dhis2-devs team mailing list archive
-
dhis2-devs team
-
Mailing list archive
-
Message #19786
[Branch ~dhis2-devs-core/dhis2/trunk] Rev 8773: Check if restore is allowed before restoring
------------------------------------------------------------
revno: 8773
committer: Lars Helge Øverland <larshelge@xxxxxxxxx>
branch nick: dhis2
timestamp: Tue 2012-10-30 17:45:03 +0300
message:
Check if restore is allowed before restoring
modified:
dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/DefaultSecurityService.java
dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/AccountController.java
--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk
Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription
=== modified file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/DefaultSecurityService.java'
--- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/DefaultSecurityService.java 2012-10-30 06:50:49 +0000
+++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/DefaultSecurityService.java 2012-10-30 14:45:03 +0000
@@ -103,7 +103,6 @@
}
// TODO check if email is configured
- // TODO check if restore is allowed
// TODO deny restore if credentials contain certain authorities
String[] result = initRestore( credentials );
=== modified file 'dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/AccountController.java'
--- dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/AccountController.java 2012-10-30 14:13:06 +0000
+++ dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/AccountController.java 2012-10-30 14:45:03 +0000
@@ -41,6 +41,7 @@
import org.hisp.dhis.configuration.ConfigurationService;
import org.hisp.dhis.security.PasswordManager;
import org.hisp.dhis.security.SecurityService;
+import org.hisp.dhis.setting.SystemSettingManager;
import org.hisp.dhis.system.util.ValidationUtils;
import org.hisp.dhis.user.User;
import org.hisp.dhis.user.UserAuthorityGroup;
@@ -96,6 +97,9 @@
@Autowired
private SecurityService securityService;
+ @Autowired
+ private SystemSettingManager systemSettingManager;
+
@RequestMapping( value = "/recovery", method = RequestMethod.POST, produces = ContextUtils.CONTENT_TYPE_TEXT )
public @ResponseBody String recoverAccount(
@RequestParam String username,
@@ -104,11 +108,17 @@
{
String rootPath = ContextUtils.getContextPath( request );
+ if ( !systemSettingManager.accountRecoveryEnabled() )
+ {
+ response.setStatus( HttpServletResponse.SC_CONFLICT );
+ return "Account recovery is not enabled";
+ }
+
boolean recover = securityService.sendRestoreMessage( username, rootPath );
if ( !recover )
{
- response.setStatus( HttpServletResponse.SC_BAD_REQUEST );
+ response.setStatus( HttpServletResponse.SC_CONFLICT );
return "Account could not be recovered";
}
@@ -127,6 +137,12 @@
HttpServletRequest request,
HttpServletResponse response )
{
+ if ( !systemSettingManager.accountRecoveryEnabled() )
+ {
+ response.setStatus( HttpServletResponse.SC_CONFLICT );
+ return "Account recovery is not enabled";
+ }
+
if ( password == null || !ValidationUtils.passwordIsValid( password ) )
{
response.setStatus( HttpServletResponse.SC_BAD_REQUEST );
