dhis2-devs-core team mailing list archive

[Jason Pickering <jason.p.pickering@xxxxxxxxx>]

I don't think so, since it seems the entire object is written by Hibernate

update users set uid=$1, code=$2, created=$3, lastUpdated=$4,
creatoruserid=$5, username=$6, password=$7, externalauth=$8, openid=$9,
ldapid=$10, passwordLastUpdated=$11, lastLogin=$12, restoreToken=$13,
restoreCode=$14, restoreExpiry=$15, selfRegistered=$16, invitation=$17,
disabled=$18 where userid=$19


On Tue, May 24, 2016 at 10:44 AM, Morten Olav Hansen <morten@xxxxxxxxx>
wrote:

> Would it be possible to disregard updates on column password only?
>
> --
> Morten Olav Hansen
> Senior Engineer, DHIS 2
> University of Oslo
> http://www.dhis2.org
>
> On Tue, May 24, 2016 at 3:43 PM, Jason Pickering <
> jason.p.pickering@xxxxxxxxx> wrote:
>
>> Someone who wishes to remain anonymous requested some useful logging.
>>
>> create or replace function cant_touch_this() returns trigger language
>> plpgsql as $$
>> begin
>>   RAISE EXCEPTION 'Hammertime!';
>>   return null;
>>
>> end $$;
>>
>> create trigger prevent_changing_password before update on users
>> FOR EACH ROW
>> execute procedure cant_touch_this();
>>
>>
>>
>> On Tue, May 24, 2016 at 10:01 AM, Jason Pickering <
>> jason.p.pickering@xxxxxxxxx> wrote:
>>
>>> I think this will work. Tested it locally
>>>
>>> create or replace function cant_touch_this() returns trigger language
>>> plpgsql as $$
>>> begin
>>>
>>>   return null;
>>>
>>> end $$;
>>>
>>> create trigger prevent_changing_password before update on users for each
>>> row execute procedure cant_touch_this();
>>>
>>> On Tue, May 24, 2016 at 9:39 AM, Morten Olav Hansen <morten@xxxxxxxxx>
>>> wrote:
>>>
>>>> There are at least 4-5 different ways of doing it though...
>>>> /api/userAccount, /api/me, any kind of user import etc...
>>>>
>>>> --
>>>> Morten Olav Hansen
>>>> Senior Engineer, DHIS 2
>>>> University of Oslo
>>>> http://www.dhis2.org
>>>>
>>>> On Tue, May 24, 2016 at 2:39 PM, Jason Pickering <
>>>> jason.p.pickering@xxxxxxxxx> wrote:
>>>>
>>>>> That sounds like perhaps the best way to me.
>>>>>
>>>>> Just block POST to
>>>>>
>>>>> https://play.dhis2.org/dhis-web-commons-about/updateUserAccount.action
>>>>>
>>>>> and perhaps its API equivalent if it exists?
>>>>>
>>>>> Are there other ways?
>>>>>
>>>>>
>>>>> On Tue, May 24, 2016 at 9:34 AM, Bob Jolliffe <bobjolliffe@xxxxxxxxx>
>>>>> wrote:
>>>>>
>>>>>> Could we use nginx to prevent access to the action. Redirect to
>>>>>> somewhere punitive :-)
>>>>>> On 24 May 2016 03:38, "Morten Olav Hansen" <morten@xxxxxxxxx> wrote:
>>>>>>
>>>>>>> I agree that it would be helpful. A couple of issues:
>>>>>>>
>>>>>>> 1) If using the web-api, it would require it to be a valid password,
>>>>>>> so "district" would no longer work (District1?)
>>>>>>>
>>>>>>> 2) If instead injecting with SQL, one would also have to clear the
>>>>>>> cache
>>>>>>>
>>>>>>> --
>>>>>>> Morten Olav Hansen
>>>>>>> Senior Engineer, DHIS 2
>>>>>>> University of Oslo
>>>>>>> http://www.dhis2.org
>>>>>>>
>>>>>>> On Tue, May 24, 2016 at 3:37 AM, John Mukulu <
>>>>>>> john.f.mukulu@xxxxxxxxx> wrote:
>>>>>>>
>>>>>>>> I concur,
>>>>>>>> Or even a simple repeated 5 mins cronjob script to reset the
>>>>>>>> password via API.
>>>>>>>>
>>>>>>>> On Mon, May 23, 2016 at 9:19 PM, Jim Grace <jim@xxxxxxxxx> wrote:
>>>>>>>>
>>>>>>>>> Sounds reasonable to me.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Mon, May 23, 2016 at 1:16 PM, Jason Pickering <
>>>>>>>>> jason.p.pickering@xxxxxxxxx> wrote:
>>>>>>>>>
>>>>>>>>>> Increasingly people change the password of the demo server.
>>>>>>>>>>
>>>>>>>>>> Can we put a database trigger in place to prevent this from being
>>>>>>>>>> changed? It causes problems for people in general.
>>>>>>>>>>
>>>>>>>>>> Regards,
>>>>>>>>>> Jason
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>> Jason P. Pickering
>>>>>>>>>> email: jason.p.pickering@xxxxxxxxx
>>>>>>>>>> tel:+46764147049
>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>> Mailing list: https://launchpad.net/~dhis2-devs-core
>>>>>>>>>> Post to     : dhis2-devs-core@xxxxxxxxxxxxxxxxxxx
>>>>>>>>>> Unsubscribe : https://launchpad.net/~dhis2-devs-core
>>>>>>>>>> More help   : https://help.launchpad.net/ListHelp
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> Jim Grace
>>>>>>>>> Core developer, DHIS 2
>>>>>>>>> HISP US Inc.
>>>>>>>>> http://www.dhis2.org <https://www.dhis2.org/>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> Mailing list: https://launchpad.net/~dhis2-devs-core
>>>>>>>>> Post to     : dhis2-devs-core@xxxxxxxxxxxxxxxxxxx
>>>>>>>>> Unsubscribe : https://launchpad.net/~dhis2-devs-core
>>>>>>>>> More help   : https://help.launchpad.net/ListHelp
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> *http://mukulu.me <http://mukulu.me>*
>>>>>>>> *Open source developer*
>>>>>>>>
>>>>>>>> --
>>>>>>>> Mailing list: https://launchpad.net/~dhis2-devs-core
>>>>>>>> Post to     : dhis2-devs-core@xxxxxxxxxxxxxxxxxxx
>>>>>>>> Unsubscribe : https://launchpad.net/~dhis2-devs-core
>>>>>>>> More help   : https://help.launchpad.net/ListHelp
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Mailing list: https://launchpad.net/~dhis2-devs-core
>>>>>>> Post to     : dhis2-devs-core@xxxxxxxxxxxxxxxxxxx
>>>>>>> Unsubscribe : https://launchpad.net/~dhis2-devs-core
>>>>>>> More help   : https://help.launchpad.net/ListHelp
>>>>>>>
>>>>>>>
>>>>>> --
>>>>>> Mailing list: https://launchpad.net/~dhis2-devs-core
>>>>>> Post to     : dhis2-devs-core@xxxxxxxxxxxxxxxxxxx
>>>>>> Unsubscribe : https://launchpad.net/~dhis2-devs-core
>>>>>> More help   : https://help.launchpad.net/ListHelp
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Jason P. Pickering
>>>>> email: jason.p.pickering@xxxxxxxxx
>>>>> tel:+46764147049
>>>>>
>>>>
>>>>
>>>
>>>
>>> --
>>> Jason P. Pickering
>>> email: jason.p.pickering@xxxxxxxxx
>>> tel:+46764147049
>>>
>>
>>
>>
>> --
>> Jason P. Pickering
>> email: jason.p.pickering@xxxxxxxxx
>> tel:+46764147049
>>
>
>


-- 
Jason P. Pickering
email: jason.p.pickering@xxxxxxxxx
tel:+46764147049