dhis2-devs-core team mailing list archive
-
dhis2-devs-core team
-
Mailing list archive
-
Message #00578
Re: DHIS2 demo admin password
Maybe this. Seems to work.
create or replace function cant_touch_this() returns trigger language
plpgsql as $$
begin
IF NEW.username != 'admin' THEN
RETURN NEW;
ELSE
RAISE EXCEPTION 'Hammertime!';
RETURN null;
END IF;
end $$;
create trigger prevent_changing_password before update on users
FOR EACH ROW
execute procedure cant_touch_this();
On Tue, May 24, 2016 at 10:47 AM, Morten Olav Hansen <morten@xxxxxxxxx>
wrote:
> Hm ok, not sure how all the triggers work. Just sucks a bit that people
> can't change openid/ldap etc, if they want to try it out.
>
> --
> Morten Olav Hansen
> Senior Engineer, DHIS 2
> University of Oslo
> http://www.dhis2.org
>
> On Tue, May 24, 2016 at 3:46 PM, Jason Pickering <
> jason.p.pickering@xxxxxxxxx> wrote:
>
>> I don't think so, since it seems the entire object is written by Hibernate
>>
>> update users set uid=$1, code=$2, created=$3, lastUpdated=$4,
>> creatoruserid=$5, username=$6, password=$7, externalauth=$8, openid=$9,
>> ldapid=$10, passwordLastUpdated=$11, lastLogin=$12, restoreToken=$13,
>> restoreCode=$14, restoreExpiry=$15, selfRegistered=$16, invitation=$17,
>> disabled=$18 where userid=$19
>>
>>
>> On Tue, May 24, 2016 at 10:44 AM, Morten Olav Hansen <morten@xxxxxxxxx>
>> wrote:
>>
>>> Would it be possible to disregard updates on column password only?
>>>
>>> --
>>> Morten Olav Hansen
>>> Senior Engineer, DHIS 2
>>> University of Oslo
>>> http://www.dhis2.org
>>>
>>> On Tue, May 24, 2016 at 3:43 PM, Jason Pickering <
>>> jason.p.pickering@xxxxxxxxx> wrote:
>>>
>>>> Someone who wishes to remain anonymous requested some useful logging.
>>>>
>>>> create or replace function cant_touch_this() returns trigger language
>>>> plpgsql as $$
>>>> begin
>>>> RAISE EXCEPTION 'Hammertime!';
>>>> return null;
>>>>
>>>> end $$;
>>>>
>>>> create trigger prevent_changing_password before update on users
>>>> FOR EACH ROW
>>>> execute procedure cant_touch_this();
>>>>
>>>>
>>>>
>>>> On Tue, May 24, 2016 at 10:01 AM, Jason Pickering <
>>>> jason.p.pickering@xxxxxxxxx> wrote:
>>>>
>>>>> I think this will work. Tested it locally
>>>>>
>>>>> create or replace function cant_touch_this() returns trigger language
>>>>> plpgsql as $$
>>>>> begin
>>>>>
>>>>> return null;
>>>>>
>>>>> end $$;
>>>>>
>>>>> create trigger prevent_changing_password before update on users for
>>>>> each row execute procedure cant_touch_this();
>>>>>
>>>>> On Tue, May 24, 2016 at 9:39 AM, Morten Olav Hansen <morten@xxxxxxxxx>
>>>>> wrote:
>>>>>
>>>>>> There are at least 4-5 different ways of doing it though...
>>>>>> /api/userAccount, /api/me, any kind of user import etc...
>>>>>>
>>>>>> --
>>>>>> Morten Olav Hansen
>>>>>> Senior Engineer, DHIS 2
>>>>>> University of Oslo
>>>>>> http://www.dhis2.org
>>>>>>
>>>>>> On Tue, May 24, 2016 at 2:39 PM, Jason Pickering <
>>>>>> jason.p.pickering@xxxxxxxxx> wrote:
>>>>>>
>>>>>>> That sounds like perhaps the best way to me.
>>>>>>>
>>>>>>> Just block POST to
>>>>>>>
>>>>>>>
>>>>>>> https://play.dhis2.org/dhis-web-commons-about/updateUserAccount.action
>>>>>>>
>>>>>>> and perhaps its API equivalent if it exists?
>>>>>>>
>>>>>>> Are there other ways?
>>>>>>>
>>>>>>>
>>>>>>> On Tue, May 24, 2016 at 9:34 AM, Bob Jolliffe <bobjolliffe@xxxxxxxxx
>>>>>>> > wrote:
>>>>>>>
>>>>>>>> Could we use nginx to prevent access to the action. Redirect to
>>>>>>>> somewhere punitive :-)
>>>>>>>> On 24 May 2016 03:38, "Morten Olav Hansen" <morten@xxxxxxxxx>
>>>>>>>> wrote:
>>>>>>>>
>>>>>>>>> I agree that it would be helpful. A couple of issues:
>>>>>>>>>
>>>>>>>>> 1) If using the web-api, it would require it to be a valid
>>>>>>>>> password, so "district" would no longer work (District1?)
>>>>>>>>>
>>>>>>>>> 2) If instead injecting with SQL, one would also have to clear the
>>>>>>>>> cache
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> Morten Olav Hansen
>>>>>>>>> Senior Engineer, DHIS 2
>>>>>>>>> University of Oslo
>>>>>>>>> http://www.dhis2.org
>>>>>>>>>
>>>>>>>>> On Tue, May 24, 2016 at 3:37 AM, John Mukulu <
>>>>>>>>> john.f.mukulu@xxxxxxxxx> wrote:
>>>>>>>>>
>>>>>>>>>> I concur,
>>>>>>>>>> Or even a simple repeated 5 mins cronjob script to reset the
>>>>>>>>>> password via API.
>>>>>>>>>>
>>>>>>>>>> On Mon, May 23, 2016 at 9:19 PM, Jim Grace <jim@xxxxxxxxx> wrote:
>>>>>>>>>>
>>>>>>>>>>> Sounds reasonable to me.
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> On Mon, May 23, 2016 at 1:16 PM, Jason Pickering <
>>>>>>>>>>> jason.p.pickering@xxxxxxxxx> wrote:
>>>>>>>>>>>
>>>>>>>>>>>> Increasingly people change the password of the demo server.
>>>>>>>>>>>>
>>>>>>>>>>>> Can we put a database trigger in place to prevent this from
>>>>>>>>>>>> being changed? It causes problems for people in general.
>>>>>>>>>>>>
>>>>>>>>>>>> Regards,
>>>>>>>>>>>> Jason
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> --
>>>>>>>>>>>> Jason P. Pickering
>>>>>>>>>>>> email: jason.p.pickering@xxxxxxxxx
>>>>>>>>>>>> tel:+46764147049
>>>>>>>>>>>>
>>>>>>>>>>>> --
>>>>>>>>>>>> Mailing list: https://launchpad.net/~dhis2-devs-core
>>>>>>>>>>>> Post to : dhis2-devs-core@xxxxxxxxxxxxxxxxxxx
>>>>>>>>>>>> Unsubscribe : https://launchpad.net/~dhis2-devs-core
>>>>>>>>>>>> More help : https://help.launchpad.net/ListHelp
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> --
>>>>>>>>>>> Jim Grace
>>>>>>>>>>> Core developer, DHIS 2
>>>>>>>>>>> HISP US Inc.
>>>>>>>>>>> http://www.dhis2.org <https://www.dhis2.org/>
>>>>>>>>>>>
>>>>>>>>>>> --
>>>>>>>>>>> Mailing list: https://launchpad.net/~dhis2-devs-core
>>>>>>>>>>> Post to : dhis2-devs-core@xxxxxxxxxxxxxxxxxxx
>>>>>>>>>>> Unsubscribe : https://launchpad.net/~dhis2-devs-core
>>>>>>>>>>> More help : https://help.launchpad.net/ListHelp
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>> *http://mukulu.me <http://mukulu.me>*
>>>>>>>>>> *Open source developer*
>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>> Mailing list: https://launchpad.net/~dhis2-devs-core
>>>>>>>>>> Post to : dhis2-devs-core@xxxxxxxxxxxxxxxxxxx
>>>>>>>>>> Unsubscribe : https://launchpad.net/~dhis2-devs-core
>>>>>>>>>> More help : https://help.launchpad.net/ListHelp
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> Mailing list: https://launchpad.net/~dhis2-devs-core
>>>>>>>>> Post to : dhis2-devs-core@xxxxxxxxxxxxxxxxxxx
>>>>>>>>> Unsubscribe : https://launchpad.net/~dhis2-devs-core
>>>>>>>>> More help : https://help.launchpad.net/ListHelp
>>>>>>>>>
>>>>>>>>>
>>>>>>>> --
>>>>>>>> Mailing list: https://launchpad.net/~dhis2-devs-core
>>>>>>>> Post to : dhis2-devs-core@xxxxxxxxxxxxxxxxxxx
>>>>>>>> Unsubscribe : https://launchpad.net/~dhis2-devs-core
>>>>>>>> More help : https://help.launchpad.net/ListHelp
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Jason P. Pickering
>>>>>>> email: jason.p.pickering@xxxxxxxxx
>>>>>>> tel:+46764147049
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Jason P. Pickering
>>>>> email: jason.p.pickering@xxxxxxxxx
>>>>> tel:+46764147049
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Jason P. Pickering
>>>> email: jason.p.pickering@xxxxxxxxx
>>>> tel:+46764147049
>>>>
>>>
>>>
>>
>>
>> --
>> Jason P. Pickering
>> email: jason.p.pickering@xxxxxxxxx
>> tel:+46764147049
>>
>
>
--
Jason P. Pickering
email: jason.p.pickering@xxxxxxxxx
tel:+46764147049
Follow ups
References
-
DHIS2 demo admin password
From: Jason Pickering, 2016-05-23
-
Re: DHIS2 demo admin password
From: Jim Grace, 2016-05-23
-
Re: DHIS2 demo admin password
From: John Mukulu, 2016-05-23
-
Re: DHIS2 demo admin password
From: Morten Olav Hansen, 2016-05-24
-
Re: DHIS2 demo admin password
From: Bob Jolliffe, 2016-05-24
-
Re: DHIS2 demo admin password
From: Jason Pickering, 2016-05-24
-
Re: DHIS2 demo admin password
From: Morten Olav Hansen, 2016-05-24
-
Re: DHIS2 demo admin password
From: Jason Pickering, 2016-05-24
-
Re: DHIS2 demo admin password
From: Jason Pickering, 2016-05-24
-
Re: DHIS2 demo admin password
From: Morten Olav Hansen, 2016-05-24
-
Re: DHIS2 demo admin password
From: Jason Pickering, 2016-05-24
-
Re: DHIS2 demo admin password
From: Morten Olav Hansen, 2016-05-24
