github/mage
1
0
Fork 0
mirror of https://github.com/correl/mage.git synced 2024-11-14 19:19:32 +00:00
Code Issues Projects Releases Packages Wiki Activity

Do not proceed to password reset flow when authentication is not enabled.

Browse source
This commit is contained in:
Me Car 2016-01-14 04:09:21 +09:00
parent 199e278ed9
commit 4b25e32caf
1 changed files with 8 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
Mage.Server/src/main/java/mage/server/MageServerImpl.java
View file

@ -128,6 +128,10 @@ public class MageServerImpl implements MageServer {
@Override
public boolean emailAuthToken(String sessionId, String email) throws MageException {
if (!ConfigSettings.getInstance().isAuthenticationActivated()) {
sendErrorMessageToClient(sessionId, "Registration is disabled by the server config");
return false;
}
AuthorizedUser authorizedUser = AuthorizedUserRepository.instance.getByEmail(email);
if (authorizedUser == null) {
sendErrorMessageToClient(sessionId, "No user was found with the email address " + email);
@ -147,6 +151,10 @@ public class MageServerImpl implements MageServer {
@Override
public boolean resetPassword(String sessionId, String email, String authToken, String password) throws MageException {
if (!ConfigSettings.getInstance().isAuthenticationActivated()) {
sendErrorMessageToClient(sessionId, "Registration is disabled by the server config");
return false;
}
String storedAuthToken = activeAuthTokens.get(email);
if (storedAuthToken == null || !storedAuthToken.equals(authToken)) {
sendErrorMessageToClient(sessionId, "Invalid auth token");