 4;
 		}
-		char[] pw = passwordField.getPassword();
-		if (pw == null || pw.length < minLength) {
-			error(MessageFormat.format(
-					"Password is too short. Minimum length is {0} characters.", minLength));
+
+		String password = new String(passwordField.getPassword());
+		if (StringUtils.isEmpty(password) || password.length() < minLength) {
+			error(MessageFormat.format("Password is too short. Minimum length is {0} characters.",
+					minLength));
 			return false;
 		}
-		char[] cpw = confirmPasswordField.getPassword();
-		if (cpw == null || cpw.length != pw.length) {
-			error("Please confirm the password!");
+		if (!password.toUpperCase().startsWith(StringUtils.MD5_TYPE)
+				&& !password.toUpperCase().startsWith(StringUtils.COMBINED_MD5_TYPE)) {
+			String cpw = new String(confirmPasswordField.getPassword());
+			if (cpw == null || cpw.length() != password.length()) {
+				error("Please confirm the password!");
+				return false;
+			}
+			if (!password.equals(cpw)) {
+				error("Passwords do not match!");
+				return false;
+			}
+
+			String type = settings.get(Keys.realm.passwordStorage).getString("md5");
+			if (type.equalsIgnoreCase("md5")) {
+				// store MD5 digest of password
+				user.password = StringUtils.MD5_TYPE + StringUtils.getMD5(password);
+			} else if (type.equalsIgnoreCase("combined-md5")) {
+				// store MD5 digest of username+password
+				user.password = StringUtils.COMBINED_MD5_TYPE
+						+ StringUtils.getMD5(username.toLowerCase() + password);
+			} else {
+				// plain-text password
+				user.password = password;
+			}
+		} else if (rename && password.toUpperCase().startsWith(StringUtils.COMBINED_MD5_TYPE)) {
+			error("Gitblit is configured for combined-md5 password hashing. You must enter a new password on account rename.");
 			return false;
-		}
-		if (!Arrays.equals(pw, cpw)) {
-			error("Passwords do not match!");
-			return false;
-		}
-		user.username = uname;
-		String type = settings.getString(Keys.realm.passwordStorage, "md5");
-		if (type.equalsIgnoreCase("md5")) {
-			// store MD5 digest of password
-			user.password = StringUtils.MD5_TYPE + StringUtils.getMD5(new String(pw));
 		} else {
-			user.password = new String(pw);
+			// no change in password
+			user.password = password;
 		}
+
 		user.canAdmin = canAdminCheckbox.isSelected();
 		user.excludeFromFederation = notFederatedCheckbox.isSelected();
 

--
Gitblit v1.9.1