From 5f17a2e792797717607a6d20d7ab6b75369ce6a7 Mon Sep 17 00:00:00 2001 From: Miguel Reboiro-Jato Date: Fri, 16 Feb 2018 19:43:07 +0100 Subject: [PATCH] Fixes login check when user does no exists When an invalid login is provided to the UsersDAO.get method it throws an IllegalArgumentException. This may happen when the user's credentials are checked by the LoginFilter, and the exception was not currently managed. As a result, an user trying to login with an invalid login will access the main.html page showing an error message. This commit fixes this error, and invalid user login attempts now return to the index.html page. --- pom.xml | 2 +- .../java/es/uvigo/esei/daa/dao/UsersDAO.java | 16 ++++++++++------ 2 files changed, 11 insertions(+), 7 deletions(-) diff --git a/pom.xml b/pom.xml index fad922c..e50da25 100644 --- a/pom.xml +++ b/pom.xml @@ -4,7 +4,7 @@ es.uvigo.esei.daa example war - 0.1.6 + 0.1.7 DAA Example diff --git a/src/main/java/es/uvigo/esei/daa/dao/UsersDAO.java b/src/main/java/es/uvigo/esei/daa/dao/UsersDAO.java index c3b9eb7..e73ca5a 100644 --- a/src/main/java/es/uvigo/esei/daa/dao/UsersDAO.java +++ b/src/main/java/es/uvigo/esei/daa/dao/UsersDAO.java @@ -66,12 +66,16 @@ public class UsersDAO extends DAO { * @throws DAOException if an error happens while checking the credentials. */ public boolean checkLogin(String login, String password) throws DAOException { - final User user = this.get(login); - - final String dbPassword = user.getPassword(); - final String shaPassword = encodeSha256(SALT + password); - - return shaPassword.equals(dbPassword); + try { + final User user = this.get(login); + + final String dbPassword = user.getPassword(); + final String shaPassword = encodeSha256(SALT + password); + + return shaPassword.equals(dbPassword); + } catch (IllegalArgumentException iae) { + return false; + } } private final static String encodeSha256(String text) { -- 2.18.1