Merge branch '2.0' into 2.1

994a5f79 · Daniel Gerhardt · 3d58553f · 988b3320 · 994a5f79 · 994a5f79
Commit 994a5f79 authored 8 years ago by Daniel Gerhardt
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
 # Changelog

+## 2.0.3
+This release fixes a security vulnerability in the account management API. It is
+highly recommended to upgrade if you are using database authentication.
+
+Additional changes:
+* Libraries have been upgraded to fix potential bugs
+* Some unnecessary log warnings for Websocket communication are filtered
+
 ## 2.1
 Major features:
 * Public Pool (experimental): It is now possible to share sessions with other

--- a/src/main/java/de/thm/arsnova/controller/UserController.java
+++ b/src/main/java/de/thm/arsnova/controller/UserController.java
@@ -94,7 +94,7 @@ public class UserController extends AbstractController {
 		response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
 	}

-	@RequestMapping(value = { "/{username}" }, method = RequestMethod.DELETE)
+	@RequestMapping(value = { "/{username}/" }, method = RequestMethod.DELETE)
 	public final void activate(
 			@PathVariable final String username,
 			final HttpServletRequest request,

--- a/src/main/java/de/thm/arsnova/services/UserService.java
+++ b/src/main/java/de/thm/arsnova/services/UserService.java
@@ -425,7 +425,7 @@ public class UserService implements IUserService {
 	public DbUser deleteDbUser(String username) {
 		User user = getCurrentUser();
 		if (!user.getUsername().equals(username)
-				&& SecurityContextHolder.getContext().getAuthentication().getAuthorities()
+				&& !SecurityContextHolder.getContext().getAuthentication().getAuthorities()
 						.contains(new SimpleGrantedAuthority("ROLE_ADMIN"))) {
 			throw new UnauthorizedException();
 		}