sling-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From romb...@apache.org
Subject [sling-org-apache-sling-jcr-repoinit] 05/08: SLING-6219 - warn if creating users with cleartext passwords
Date Tue, 07 Nov 2017 09:50:20 GMT
This is an automated email from the ASF dual-hosted git repository.

rombert pushed a commit to annotated tag org.apache.sling.jcr.repoinit-1.1.2
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-jcr-repoinit.git

commit c29c1f8e36c74d25748fb6e3bc50b701402279f2
Author: Bertrand Delacretaz <bdelacretaz@apache.org>
AuthorDate: Fri Nov 25 09:32:10 2016 +0000

    SLING-6219 - warn if creating users with cleartext passwords
    
    git-svn-id: https://svn.apache.org/repos/asf/sling/trunk/bundles/jcr/repoinit@1771262
13f79535-47bb-0310-9956-ffa450edef68
---
 .../java/org/apache/sling/jcr/repoinit/impl/UserVisitor.java | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/src/main/java/org/apache/sling/jcr/repoinit/impl/UserVisitor.java b/src/main/java/org/apache/sling/jcr/repoinit/impl/UserVisitor.java
index 28ad210..5612c0a 100644
--- a/src/main/java/org/apache/sling/jcr/repoinit/impl/UserVisitor.java
+++ b/src/main/java/org/apache/sling/jcr/repoinit/impl/UserVisitor.java
@@ -68,8 +68,16 @@ class UserVisitor extends DoNothingVisitor {
         final String id = u.getUsername();
         try {
             if(!UserUtil.serviceExists(session, id)) {
-                log.info("Creating user {}", id);
-                UserUtil.createUser(session, id, u.getPassword());
+                final String pwd = u.getPassword();
+                if(pwd != null) {
+                    // TODO we might revise this warning once we're able
+                    // to create users by providing their encoded password
+                    // using u.getPasswordEncoding - for now I think only cleartext works
+                    log.warn("Creating user {} with cleartext password - should NOT be used
on production systems", id);
+                } else {
+                    log.info("Creating user {}", id);
+                }
+                UserUtil.createUser(session, id, pwd);
             } else {
                 log.info("User {} already exists, no changes made", id);
             }

-- 
To stop receiving notification emails like this one, please contact
"commits@sling.apache.org" <commits@sling.apache.org>.

Mime
View raw message