Author: chatellier Date: 2011-02-04 13:57:49 +0000 (Fri, 04 Feb 2011) New Revision: 686 Log: Check config password as sha1 encoded Modified: trunk/coser-web/src/main/java/fr/ifremer/coser/web/actions/UploadResultAction.java Modified: trunk/coser-web/src/main/java/fr/ifremer/coser/web/actions/UploadResultAction.java =================================================================== --- trunk/coser-web/src/main/java/fr/ifremer/coser/web/actions/UploadResultAction.java 2011-02-04 13:43:58 UTC (rev 685) +++ trunk/coser-web/src/main/java/fr/ifremer/coser/web/actions/UploadResultAction.java 2011-02-04 13:57:49 UTC (rev 686) @@ -102,8 +102,7 @@ } else { - String configSha1Password = StringUtil.encodeSHA1(config.getAdminPassword()); - if (config.getAdminLogin().equals(login) && configSha1Password.equals(sha1Password)) { + if (config.getAdminLogin().equals(login) && equalsSHA1Password(config, sha1Password)) { if (resultFile != null) { WebService webService = ServiceFactory.getWebService(); try { @@ -130,4 +129,28 @@ return INPUT; } + + /** + * Check if sha1 password equals to config password. + * + * Config password can be plain or sha1 encoded. + * + * @param config config + * @param sha1Password sha1 to check + * @return equality + */ + protected boolean equalsSHA1Password(CoserWebConfig config, String sha1Password) { + + // first test sha1 equality + String configSha1Password = config.getAdminPassword(); + boolean result = configSha1Password.equals(sha1Password); + + // second test to encode sha1 of plain password + if (!result) { + configSha1Password = StringUtil.encodeSHA1(configSha1Password); + result = configSha1Password.equals(sha1Password); + } + + return result; + } }