You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ofbiz.apache.org by do...@apache.org on 2012/04/19 01:49:23 UTC
svn commit: r1327741 - in /ofbiz/trunk:
applications/securityext/src/org/ofbiz/securityext/login/
framework/base/src/org/ofbiz/base/crypto/
framework/common/src/org/ofbiz/common/login/
specialpurpose/ldap/src/org/ofbiz/ldap/commons/
Author: doogie
Date: Wed Apr 18 23:49:22 2012
New Revision: 1327741
URL: http://svn.apache.org/viewvc?rev=1327741&view=rev
Log:
FEATURE: Make use of new HashCrypt cryptPassword functionality.
Modified:
ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/login/LoginEvents.java
ofbiz/trunk/framework/base/src/org/ofbiz/base/crypto/HashCrypt.java
ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LdapAuthenticationServices.java
ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LoginServices.java
ofbiz/trunk/specialpurpose/ldap/src/org/ofbiz/ldap/commons/AbstractOFBizAuthenticationHandler.java
Modified: ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/login/LoginEvents.java
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/login/LoginEvents.java?rev=1327741&r1=1327740&r2=1327741&view=diff
==============================================================================
--- ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/login/LoginEvents.java (original)
+++ ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/login/LoginEvents.java Wed Apr 18 23:49:22 2012
@@ -212,7 +212,7 @@ public class LoginEvents {
if (useEncryption) {
// password encrypted, can't send, generate new password and email to user
passwordToSend = RandomStringUtils.randomAlphanumeric(Integer.parseInt(UtilProperties.getPropertyValue("security", "password.length.min", "5")));
- supposedUserLogin.set("currentPassword", HashCrypt.getDigestHash(passwordToSend, LoginServices.getHashType()));
+ supposedUserLogin.set("currentPassword", HashCrypt.cryptPassword(LoginServices.getHashType(), passwordToSend));
supposedUserLogin.set("passwordHint", "Auto-Generated Password");
if ("true".equals(UtilProperties.getPropertyValue("security.properties", "password.email_password.require_password_change"))){
supposedUserLogin.set("requirePasswordChange", "Y");
Modified: ofbiz/trunk/framework/base/src/org/ofbiz/base/crypto/HashCrypt.java
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/base/src/org/ofbiz/base/crypto/HashCrypt.java?rev=1327741&r1=1327740&r2=1327741&view=diff
==============================================================================
--- ofbiz/trunk/framework/base/src/org/ofbiz/base/crypto/HashCrypt.java (original)
+++ ofbiz/trunk/framework/base/src/org/ofbiz/base/crypto/HashCrypt.java Wed Apr 18 23:49:22 2012
@@ -118,10 +118,18 @@ public class HashCrypt {
}
}
+ /**
+ * @deprecated use cryptPassword
+ */
+ @Deprecated
public static String getDigestHash(String str) {
return getDigestHash(str, "SHA");
}
+ /**
+ * @deprecated use cryptPassword
+ */
+ @Deprecated
public static String getDigestHash(String str, String hashType) {
if (str == null) return null;
try {
@@ -141,6 +149,10 @@ public class HashCrypt {
}
}
+ /**
+ * @deprecated use cryptPassword
+ */
+ @Deprecated
public static String getDigestHash(String str, String code, String hashType) {
if (str == null) return null;
try {
@@ -162,6 +174,10 @@ public class HashCrypt {
}
}
+ /**
+ * @deprecated use cryptPassword
+ */
+ @Deprecated
public static String getHashTypeFromPrefix(String hashString) {
if (UtilValidate.isEmpty(hashString) || hashString.charAt(0) != '{') {
return null;
@@ -170,6 +186,10 @@ public class HashCrypt {
return hashString.substring(1, hashString.indexOf('}'));
}
+ /**
+ * @deprecated use cryptPassword
+ */
+ @Deprecated
public static String removeHashTypePrefix(String hashString) {
if (UtilValidate.isEmpty(hashString) || hashString.charAt(0) != '{') {
return hashString;
@@ -178,6 +198,10 @@ public class HashCrypt {
return hashString.substring(hashString.indexOf('}') + 1);
}
+ /**
+ * @deprecated no replacement, logic moved into comparePassword
+ */
+ @Deprecated
public static String getDigestHashOldFunnyHexEncode(String str, String hashType) {
if (UtilValidate.isEmpty(hashType)) hashType = "SHA";
if (str == null) return null;
Modified: ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LdapAuthenticationServices.java
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LdapAuthenticationServices.java?rev=1327741&r1=1327740&r2=1327741&view=diff
==============================================================================
--- ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LdapAuthenticationServices.java (original)
+++ ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LdapAuthenticationServices.java Wed Apr 18 23:49:22 2012
@@ -94,24 +94,16 @@ public class LdapAuthenticationServices
// Synchronize user's OFBiz password with user's LDAP password
if (userLogin != null) {
boolean useEncryption = "true".equals(UtilProperties.getPropertyValue("security.properties", "password.encrypt"));
- String encodedPassword = useEncryption ? HashCrypt.getDigestHash(password, LoginServices.getHashType()) : password;
- String encodedPasswordOldFunnyHexEncode = useEncryption ? HashCrypt.getDigestHashOldFunnyHexEncode(password, LoginServices.getHashType()) : password;
- String encodedPasswordUsingDbHashType = encodedPassword;
String currentPassword = userLogin.getString("currentPassword");
- if (useEncryption && currentPassword != null && currentPassword.startsWith("{")) {
- String dbHashType = HashCrypt.getHashTypeFromPrefix(currentPassword);
- if (dbHashType != null) {
- encodedPasswordUsingDbHashType = HashCrypt.getDigestHash(password, dbHashType);
- }
+ boolean samePassword;
+ if (useEncryption) {
+ samePassword = HashCrypt.comparePassword(currentPassword, LoginServices.getHashType(), password);
+ } else {
+ samePassword = currentPassword.equals(password);
}
- boolean samePassword = currentPassword != null &&
- (HashCrypt.removeHashTypePrefix(encodedPassword).equals(HashCrypt.removeHashTypePrefix(currentPassword)) ||
- HashCrypt.removeHashTypePrefix(encodedPasswordOldFunnyHexEncode).equals(HashCrypt.removeHashTypePrefix(currentPassword)) ||
- HashCrypt.removeHashTypePrefix(encodedPasswordUsingDbHashType).equals(HashCrypt.removeHashTypePrefix(currentPassword)) ||
- ("true".equals(UtilProperties.getPropertyValue("security.properties", "password.accept.encrypted.and.plain")) && password.equals(currentPassword)));
if (!samePassword) {
Debug.logVerbose("Starting password synchronization", module);
- userLogin.set("currentPassword", useEncryption ? HashCrypt.getDigestHash(password, LoginServices.getHashType()) : password, false);
+ userLogin.set("currentPassword", useEncryption ? HashCrypt.cryptPassword(LoginServices.getHashType(), password) : password, false);
Transaction parentTx = null;
boolean beganTransaction = false;
try {
Modified: ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LoginServices.java
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LoginServices.java?rev=1327741&r1=1327740&r2=1327741&view=diff
==============================================================================
--- ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LoginServices.java (original)
+++ ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LoginServices.java Wed Apr 18 23:49:22 2012
@@ -456,7 +456,7 @@ public class LoginServices {
// save this password in history
GenericValue userLoginPwdHistToCreate = delegator.makeValue("UserLoginPasswordHistory", UtilMisc.toMap("userLoginId", userLoginId,"fromDate", nowTimestamp));
boolean useEncryption = "true".equals(UtilProperties.getPropertyValue("security.properties", "password.encrypt"));
- userLoginPwdHistToCreate.set("currentPassword", useEncryption ? HashCrypt.getDigestHash(currentPassword, getHashType()) : currentPassword);
+ userLoginPwdHistToCreate.set("currentPassword", useEncryption ? HashCrypt.cryptPassword(getHashType(), currentPassword) : currentPassword);
userLoginPwdHistToCreate.create();
}
@@ -520,7 +520,7 @@ public class LoginServices {
userLoginToCreate.set("passwordHint", passwordHint);
userLoginToCreate.set("enabled", enabled);
userLoginToCreate.set("requirePasswordChange", requirePasswordChange);
- userLoginToCreate.set("currentPassword", useEncryption ? HashCrypt.getDigestHash(currentPassword, getHashType()) : currentPassword);
+ userLoginToCreate.set("currentPassword", useEncryption ? HashCrypt.cryptPassword(getHashType(), currentPassword) : currentPassword);
try {
userLoginToCreate.set("partyId", partyId);
} catch (Exception e) {
@@ -672,7 +672,7 @@ public class LoginServices {
return ServiceUtil.returnError(errMsg);
}
} else {
- userLoginToUpdate.set("currentPassword", useEncryption ? HashCrypt.getDigestHash(newPassword, getHashType()) : newPassword, false);
+ userLoginToUpdate.set("currentPassword", useEncryption ? HashCrypt.cryptPassword(getHashType(), newPassword) : newPassword, false);
userLoginToUpdate.set("passwordHint", passwordHint, false);
userLoginToUpdate.set("requirePasswordChange", "N");
@@ -925,7 +925,7 @@ public class LoginServices {
Delegator delegator = userLogin.getDelegator();
String newPasswordHash = newPassword;
if (useEncryption) {
- newPasswordHash = HashCrypt.getDigestHash(newPassword, getHashType());
+ newPasswordHash = HashCrypt.cryptPassword(getHashType(), newPassword);
}
try {
List<GenericValue> pwdHistList = delegator.findByAnd("UserLoginPasswordHistory", UtilMisc.toMap("userLoginId",userLogin.getString("userLoginId"),"currentPassword",newPasswordHash));
@@ -984,21 +984,7 @@ public class LoginServices {
boolean passwordMatches = false;
if (oldPassword != null) {
if (useEncryption) {
- String encodedPassword = HashCrypt.getDigestHash(currentPassword, getHashType());
- String encodedPasswordOldFunnyHexEncode = HashCrypt.getDigestHashOldFunnyHexEncode(currentPassword, getHashType());
- String encodedPasswordUsingDbHashType = encodedPassword;
- if (oldPassword.startsWith("{")) {
- // get encode according to the type in the database
- String dbHashType = HashCrypt.getHashTypeFromPrefix(oldPassword);
- if (dbHashType != null) {
- encodedPasswordUsingDbHashType = HashCrypt.getDigestHash(currentPassword, dbHashType);
- }
- }
- passwordMatches = HashCrypt.removeHashTypePrefix(encodedPassword).equals(HashCrypt.removeHashTypePrefix(oldPassword)) ||
- HashCrypt.removeHashTypePrefix(encodedPasswordOldFunnyHexEncode).equals(HashCrypt.removeHashTypePrefix(oldPassword)) ||
- HashCrypt.removeHashTypePrefix(encodedPasswordUsingDbHashType).equals(HashCrypt.removeHashTypePrefix(oldPassword)) ||
- ("true".equals(UtilProperties.getPropertyValue("security.properties", "password.accept.encrypted.and.plain")) && oldPassword.equals(currentPassword));
- //passwordMatches = HashCrypt.comparePassword(oldPassword, getHashType(), currentPassword);
+ passwordMatches = HashCrypt.comparePassword(oldPassword, getHashType(), currentPassword);
} else {
passwordMatches = oldPassword.equals(currentPassword);
}
Modified: ofbiz/trunk/specialpurpose/ldap/src/org/ofbiz/ldap/commons/AbstractOFBizAuthenticationHandler.java
URL: http://svn.apache.org/viewvc/ofbiz/trunk/specialpurpose/ldap/src/org/ofbiz/ldap/commons/AbstractOFBizAuthenticationHandler.java?rev=1327741&r1=1327740&r2=1327741&view=diff
==============================================================================
--- ofbiz/trunk/specialpurpose/ldap/src/org/ofbiz/ldap/commons/AbstractOFBizAuthenticationHandler.java (original)
+++ ofbiz/trunk/specialpurpose/ldap/src/org/ofbiz/ldap/commons/AbstractOFBizAuthenticationHandler.java Wed Apr 18 23:49:22 2012
@@ -101,7 +101,7 @@ public abstract class AbstractOFBizAuthe
userLoginToCreate.set("passwordHint", "");
userLoginToCreate.set("enabled", "Y");
userLoginToCreate.set("partyId", getPartyId(rootElement, result));
- userLoginToCreate.set("currentPassword", useEncryption ? HashCrypt.getDigestHash(password, LoginServices.getHashType()) : password);
+ userLoginToCreate.set("currentPassword", useEncryption ? HashCrypt.cryptPassword(LoginServices.getHashType(), password) : password);
GenericValue userTryToLogin = delegator.findOne("UserLogin", false, "userLoginId", username);
if (userTryToLogin == null) {
@@ -119,7 +119,7 @@ public abstract class AbstractOFBizAuthe
throw new GenericEntityException(e.getLocalizedMessage());
}
} else {
- userTryToLogin.setString("currentPassword", useEncryption ? HashCrypt.getDigestHash(password, LoginServices.getHashType()) : password);
+ userTryToLogin.setString("currentPassword", useEncryption ? HashCrypt.cryptPassword(LoginServices.getHashType(), password) : password);
userTryToLogin.store();
}