Home Explore Help
Sign In
RONCC
/
Big-Data-HPC-Platform
Watch 1
Star 0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

HPCC-9011 Check user object before checking its password expiration

The existing code checks a user's password expiration using the
user object in ESP. If no user authentication is required, the user
object is NULL and we do not need to check user status of
authentication. This fix checks the user object before using it to
checks the password expiration.

Signed-off-by: Kevin Wang <kevin.wang@lexisnexis.com>
Kevin Wang 12 years ago
parent
4051109b26
commit
bef2211242
1 changed files with 1 additions and 1 deletions
Unified View Show Diff Stats
  1. 1 1
      esp/bindings/http/platform/httpservice.cpp

+ 1 - 1
esp/bindings/http/platform/httpservice.cpp
View File 

@@ -323,7 +323,7 @@ int CEspHttpServer::processRequest()
 
             {
 
             {
 
                 if (!rootAuth(ctx))
 
                 if (!rootAuth(ctx))
 
                     return 0;
 
                     return 0;
 
-                if (ctx->queryUser()->getAuthenticateStatus() == AS_PASSWORD_EXPIRED)
 
+                if (ctx->queryUser() && (ctx->queryUser()->getAuthenticateStatus() == AS_PASSWORD_EXPIRED))
 
                     return 0;//allow user to change password
 
                     return 0;//allow user to change password
 
                 // authenticate optional groups
 
                 // authenticate optional groups
 
                 if (authenticateOptionalFailed(*ctx,NULL))
 
                 if (authenticateOptionalFailed(*ctx,NULL))