chg: ensure actor, target and support ticket are non-null
authorBenny Baumann <BenBE1987@gmx.net>
Tue, 6 Feb 2018 15:03:52 +0000 (16:03 +0100)
committerBenny Baumann <BenBE1987@gmx.net>
Tue, 13 Feb 2018 21:03:50 +0000 (22:03 +0100)
commitc49333e3b0cbd9973267f927629c739fc3751e59
tree92e6bab83aae8c196ee0031ab67a6b3e8a2d633d
parent15f6a8ada052ca217dc9203b32f9d1fdb2f27e17
chg: ensure actor, target and support ticket are non-null

This patch is a defense-in-depth in cases of internal inconsistencies:
If e.g. somehow the session used to authenticate a request gets corrupted or
through a race condition a user gets deleted in the DB between validation
of the password and passing on that user to the actual session login this
will provide a safe-guard. This also centralises the check for acceptable
AuthorisationContexts in the class itself.

Result of this patch is any call to AuthorisationContext.getActor() will
return a non-null User object, as AuthorisationContexts with an null actor,
target or support ticket are rejected as invalid.

Change-Id: I78009fe3385820cd46a31a74c4c68f1cdaa65628
src/club/wpia/gigi/pages/LoginPage.java
src/club/wpia/gigi/util/AuthorizationContext.java