Google Git
Sign in
gerrit/plugins/github/f87b8e8b4cd0247ff7198aa4be6fd0bd393f4b38^!/.
commit
f87b8e8b4cd0247ff7198aa4be6fd0bd393f4b38
[log] [tgz]
author
Luca Milanesio <luca.milanesio@gmail.com>
Tue Apr 08 23:34:35 2014 +0100
committer
Luca Milanesio <luca.milanesio@gmail.com>
Wed Apr 09 13:50:16 2014 +0000
tree
faa12936bfbd7918318170da3fca827263bac37c
parent
dcbd5c42581c1d63c99bbbd8f10ff6dd9f825a7e [diff]
String-safe comparison during secure.config update

When updating secure.config because of a new GitHub
OAuth token, use null-safe string comparison.
This allows to even fill-up empty password fields
previously lost.

Change-Id: I7f53036cb1939757f434da1029d70586083de907

diff --git a/github-oauth/src/main/java/com/googlesource/gerrit/plugins/github/oauth/OAuthWebFilter.java b/github-oauth/src/main/java/com/googlesource/gerrit/plugins/github/oauth/OAuthWebFilter.java
index ebd31bc..eb19484 100644
--- a/github-oauth/src/main/java/com/googlesource/gerrit/plugins/github/oauth/OAuthWebFilter.java
+++ b/github-oauth/src/main/java/com/googlesource/gerrit/plugins/github/oauth/OAuthWebFilter.java

@@ -31,6 +31,7 @@
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
 
+import org.apache.commons.lang.StringUtils;
 import org.eclipse.jgit.errors.ConfigInvalidException;
 import org.eclipse.jgit.storage.file.FileBasedConfig;
 import org.eclipse.jgit.util.FS;
@@ -221,8 +222,8 @@
       String user, String password) {
     String configUser = config.getString("remote", section, "username");
     String configPassword = config.getString("remote", section, "password");
-    if (configUser == null || !configUser.equals(user)
-        || configPassword.equals(password)) {
+    if (!StringUtils.equals(configUser, user)
+        || StringUtils.equals(configPassword, password)) {
       return false;
     }