This is an automated email from the git hooks/post-receive script. New commit to branch feature/234-ErreurAuLogin in repository pollen. See https://gitlab.nuiton.org/chorem/pollen.git commit 5a91ae9c887148623668352db73a497b4273b990 Author: jcouteau <couteau@codelutin.com> Date: Tue Nov 26 16:47:40 2019 +0100 refs #234 : Prevent NPE on salt and try to add alternative LoginProvider fallback --- .../services/service/security/SecurityService.java | 23 ++++++++++++++++++++-- 1 file changed, 21 insertions(+), 2 deletions(-) diff --git a/pollen-services/src/main/java/org/chorem/pollen/services/service/security/SecurityService.java b/pollen-services/src/main/java/org/chorem/pollen/services/service/security/SecurityService.java index 3bbe4979..881f64ab 100644 --- a/pollen-services/src/main/java/org/chorem/pollen/services/service/security/SecurityService.java +++ b/pollen-services/src/main/java/org/chorem/pollen/services/service/security/SecurityService.java @@ -117,7 +117,16 @@ public class SecurityService extends PollenServiceSupport { try { checkUserPassword(user, password); } catch (PollenInvalidPasswordException e) { - throw new PollenAuthenticationException(e); + boolean valid = false; + for (UserCredential credential : user.getUserCredential()) { + valid = valid || getUserCredentialDao().isCredentialValid(credential.getProvider(), + credential.getUserId(), + user.getTopiaId(), + login); + } + if (!valid) { + throw new PollenAuthenticationException(e); + } } if (!user.isEmailValidated()) { @@ -332,10 +341,20 @@ public class SecurityService extends PollenServiceSupport { public void checkUserPassword(PollenUser user, String password) throws PollenInvalidPasswordException { String encodedPassword = null; - if (password != null) { + if (password != null && user.getSalt() != null) { encodedPassword = serviceContext.encodePassword(user.getSalt(), password); } boolean valid = Objects.equals(encodedPassword, user.getPassword()); + + if (!valid) { + for (UserCredential credential : user.getUserCredential()) { + valid = valid || getUserCredentialDao().isCredentialValid(credential.getProvider(), + credential.getUserId(), + user.getTopiaId(), + credential.getEmail()); + } + } + if (user.isBanned() || !valid) { throw new PollenInvalidPasswordException(); } -- To stop receiving notification emails like this one, please contact chorem.org SCM administrator <admin+scm@chorem.org>.