Changed check that examines if password matches account name to use String.equalsIgnoresCase() rather than just String.equals().

kevin.w.wall · kevin.w.wall · commit e6a07dbe00e2 · 2010-11-07T04:41:40.000Z
diff --git a/src/main/java/org/owasp/esapi/reference/FileBasedAuthenticator.java b/src/main/java/org/owasp/esapi/reference/FileBasedAuthenticator.java
@@ -660,9 +660,9 @@ private void verifyPasswordIsNotAccountName(String accountName, String password)
             throw new AuthenticationCredentialsException("Invalid password", "Attempt to use null password");
         }
     	//jtm - 11/3/2010 - fix for bug http://code.google.com/p/owasp-esapi-java/issues/detail?id=108
-        if (accountName.equals(password)) {
+        if (accountName.equalsIgnoreCase(password)) {
         	//password can't be account name
-        	throw new AuthenticationCredentialsException("Invalid password", "Password matches account name");
+        	throw new AuthenticationCredentialsException("Invalid password", "Password matches account name, irrespective of case");
         }
     }
 

Original file line number	Diff line number	Diff line change
`@@ -660,9 +660,9 @@ private void verifyPasswordIsNotAccountName(String accountName, String password)`
`660`	`660`	`throw new AuthenticationCredentialsException("Invalid password", "Attempt to use null password");`
`661`	`661`	`}`
`662`	`662`	`//jtm - 11/3/2010 - fix for bug http://code.google.com/p/owasp-esapi-java/issues/detail?id=108`
`663`		`- if (accountName.equals(password)) {`
	`663`	`+ if (accountName.equalsIgnoreCase(password)) {`
`664`	`664`	`//password can't be account name`
`665`		`- throw new AuthenticationCredentialsException("Invalid password", "Password matches account name");`
	`665`	`+ throw new AuthenticationCredentialsException("Invalid password", "Password matches account name, irrespective of case");`
`666`	`666`	`}`
`667`	`667`	`}`
`668`	`668`