Disallow credential changes for container authenticated sessions

author James Moger <james.moger@gitblit.com>

Mon, 17 Jun 2013 19:57:45 +0000 (15:57 -0400)

committer James Moger <james.moger@gitblit.com>

Mon, 17 Jun 2013 19:57:45 +0000 (15:57 -0400)
author James Moger <james.moger@gitblit.com>
Mon, 17 Jun 2013 19:57:45 +0000 (15:57 -0400)
committer James Moger <james.moger@gitblit.com>
Mon, 17 Jun 2013 19:57:45 +0000 (15:57 -0400)
diff --git a/src/main/java/com/gitblit/GitBlit.java b/src/main/java/com/gitblit/GitBlit.java

index 25ffaba80fc9b316c643e91ef47a587d6aa50e8c..ef739780f5c682fb20d8e0632b369856e28f7438 100644 (file)
--- a/src/main/java/com/gitblit/GitBlit.java
+++ b/src/main/java/com/gitblit/GitBlit.java
@@ -681,7 +681,15 @@ public class GitBlit implements ServletContextListener {
          * @return true if the user service supports credential changes
          */
         public boolean supportsCredentialChanges(UserModel user) {
-               return (user != null && user.isLocalAccount()) || userService.supportsCredentialChanges();
+               if (user == null) {
+                       return false;
+               } else if (!Constants.EXTERNAL_ACCOUNT.equals(user.password)) {
+                       // credentials likely maintained by Gitblit
+                       return userService.supportsCredentialChanges();
+               } else {
+                       // credentials are externally maintained
+                       return false;
+               }
         }
  
         /**
author	James Moger <james.moger@gitblit.com>
	Mon, 17 Jun 2013 19:57:45 +0000 (15:57 -0400)
committer	James Moger <james.moger@gitblit.com>
	Mon, 17 Jun 2013 19:57:45 +0000 (15:57 -0400)