From 4b25e32caf4e48ad8565b6a91e7ac9662c4bf3b3 Mon Sep 17 00:00:00 2001
From: Me Car <menoc4r@gmail.com>
Date: Thu, 14 Jan 2016 04:09:21 +0900
Subject: [PATCH] Do not proceed to password reset flow when authentication is
 not enabled.

---
 Mage.Server/src/main/java/mage/server/MageServerImpl.java | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/Mage.Server/src/main/java/mage/server/MageServerImpl.java b/Mage.Server/src/main/java/mage/server/MageServerImpl.java
index 1412d25d3d9..3c0672bfdd4 100644
--- a/Mage.Server/src/main/java/mage/server/MageServerImpl.java
+++ b/Mage.Server/src/main/java/mage/server/MageServerImpl.java
@@ -128,6 +128,10 @@ public class MageServerImpl implements MageServer {
 
     @Override
     public boolean emailAuthToken(String sessionId, String email) throws MageException {
+        if (!ConfigSettings.getInstance().isAuthenticationActivated()) {
+            sendErrorMessageToClient(sessionId, "Registration is disabled by the server config");
+            return false;
+        }
         AuthorizedUser authorizedUser = AuthorizedUserRepository.instance.getByEmail(email);
         if (authorizedUser == null) {
             sendErrorMessageToClient(sessionId, "No user was found with the email address " + email);
@@ -147,6 +151,10 @@ public class MageServerImpl implements MageServer {
 
     @Override
     public boolean resetPassword(String sessionId, String email, String authToken, String password) throws MageException {
+        if (!ConfigSettings.getInstance().isAuthenticationActivated()) {
+            sendErrorMessageToClient(sessionId, "Registration is disabled by the server config");
+            return false;
+        }
         String storedAuthToken = activeAuthTokens.get(email);
         if (storedAuthToken == null || !storedAuthToken.equals(authToken)) {
             sendErrorMessageToClient(sessionId, "Invalid auth token");