hazza/DSpace
1
0
Fork 0
mirror of https://github.com/DSpace/DSpace.git synced 2025-10-07 10:04:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #8766 from Ma-Tador/synced

Browse Source 
fix bug: reset password from Admin Panel when Captcha enabled
This commit is contained in:
Tim Donohue
2023-05-03 10:52:46 -05:00
committed by GitHub
parent 7cebc65a31 310b7a9b0c
commit 22c667e7cd
2 changed files with 11 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
dspace-server-webapp/src/main/java/org/dspace/app/rest/repository/RegistrationRestRepository.java
View File

@@ -93,11 +93,16 @@ public class RegistrationRestRepository extends DSpaceRestRepository<Registratio
HttpServletRequest request = requestService.getCurrentRequest().getHttpServletRequest(); HttpServletRequest request = requestService.getCurrentRequest().getHttpServletRequest();
ObjectMapper mapper = new ObjectMapper(); ObjectMapper mapper = new ObjectMapper();
RegistrationRest registrationRest; RegistrationRest registrationRest;
String accountType = request.getParameter(TYPE_QUERY_PARAM);
if (StringUtils.isBlank(accountType) ||
(!accountType.equalsIgnoreCase(TYPE_FORGOT) && !accountType.equalsIgnoreCase(TYPE_REGISTER))) {
throw new IllegalArgumentException(String.format("Needs query param '%s' with value %s or %s indicating " +
"what kind of registration request it is", TYPE_QUERY_PARAM, TYPE_FORGOT, TYPE_REGISTER));
}
String captchaToken = request.getHeader("X-Recaptcha-Token"); String captchaToken = request.getHeader("X-Recaptcha-Token");
boolean verificationEnabled = configurationService.getBooleanProperty("registration.verification.enabled"); boolean verificationEnabled = configurationService.getBooleanProperty("registration.verification.enabled");
if (verificationEnabled) { if (verificationEnabled && !accountType.equalsIgnoreCase(TYPE_FORGOT)) {
try { try {
captchaService.processResponse(captchaToken, REGISTER_ACTION); captchaService.processResponse(captchaToken, REGISTER_ACTION);
} catch (InvalidReCaptchaException e) { } catch (InvalidReCaptchaException e) {
@@ -114,12 +119,6 @@ public class RegistrationRestRepository extends DSpaceRestRepository<Registratio
if (StringUtils.isBlank(registrationRest.getEmail())) { if (StringUtils.isBlank(registrationRest.getEmail())) {
throw new UnprocessableEntityException("The email cannot be omitted from the Registration endpoint"); throw new UnprocessableEntityException("The email cannot be omitted from the Registration endpoint");
} }
String accountType = request.getParameter(TYPE_QUERY_PARAM);
if (StringUtils.isBlank(accountType) ||
(!accountType.equalsIgnoreCase(TYPE_FORGOT) && !accountType.equalsIgnoreCase(TYPE_REGISTER))) {
throw new IllegalArgumentException(String.format("Needs query param '%s' with value %s or %s indicating " +
"what kind of registration request it is", TYPE_QUERY_PARAM, TYPE_FORGOT, TYPE_REGISTER));
}
EPerson eperson = null; EPerson eperson = null;
try { try {
eperson = ePersonService.findByEmail(context, registrationRest.getEmail()); eperson = ePersonService.findByEmail(context, registrationRest.getEmail());
@@ -130,12 +129,12 @@ public class RegistrationRestRepository extends DSpaceRestRepository<Registratio
try { try {
if (!AuthorizeUtil.authorizeUpdatePassword(context, eperson.getEmail())) { if (!AuthorizeUtil.authorizeUpdatePassword(context, eperson.getEmail())) {
throw new DSpaceBadRequestException("Password cannot be updated for the given EPerson with email: " throw new DSpaceBadRequestException("Password cannot be updated for the given EPerson with email: "
+ eperson.getEmail()); + eperson.getEmail());
} }
accountService.sendForgotPasswordInfo(context, registrationRest.getEmail()); accountService.sendForgotPasswordInfo(context, registrationRest.getEmail());
} catch (SQLException | IOException | MessagingException | AuthorizeException e) { } catch (SQLException | IOException | MessagingException | AuthorizeException e) {
log.error("Something went wrong with sending forgot password info email: " log.error("Something went wrong with sending forgot password info email: "
+ registrationRest.getEmail(), e); + registrationRest.getEmail(), e);
} }
} else if (accountType.equalsIgnoreCase(TYPE_REGISTER)) { } else if (accountType.equalsIgnoreCase(TYPE_REGISTER)) {
try { try {
@@ -152,7 +151,7 @@ public class RegistrationRestRepository extends DSpaceRestRepository<Registratio
accountService.sendRegistrationInfo(context, email); accountService.sendRegistrationInfo(context, email);
} catch (SQLException | IOException | MessagingException | AuthorizeException e) { } catch (SQLException | IOException | MessagingException | AuthorizeException e) {
log.error("Something went wrong with sending registration info email: " log.error("Something went wrong with sending registration info email: "
+ registrationRest.getEmail(), e); + registrationRest.getEmail(), e);
} }
} }
return null; return null;

1
dspace-server-webapp/src/test/java/org/dspace/app/rest/RegistrationRestRepositoryIT.java
View File

@@ -298,6 +298,7 @@ public class RegistrationRestRepositoryIT extends AbstractControllerIntegrationT
// when reCAPTCHA enabled and request doesn't contain "X-Recaptcha-Token” header // when reCAPTCHA enabled and request doesn't contain "X-Recaptcha-Token” header
getClient().perform(post("/api/eperson/registrations") getClient().perform(post("/api/eperson/registrations")
.param(TYPE_QUERY_PARAM, TYPE_REGISTER)
.content(mapper.writeValueAsBytes(registrationRest)) .content(mapper.writeValueAsBytes(registrationRest))
.contentType(contentType)) .contentType(contentType))
.andExpect(status().isForbidden()); .andExpect(status().isForbidden());