=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserCredentials.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserCredentials.java 2014-09-24 06:56:36 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserCredentials.java 2014-09-24 09:23:28 +0000
@@ -342,13 +342,21 @@
}
/**
- * Tests whether the given input arguments can perform a valid restore of the
- * user account for these credentials. Returns false if any of the input arguments
- * are null, or any of the properties on the credentials are null. Returns false
- * if the expiry date argument is after the expiry date of the credentials.
- * Returns false if any of the given token or code arguments are not equal to
- * the respective properties the the credentials. Returns true otherwise.
- *
+ * Tests whether the given input arguments can perform a valid restore of
+ * the user account for these credentials.
+ *
+ * If fail, returns one of the following error strings:
+ *
+ * - account_restoreToken_is_null
+ * - account_restoreCode_is_null
+ * - account_restoreExpiry_is_null
+ * - token_parameter_is_null
+ * - code_parameter_is_null
+ * - date_parameter_is_null
+ * - token_does_not_match_restoreToken ...
+ * - code_does_not_match_restoreCode ...
+ * - date_is_after_expiry ...
+ *
* @param token the restore token.
* @param code the restore code.
* @param date the expiry date.
@@ -358,47 +366,47 @@
{
if ( this.restoreToken == null )
{
- return "account restoreToken is null";
+ return "account_restoreToken_is_null";
}
if ( this.restoreCode == null )
{
- return "account restoreCode is null";
+ return "account_restoreCode_is_null";
}
if ( this.restoreExpiry == null )
{
- return "account restoreExpiry is null";
+ return "account_restoreExpiry_is_null";
}
if ( token == null )
{
- return "canRestore() token parameter is null";
+ return "token_parameter_is_null";
}
if ( code == null )
{
- return "canRestore() code parameter is null";
+ return "code_parameter_is_null";
}
if ( date == null )
{
- return "canRestore() date parameter is null";
+ return "date_parameter_is_null";
}
if ( !token.equals ( this.restoreToken ) )
{
- return ( "token '" + token + "' does not match restoreToken '" + restoreToken + "'" );
+ return ( "token_does_not_match_restoreToken - token: '" + token + "' restoreToken: '" + restoreToken + "'" );
}
if ( !code.equals ( this.restoreCode ) )
{
- return ( "code '" + code + "' does not match restoreCode '" + restoreCode + "'" );
+ return ( "code_does_not_match_restoreCode - code: '" + code + "' restoreCode: '" + restoreCode + "'" );
}
if ( date.after( this.restoreExpiry ) )
{
- return "date " + date.toString() + " is after " + this.restoreExpiry.toString();
+ return "date_is_after_expiry - date: " + date.toString() + " expiry: " + this.restoreExpiry.toString();
}
return null; // Success.
=== modified file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/DefaultSecurityService.java'
--- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/DefaultSecurityService.java 2014-09-24 06:56:36 +0000
+++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/DefaultSecurityService.java 2014-09-24 09:23:28 +0000
@@ -270,71 +270,94 @@
public boolean canRestoreNow( UserCredentials credentials, String token, String code, RestoreType restoreType )
{
+ String logInfoPrefix = "Restore User " + credentials.getUid() + " " + credentials.getUsername();
+
String errorMessage = verifyToken( credentials, token, restoreType );
- if ( errorMessage == null )
- {
- String username = credentials.getUsername();
-
- String encodedToken = passwordManager.encodePassword( username, token );
- String encodedCode = passwordManager.encodePassword( username, code );
-
- Date date = new Cal().now().time();
-
- errorMessage = credentials.canRestore( encodedToken, encodedCode, date );
- }
-
- String messageInfo = "Restore User " + credentials.getUid() + " " + credentials.getUsername();
-
- if ( errorMessage != null )
- {
- log.info( messageInfo + " fail because " + errorMessage + "." );
- return false;
- }
-
- log.info( messageInfo + " success." );
+ if ( errorMessage != null )
+ {
+ log.info( logInfoPrefix + " verifyToken() failed: " + errorMessage );
+ return false;
+ }
+
+ String username = credentials.getUsername();
+
+ String encodedToken = passwordManager.encodePassword( username, token );
+ String encodedCode = passwordManager.encodePassword( username, code );
+
+ Date date = new Cal().now().time();
+
+ errorMessage = credentials.canRestore( encodedToken, encodedCode, date );
+
+ if ( errorMessage != null )
+ {
+ log.info( logInfoPrefix + " canRestore() failed: " + errorMessage + "." );
+ return false;
+ }
+
+ log.info( logInfoPrefix + " success." );
return true;
}
+ /**
+ * Verify the token given for a user invite or password restore operation.
+ *
+ * If error, returns one of the following strings:
+ *
+ *
+ * - credentials_parameter_is_null
+ * - token_parameter_is_null
+ * - restoreType_parameter_is_null
+ * - cannnot_parse_restore_options ...
+ * - wrong_prefix_for_restore_type ...
+ * - could_not_verify_token ...
+ * - restoreToken_does_not_match_supplied_token
+ *
+ *
+ * @param credentials the user credentials.
+ * @param token the token.
+ * @param restoreType type of restore operation.
+ * @return null if success, otherwise error string.
+ */
public String verifyToken( UserCredentials credentials, String token, RestoreType restoreType )
{
if ( credentials == null )
{
- return "verifyToken() - credentials parameter is null";
+ return "credentials_parameter_is_null";
}
if ( token == null )
{
- return "verifyToken() - token parameter is null";
+ return "token_parameter_is_null";
}
if ( restoreType == null )
{
- return "verifyToken() - restoreType parameter is null";
+ return "restoreType_parameter_is_null";
}
RestoreOptions restoreOptions = RestoreOptions.getRestoreOptions( token );
if ( restoreOptions == null )
{
- return "can't parse restore options for " + restoreType.name() + " from token " + token;
+ return "cannnot_parse_restore_options for " + restoreType.name() + " from token " + token;
}
if ( restoreType != restoreOptions.getRestoreType() )
{
- return "wrong prefix for restore type " + restoreType.name() + " on token " + token;
+ return "wrong_prefix_for_restore_type " + restoreType.name() + " on token " + token;
}
if ( credentials.getRestoreToken() == null )
{
- return "could not verify token for " + restoreType.name() + " because user has no token";
+ return "could_not_verify_token for " + restoreType.name() + " because user has no token";
}
String encodedToken = passwordManager.encodePassword( credentials.getUsername(), token );
if ( !credentials.getRestoreToken().equals( encodedToken ) )
{
- return "supplied token " + token + " does not mach account restoreToken";
+ return "restoreToken_does_not_match_supplied_token " + token;
}
return null; // Success.