You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@openmeetings.apache.org by so...@apache.org on 2016/03/24 18:06:48 UTC
svn commit: r1736468 - in /openmeetings/application:
branches/3.1.x/openmeetings-web/src/main/java/org/apache/openmeetings/web/pages/auth/
trunk/openmeetings-web/src/main/java/org/apache/openmeetings/web/pages/auth/
Author: solomax
Date: Thu Mar 24 17:06:48 2016
New Revision: 1736468
URL: http://svn.apache.org/viewvc?rev=1736468&view=rev
Log:
[OPENMEETINGS-1355] random UUID is used to generate password reset hash
Modified:
openmeetings/application/branches/3.1.x/openmeetings-web/src/main/java/org/apache/openmeetings/web/pages/auth/ForgetPasswordDialog.java
openmeetings/application/trunk/openmeetings-web/src/main/java/org/apache/openmeetings/web/pages/auth/ForgetPasswordDialog.java
Modified: openmeetings/application/branches/3.1.x/openmeetings-web/src/main/java/org/apache/openmeetings/web/pages/auth/ForgetPasswordDialog.java
URL: http://svn.apache.org/viewvc/openmeetings/application/branches/3.1.x/openmeetings-web/src/main/java/org/apache/openmeetings/web/pages/auth/ForgetPasswordDialog.java?rev=1736468&r1=1736467&r2=1736468&view=diff
==============================================================================
--- openmeetings/application/branches/3.1.x/openmeetings-web/src/main/java/org/apache/openmeetings/web/pages/auth/ForgetPasswordDialog.java (original)
+++ openmeetings/application/branches/3.1.x/openmeetings-web/src/main/java/org/apache/openmeetings/web/pages/auth/ForgetPasswordDialog.java Thu Mar 24 17:06:48 2016
@@ -22,15 +22,14 @@ import static org.apache.openmeetings.ut
import static org.apache.openmeetings.web.app.Application.getBean;
import java.util.Arrays;
-import java.util.Date;
import java.util.List;
+import java.util.UUID;
import org.apache.openmeetings.core.mail.MailHandler;
import org.apache.openmeetings.db.dao.basic.ConfigurationDao;
import org.apache.openmeetings.db.dao.user.UserDao;
import org.apache.openmeetings.db.entity.user.User;
import org.apache.openmeetings.service.mail.template.ResetPasswordTemplate;
-import org.apache.openmeetings.util.crypt.ManageCryptStyle;
import org.apache.openmeetings.web.app.Application;
import org.apache.openmeetings.web.pages.ResetPage;
import org.apache.wicket.ajax.AjaxRequestTarget;
@@ -239,9 +238,8 @@ public class ForgetPasswordDialog extend
}
private void sendHashByUser(User us, String appLink, UserDao userDao) throws Exception {
- String loginData = us.getLogin() + new Date();
log.debug("User: " + us.getLogin());
- us.setResethash(ManageCryptStyle.getInstanceOfCrypt().createPassPhrase(loginData));
+ us.setResethash(UUID.randomUUID().toString());
userDao.update(us, -1L);
String reset_link = appLink + "?hash=" + us.getResethash();
Modified: openmeetings/application/trunk/openmeetings-web/src/main/java/org/apache/openmeetings/web/pages/auth/ForgetPasswordDialog.java
URL: http://svn.apache.org/viewvc/openmeetings/application/trunk/openmeetings-web/src/main/java/org/apache/openmeetings/web/pages/auth/ForgetPasswordDialog.java?rev=1736468&r1=1736467&r2=1736468&view=diff
==============================================================================
--- openmeetings/application/trunk/openmeetings-web/src/main/java/org/apache/openmeetings/web/pages/auth/ForgetPasswordDialog.java (original)
+++ openmeetings/application/trunk/openmeetings-web/src/main/java/org/apache/openmeetings/web/pages/auth/ForgetPasswordDialog.java Thu Mar 24 17:06:48 2016
@@ -22,15 +22,14 @@ import static org.apache.openmeetings.ut
import static org.apache.openmeetings.web.app.Application.getBean;
import java.util.Arrays;
-import java.util.Date;
import java.util.List;
+import java.util.UUID;
import org.apache.openmeetings.core.mail.MailHandler;
import org.apache.openmeetings.db.dao.basic.ConfigurationDao;
import org.apache.openmeetings.db.dao.user.UserDao;
import org.apache.openmeetings.db.entity.user.User;
import org.apache.openmeetings.service.mail.template.ResetPasswordTemplate;
-import org.apache.openmeetings.util.crypt.ManageCryptStyle;
import org.apache.openmeetings.web.app.Application;
import org.apache.openmeetings.web.pages.ResetPage;
import org.apache.wicket.ajax.AjaxRequestTarget;
@@ -239,9 +238,8 @@ public class ForgetPasswordDialog extend
}
private void sendHashByUser(User us, String appLink, UserDao userDao) throws Exception {
- String loginData = us.getLogin() + new Date();
log.debug("User: " + us.getLogin());
- us.setResethash(ManageCryptStyle.getInstanceOfCrypt().createPassPhrase(loginData));
+ us.setResethash(UUID.randomUUID().toString());
userDao.update(us, -1L);
String reset_link = appLink + "?hash=" + us.getResethash();