← Back to team overview

dhis2-devs team mailing list archive

[Branch ~dhis2-devs-core/dhis2/trunk] Rev 13702: SecurityService, account restore fix

 

------------------------------------------------------------
revno: 13702
committer: Lars Helge Øverland <larshelge@xxxxxxxxx>
branch nick: dhis2
timestamp: Mon 2014-01-13 16:44:28 +0100
message:
  SecurityService, account restore fix
modified:
  dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/useraccount/action/IsRestoreTokenValidAction.java


--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk

Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription
=== modified file 'dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/useraccount/action/IsRestoreTokenValidAction.java'
--- dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/useraccount/action/IsRestoreTokenValidAction.java	2013-08-23 16:05:01 +0000
+++ dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/useraccount/action/IsRestoreTokenValidAction.java	2014-01-13 15:44:28 +0000
@@ -29,6 +29,8 @@
  */
 
 import org.hisp.dhis.security.SecurityService;
+import org.hisp.dhis.user.UserCredentials;
+import org.hisp.dhis.user.UserService;
 import org.springframework.beans.factory.annotation.Autowired;
 
 import com.opensymphony.xwork2.Action;
@@ -41,6 +43,9 @@
 {
     @Autowired
     private SecurityService securityService;
+    
+    @Autowired
+    private UserService userService;
 
     // -------------------------------------------------------------------------
     // Input
@@ -76,7 +81,14 @@
 
     public String execute()
     {
-        boolean verified = securityService.verifyToken( username, token );
+        UserCredentials credentials = userService.getUserCredentialsByUsername( username );
+        
+        if ( credentials == null )
+        {
+            return ERROR;
+        }
+        
+        boolean verified = securityService.verifyToken( credentials, token );
         
         return verified ? SUCCESS : ERROR;
     }