opendev/gerrit
Code Issues Proposed changes

Merge changes If8296539,Id907cc10

Browse Source 
* changes:
  Close security hole allowing normal user to become admin
  Remove the generateHttpPassword capability
This commit is contained in:
David Pursehouse
2014-10-22 07:14:10 +00:00
committed by Gerrit Code Review
parent 36561dc4eb c055d46280
commit 76623a1a56
12 changed files with 22 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
gerrit-sshd/src/main/java/com/google/gerrit/sshd/commands/SetAccountCommand.java
View File

@@ -18,6 +18,7 @@ import com.google.common.base.Strings;
import com.google.gerrit.common.data.GlobalCapability;
import com.google.gerrit.common.errors.EmailException;
import com.google.gerrit.extensions.annotations.RequiresCapability;
import com.google.gerrit.extensions.restapi.AuthException;
import com.google.gerrit.extensions.restapi.RawInput;
import com.google.gerrit.extensions.restapi.ResourceNotFoundException;
import com.google.gerrit.extensions.restapi.RestApiException;
@@ -260,7 +261,7 @@ final class SetAccountCommand extends SshCommand {
}
}
private void deleteSshKey(SshKeyInfo i) throws OrmException {
private void deleteSshKey(SshKeyInfo i) throws AuthException, OrmException {
AccountSshKey sshKey = new AccountSshKey(
new AccountSshKey.Id(user.getAccountId(), i.seq), i.sshPublicKey);
deleteSshKey.apply(