String-safe comparison during secure.config update
When updating secure.config because of a new GitHub
OAuth token, use null-safe string comparison.
This allows to even fill-up empty password fields
previously lost.
Change-Id: I7f53036cb1939757f434da1029d70586083de907
diff --git a/github-oauth/src/main/java/com/googlesource/gerrit/plugins/github/oauth/OAuthWebFilter.java b/github-oauth/src/main/java/com/googlesource/gerrit/plugins/github/oauth/OAuthWebFilter.java
index ebd31bc..eb19484 100644
--- a/github-oauth/src/main/java/com/googlesource/gerrit/plugins/github/oauth/OAuthWebFilter.java
+++ b/github-oauth/src/main/java/com/googlesource/gerrit/plugins/github/oauth/OAuthWebFilter.java
@@ -31,6 +31,7 @@
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
+import org.apache.commons.lang.StringUtils;
import org.eclipse.jgit.errors.ConfigInvalidException;
import org.eclipse.jgit.storage.file.FileBasedConfig;
import org.eclipse.jgit.util.FS;
@@ -221,8 +222,8 @@
String user, String password) {
String configUser = config.getString("remote", section, "username");
String configPassword = config.getString("remote", section, "password");
- if (configUser == null || !configUser.equals(user)
- || configPassword.equals(password)) {
+ if (!StringUtils.equals(configUser, user)
+ || StringUtils.equals(configPassword, password)) {
return false;
}
