From cce90872fe9bbdfaa26e90cd0f9dbc97a74bf495 Mon Sep 17 00:00:00 2001
From: Anton Tananaev <anton.tananaev@gmail.com>
Date: Mon, 15 Apr 2013 20:59:11 +1200
Subject: Check for empty login and password (fix #23)

---
 src/org/traccar/web/server/model/DataServiceImpl.java | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'src/org/traccar/web')

diff --git a/src/org/traccar/web/server/model/DataServiceImpl.java b/src/org/traccar/web/server/model/DataServiceImpl.java
index a81785b7..eb466694 100644
--- a/src/org/traccar/web/server/model/DataServiceImpl.java
+++ b/src/org/traccar/web/server/model/DataServiceImpl.java
@@ -167,6 +167,9 @@ public class DataServiceImpl extends RemoteServiceServlet implements DataService
     @Override
     public User addUser(User user) {
         User currentUser = getSessionUser();
+        if (user.getLogin().isEmpty() || user.getPassword().isEmpty()) {
+            throw new IllegalArgumentException();
+        }
         if (currentUser.getAdmin()) {
             EntityManager entityManager = getSessionEntityManager();
             synchronized (entityManager) {
@@ -188,6 +191,9 @@ public class DataServiceImpl extends RemoteServiceServlet implements DataService
     @Override
     public User updateUser(User user) {
         User currentUser = getSessionUser();
+        if (user.getLogin().isEmpty() || user.getPassword().isEmpty()) {
+            throw new IllegalArgumentException();
+        }
         if (currentUser.getAdmin() || (currentUser.getId() == user.getId() && !user.getAdmin())) {
             EntityManager entityManager = getSessionEntityManager();
             synchronized (entityManager) {
-- 
cgit v1.2.3