You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ofbiz.apache.org by jl...@apache.org on 2014/09/02 18:22:40 UTC
svn commit: r1622058 - in /ofbiz/branches/release11.04: ./
applications/securityext/src/org/ofbiz/securityext/login/LoginEvents.java
Author: jleroux
Date: Tue Sep 2 16:22:40 2014
New Revision: 1622058
URL: http://svn.apache.org/r1622058
Log:
"Applied fix from trunk for revision: 1622050"
------------------------------------------------------------------------
r1622050 | jleroux | 2014-09-02 18:17:36 +0200 (mar. 02 sept. 2014) | 7 lignes
A patch from Ritu Raj Lakhera for "Forgot password functionality is not honoring the 'password.lowercase' property of 'security.properties'" https://issues.apache.org/jira/browse/OFBIZ-5745
Forgot password functionality (LoginEvents.emailPassword) is not honoring the 'password.lowercase' property of 'security.properties'. And thus customer is not able to Login on e-commerce site with new generated password.
Test Case:
1. Set property 'password.lowercase' as true in 'security.properties'.
2. Request a forgot password and customer get the new password as 'a0e7J'
3. Customer is not able to login on e-commerce site.
------------------------------------------------------------------------
Modified:
ofbiz/branches/release11.04/ (props changed)
ofbiz/branches/release11.04/applications/securityext/src/org/ofbiz/securityext/login/LoginEvents.java
Propchange: ofbiz/branches/release11.04/
------------------------------------------------------------------------------
Merged /ofbiz/trunk:r1622050
Modified: ofbiz/branches/release11.04/applications/securityext/src/org/ofbiz/securityext/login/LoginEvents.java
URL: http://svn.apache.org/viewvc/ofbiz/branches/release11.04/applications/securityext/src/org/ofbiz/securityext/login/LoginEvents.java?rev=1622058&r1=1622057&r2=1622058&view=diff
==============================================================================
--- ofbiz/branches/release11.04/applications/securityext/src/org/ofbiz/securityext/login/LoginEvents.java (original)
+++ ofbiz/branches/release11.04/applications/securityext/src/org/ofbiz/securityext/login/LoginEvents.java Tue Sep 2 16:22:40 2014
@@ -214,6 +214,9 @@ public class LoginEvents {
if (useEncryption) {
// password encrypted, can't send, generate new password and email to user
passwordToSend = RandomStringUtils.randomAlphanumeric(Integer.parseInt(UtilProperties.getPropertyValue("security", "password.length.min", "5")));
+ if ("true".equals(UtilProperties.getPropertyValue("security.properties", "password.lowercase"))){
+ passwordToSend=passwordToSend.toLowerCase();
+ }
supposedUserLogin.set("currentPassword", HashCrypt.getDigestHash(passwordToSend, LoginServices.getHashType()));
supposedUserLogin.set("passwordHint", "Auto-Generated Password");
if ("true".equals(UtilProperties.getPropertyValue("security.properties", "password.email_password.require_password_change"))){