You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@ofbiz.apache.org by jl...@apache.org on 2014/09/02 18:21:21 UTC

svn commit: r1622055 - /ofbiz/branches/release12.04/applications/securityext/src/org/ofbiz/securityext/login/LoginEvents.java

Author: jleroux
Date: Tue Sep  2 16:21:21 2014
New Revision: 1622055

URL: http://svn.apache.org/r1622055
Log:
"Applied fix from trunk for revision: 1622050" 
------------------------------------------------------------------------
r1622050 | jleroux | 2014-09-02 18:17:36 +0200 (mar. 02 sept. 2014) | 7 lignes

A patch from Ritu Raj Lakhera for "Forgot password functionality is not honoring the 'password.lowercase' property of 'security.properties'" https://issues.apache.org/jira/browse/OFBIZ-5745

Forgot password functionality (LoginEvents.emailPassword) is not honoring the 'password.lowercase' property of 'security.properties'. And thus customer is not able to Login on e-commerce site with new generated password.
Test Case:
1. Set property 'password.lowercase' as true in 'security.properties'.
2. Request a forgot password and customer get the new password as 'a0e7J'
3. Customer is not able to login on e-commerce site.
------------------------------------------------------------------------


Modified:
    ofbiz/branches/release12.04/applications/securityext/src/org/ofbiz/securityext/login/LoginEvents.java

Modified: ofbiz/branches/release12.04/applications/securityext/src/org/ofbiz/securityext/login/LoginEvents.java
URL: http://svn.apache.org/viewvc/ofbiz/branches/release12.04/applications/securityext/src/org/ofbiz/securityext/login/LoginEvents.java?rev=1622055&r1=1622054&r2=1622055&view=diff
==============================================================================
--- ofbiz/branches/release12.04/applications/securityext/src/org/ofbiz/securityext/login/LoginEvents.java (original)
+++ ofbiz/branches/release12.04/applications/securityext/src/org/ofbiz/securityext/login/LoginEvents.java Tue Sep  2 16:21:21 2014
@@ -212,6 +212,9 @@ public class LoginEvents {
             if (useEncryption) {
                 // password encrypted, can't send, generate new password and email to user
                 passwordToSend = RandomStringUtils.randomAlphanumeric(Integer.parseInt(UtilProperties.getPropertyValue("security", "password.length.min", "5")));
+                if ("true".equals(UtilProperties.getPropertyValue("security.properties", "password.lowercase"))){
+                    passwordToSend=passwordToSend.toLowerCase();
+                }
                 supposedUserLogin.set("currentPassword", HashCrypt.cryptPassword(LoginServices.getHashType(), passwordToSend));
                 supposedUserLogin.set("passwordHint", "Auto-Generated Password");
                 if ("true".equals(UtilProperties.getPropertyValue("security.properties", "password.email_password.require_password_change"))){