← Back to team overview

dhis2-devs team mailing list archive

  1. dhis2-devs team
  2. Mailing list archive
  3. Message #33553

[Branch ~dhis2-devs-core/dhis2/trunk] Rev 17140: SecurityService, split function for validating user restore/invite to separate method

  Thread PreviousDate PreviousThread Next 
------------------------------------------------------------
revno: 17140
committer: Lars Helge Overland <larshelge@xxxxxxxxx>
branch nick: dhis2
timestamp: Thu 2014-10-16 19:23:01 +0200
message:
  SecurityService, split function for validating user restore/invite to separate method
modified:
  dhis-2/dhis-services/dhis-service-analytics/src/main/java/org/hisp/dhis/analytics/data/DefaultQueryPlanner.java
  dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/DefaultSecurityService.java
  dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/SecurityService.java
  dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/java/org/hisp/dhis/user/action/AddUserAction.java


--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk

Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription

=== modified file 'dhis-2/dhis-services/dhis-service-analytics/src/main/java/org/hisp/dhis/analytics/data/DefaultQueryPlanner.java'
--- dhis-2/dhis-services/dhis-service-analytics/src/main/java/org/hisp/dhis/analytics/data/DefaultQueryPlanner.java	2014-10-16 06:17:19 +0000
+++ dhis-2/dhis-services/dhis-service-analytics/src/main/java/org/hisp/dhis/analytics/data/DefaultQueryPlanner.java	2014-10-16 17:23:01 +0000
@@ -510,7 +510,7 @@
 
         if ( queries.size() > 1 )
         {
-            log.info( "Split on org unit level: " + queries.size() );
+            log.debug( "Split on org unit level: " + queries.size() );
         }
         
         return queries;    

=== modified file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/DefaultSecurityService.java'
--- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/DefaultSecurityService.java	2014-10-16 06:17:19 +0000
+++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/DefaultSecurityService.java	2014-10-16 17:23:01 +0000
@@ -149,6 +149,36 @@
     }
 
     @Override
+    public String validateRestore( UserCredentials credentials )
+    {
+        if ( !systemSettingManager.emailEnabled() )
+        {
+            log.info( "Could not send restore/invite message as email is not configured" );
+            return "email_not_configured_for_system";
+        }
+
+        if ( credentials == null || credentials.getUser() == null )
+        {
+            log.info( "Could not send restore/invite message as user does not exist: " + credentials );
+            return "user_does_not_exist";
+        }
+
+        if ( credentials.getUser().getEmail() == null || !ValidationUtils.emailIsValid( credentials.getUser().getEmail() ) )
+        {
+            log.info( "Could not send restore/invite message as user has no email or email is invalid" );
+            return "user_does_not_have_valid_email";
+        }
+
+        if ( credentials.hasAnyAuthority( Arrays.asList( UserAuthorityGroup.CRITICAL_AUTHS ) ) )
+        {
+            log.info( "Not allowed to restore/invite users with critical authorities" );
+            return "user_has_critical_authorities";
+        }
+
+        return null;
+    }
+
+    @Override
     public boolean sendRestoreMessage( UserCredentials credentials, String rootPath, RestoreOptions restoreOptions )
     {
         if ( credentials == null || rootPath == null )
@@ -156,32 +186,13 @@
             return false;
         }
 
+        if ( validateRestore( credentials ) != null )
+        {
+            return false;
+        }
+        
         RestoreType restoreType = restoreOptions.getRestoreType();
 
-        if ( credentials.getUser() == null || credentials.getUser().getEmail() == null )
-        {
-            log.info( "Could not send " + restoreType.name() + " message as user does not exist or has no email: " + credentials );
-            return false;
-        }
-
-        if ( !ValidationUtils.emailIsValid( credentials.getUser().getEmail() ) )
-        {
-            log.info( "Could not send " + restoreType.name() + " message as email is invalid" );
-            return false;
-        }
-
-        if ( !systemSettingManager.emailEnabled() )
-        {
-            log.info( "Could not send " + restoreType.name() + " message as email is not configured" );
-            return false;
-        }
-
-        if ( credentials.hasAnyAuthority( Arrays.asList( UserAuthorityGroup.CRITICAL_AUTHS ) ) )
-        {
-            log.info( "Not allowed to  " + restoreType.name() + " users with critical authorities" );
-            return false;
-        }
-
         String[] result = initRestore( credentials, restoreOptions );
 
         Set<User> users = new HashSet<>();
@@ -351,7 +362,7 @@
 
         if ( restoreCode == null )
         {
-            return "account_restoreCode_is_null";
+            return "account_restore_code_is_null";
         }
 
         boolean validCode = passwordManager.tokenMatches( code, restoreCode, credentials.getUsername() );

=== modified file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/SecurityService.java'
--- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/SecurityService.java	2014-09-30 12:29:45 +0000
+++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/SecurityService.java	2014-10-16 17:23:01 +0000
@@ -45,6 +45,22 @@
      * @return true if the invitation was sent, otherwise false.
      */
     boolean prepareUserForInvite( User user );
+    
+    /**
+     * Indicates whether a restore/invite is allowed for the given user. The
+     * requirements are:</p>
+     * 
+     * <ul>
+     * <li>email_not_configured_for_system</li>
+     * <li>user_does_not_exist</li>
+     * <li>user_does_not_have_valid_email</li>
+     * <li>user_has_critical_authorities</li>
+     * </ul>
+     * 
+     * @param credentials
+     * @return a string if restore cannot be performed, null otherwise.
+     */
+    String validateRestore( UserCredentials credentials );
 
     /**
      * Invokes the initRestore method and dispatches email messages with

=== modified file 'dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/java/org/hisp/dhis/user/action/AddUserAction.java'
--- dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/java/org/hisp/dhis/user/action/AddUserAction.java	2014-10-16 06:17:19 +0000
+++ dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/java/org/hisp/dhis/user/action/AddUserAction.java	2014-10-16 17:23:01 +0000
@@ -447,7 +447,7 @@
 
         if ( ACCOUNT_ACTION_INVITE.equals( accountAction ) )
         {
-            RestoreOptions restoreOptions = inviteUsername.isEmpty() ? RestoreOptions.INVITE_WITH_USERNAME_CHOICE : RestoreOptions.INVITE_WITH_DEFINED_USERNAME;
+            RestoreOptions restoreOptions = inviteUsername == null || inviteUsername.isEmpty() ? RestoreOptions.INVITE_WITH_USERNAME_CHOICE : RestoreOptions.INVITE_WITH_DEFINED_USERNAME;
 
             securityService.sendRestoreMessage( userCredentials, getRootPath(), restoreOptions );
         }
  Thread PreviousDate PreviousThread Next