fix for allowing non-gui authorization for reset password flow

Evolveum · Sep 29, 2023 · 6da3b6a · 6da3b6a
1 parent 14f87df
commit 6da3b6a
Showing 1 changed file with 9 additions and 2 deletions.
diff --git a/...com/evolveum/midpoint/authentication/impl/channel/ResetPasswordAuthenticationChannel.java b/...com/evolveum/midpoint/authentication/impl/channel/ResetPasswordAuthenticationChannel.java
@@ -35,10 +35,17 @@ public String getPathAfterSuccessfulAuthentication() {
 
     @Override
     public boolean isAllowedAuthorization(Authorization autz) {
-        if (autz != null
-                && autz.getAction().contains(AuthorizationConstants.AUTZ_UI_RESET_PASSWORD_URL)) {
+        if (autz == null) {
+            return false;
+        }
+        if (autz.getAction().contains(AuthorizationConstants.AUTZ_UI_RESET_PASSWORD_URL)) {
             return true;
         }
+
+        if(!autz.getAction().stream().anyMatch(action -> action.contains(AuthorizationConstants.NS_AUTHORIZATION_UI))) {
+            return true;
+        }
+
         return false;
     }