Changeset 1476 for trunk/src/org/expeditee/auth/account/Password.java

Timestamp:

12/03/19 14:08:11 (4 years ago)

Author:

bnemhaus

Message:

Added feedback to ensure that when attempting to use AuthRegainAccountAccess you provide a username.
Yikes, there is currently no guarantee that you are changing the correct person's password. This needs to be fixed.

File:

• trunk/src/org/expeditee/auth/account/Password.java (modified) (1 diff)

trunk/src/org/expeditee/auth/account/Password.java

@@ -350 +350 @@
                 
                 try {
+                        // TODO: YIKES!  We can currently change anyone's password!
                         AuthenticatorBrowser.getInstance().putKey(userData.get(AuthenticationTag.Username), userData.get(AuthenticationTag.NewPassword), new SecretKeySpec(join, SymmetricAlgorithm));
                 } catch (KeyStoreException | NoSuchAlgorithmException | CertificateException | ClassNotFoundException