Mercurial > gemma

--- a/pkg/controllers/importconfig.go	Fri May 31 14:16:48 2019 +0200
+++ b/pkg/controllers/importconfig.go	Fri May 31 14:29:21 2019 +0200
@@ -98,13 +98,15 @@
 	_, oldCron := pc.Attributes.Get("cron")

 	session, _ := auth.GetSession(req)
+	// When a password is stored it doesn't get retransmitted to the client
+	// in order to prevent password leakage
+	// When the user changes the import configuration without a new password
+	// the old password should be conserved
 	oldPasswd := pc.Attributes["password"]
 	pc.User = session.User
 	pc.Attributes = common.Attributes{}
-	pc.Attributes.Marshal(config)
-	if oldPasswd != "" && pc.Attributes["password"] == "" {
-		pc.Attributes["password"] = oldPasswd
-	}
+	pc.Attributes["password"] = oldPasswd
+	pc.Attributes.Marshal(config) // Marshal only overwrites keys present in config
 	cron, newCron := pc.Attributes.Get("cron")

 	var tx *sql.Tx