From 5a54fa171b95b6fad9fd6728aade0f75d916642f Mon Sep 17 00:00:00 2001
From: Jim Blake <jeb228@cornell.edu>
Date: Tue, 9 Dec 2014 12:26:49 -0500
Subject: [PATCH 1/2] VIVO-825 do not allow access to APIs if the account is
 not in a valid state.

Before testing the password, test that the account is well-formed: first name, last name, email.
After testing the password, check to see whether a password change is required.
---
 .../vitro/webapp/controller/api/VitroApiServlet.java | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/api/VitroApiServlet.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/api/VitroApiServlet.java
index 3731040f1..71e826f37 100644
--- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/api/VitroApiServlet.java
+++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/api/VitroApiServlet.java
@@ -46,6 +46,13 @@ public class VitroApiServlet extends HttpServlet {
 
 		Authenticator auth = Authenticator.getInstance(req);
 		UserAccount account = auth.getAccountForInternalAuth(email);
+		
+		if (auth.accountRequiresEditing(account)) {
+			log.debug("Account " + email + " requires editing.");
+			throw new AuthException("user account must include first and "
+					+ "last names and a valid email address.");
+		}
+		
 		if (!auth.isCurrentPassword(account, password)) {
 			log.debug("Invalid: '" + email + "'/'" + password + "'");
 			throw new AuthException("email/password combination is not valid");
@@ -57,6 +64,11 @@ public class VitroApiServlet extends HttpServlet {
 			throw new AuthException("Account is not authorized");
 		}
 
+		if (account.isPasswordChangeRequired()) {
+			log.debug("Account " + email + " requires a new password.");
+			throw new AuthException("user account requires a new password.");
+		}
+		
 		log.debug("Authorized for '" + email + "'");
 	}
 

From 05fe47e50a79f653752dc68291b1b4ff63f91c1c Mon Sep 17 00:00:00 2001
From: hudajkhan <hjk54@cornell.edu>
Date: Wed, 10 Dec 2014 12:36:37 -0500
Subject: [PATCH 2/2] needed access to rdfservice in nyccsc

---
 .../webapp/search/documentBuilding/ContextNodeFields.java     | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/search/documentBuilding/ContextNodeFields.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/search/documentBuilding/ContextNodeFields.java
index e0e698466..cb1a829d0 100644
--- a/webapp/src/edu/cornell/mannlib/vitro/webapp/search/documentBuilding/ContextNodeFields.java
+++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/search/documentBuilding/ContextNodeFields.java
@@ -34,8 +34,8 @@ public class ContextNodeFields implements DocumentModifier, ContextModelsUser{
     protected List<String> queries = new ArrayList<String>();
     protected boolean shutdown = false;    
     protected Log log = LogFactory.getLog(ContextNodeFields.class);   
-
-    private RDFService rdfService;
+    //Subclasses may want to utilize rdfService directly (for example, to execute queries that yielding multiple variables mapped to different fields)
+    protected RDFService rdfService;
 	
 	@Override
 	public void setContextModels(ContextModelAccess models) {