You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ofbiz.apache.org by do...@apache.org on 2010/06/01 23:47:06 UTC
svn commit: r950262 -
/ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LoginServices.java
Author: doogie
Date: Tue Jun 1 21:47:06 2010
New Revision: 950262
URL: http://svn.apache.org/viewvc?rev=950262&view=rev
Log:
Make use of new HashCrypt cryptPassword functionality.
Modified:
ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LoginServices.java
Modified: ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LoginServices.java
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LoginServices.java?rev=950262&r1=950261&r2=950262&view=diff
==============================================================================
--- ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LoginServices.java (original)
+++ ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LoginServices.java Tue Jun 1 21:47:06 2010
@@ -456,7 +456,7 @@ public class LoginServices {
// save this password in history
GenericValue userLoginPwdHistToCreate = delegator.makeValue("UserLoginPasswordHistory", UtilMisc.toMap("userLoginId", userLoginId,"fromDate", nowTimestamp));
boolean useEncryption = "true".equals(UtilProperties.getPropertyValue("security.properties", "password.encrypt"));
- userLoginPwdHistToCreate.set("currentPassword", useEncryption ? HashCrypt.getDigestHash(currentPassword, getHashType()) : currentPassword);
+ userLoginPwdHistToCreate.set("currentPassword", useEncryption ? HashCrypt.cryptPassword(getHashType(), currentPassword) : currentPassword);
userLoginPwdHistToCreate.create();
}
@@ -521,7 +521,7 @@ public class LoginServices {
userLoginToCreate.set("enabled", enabled);
userLoginToCreate.set("requirePasswordChange", requirePasswordChange);
userLoginToCreate.set("partyId", partyId);
- userLoginToCreate.set("currentPassword", useEncryption ? HashCrypt.getDigestHash(currentPassword, getHashType()) : currentPassword);
+ userLoginToCreate.set("currentPassword", useEncryption ? HashCrypt.cryptPassword(getHashType(), currentPassword) : currentPassword);
try {
EntityCondition condition = EntityCondition.makeCondition(EntityFunction.UPPER_FIELD("userLoginId"), EntityOperator.EQUALS, EntityFunction.UPPER(userLoginId));
@@ -667,7 +667,7 @@ public class LoginServices {
return ServiceUtil.returnError(errMsg);
}
} else {
- userLoginToUpdate.set("currentPassword", useEncryption ? HashCrypt.getDigestHash(newPassword, getHashType()) : newPassword, false);
+ userLoginToUpdate.set("currentPassword", useEncryption ? HashCrypt.cryptPassword(getHashType(), newPassword) : newPassword, false);
userLoginToUpdate.set("passwordHint", passwordHint, false);
userLoginToUpdate.set("requirePasswordChange", "N");
@@ -893,7 +893,7 @@ public class LoginServices {
errMsg = UtilProperties.getMessage(resource,"loginservices.old_password_not_correct_reenter", locale);
errorMessageList.add(errMsg);
}
- if (currentPassword.equals(newPassword) || encodedPassword.equals(newPassword)) {
+ if (currentPassword.equals(newPassword)) {
errMsg = UtilProperties.getMessage(resource,"loginservices.new_password_is_equal_to_old_password", locale);
errorMessageList.add(errMsg);
}
@@ -922,7 +922,7 @@ public class LoginServices {
Delegator delegator = userLogin.getDelegator();
String newPasswordHash = newPassword;
if (useEncryption) {
- newPasswordHash = HashCrypt.getDigestHash(newPassword, getHashType());
+ newPasswordHash = HashCrypt.cryptPassword(getHashType(), newPassword);
}
try {
List<GenericValue> pwdHistList = delegator.findByAnd("UserLoginPasswordHistory", UtilMisc.toMap("userLoginId",userLogin.getString("userLoginId"),"currentPassword",newPasswordHash));
@@ -981,21 +981,6 @@ public class LoginServices {
boolean passwordMatches = false;
if (oldPassword != null) {
if (useEncryption) {
- String encodedPassword = HashCrypt.getDigestHash(currentPassword, getHashType());
- String encodedPasswordOldFunnyHexEncode = HashCrypt.getDigestHashOldFunnyHexEncode(password, getHashType());
- String encodedPasswordUsingDbHashType = encodedPassword;
- if (oldPassword.startsWith("{")) {
- // get encode according to the type in the database
- String dbHashType = HashCrypt.getHashTypeFromPrefix(oldPassword);
- if (dbHashType != null) {
- encodedPasswordUsingDbHashType = HashCrypt.getDigestHash(password, dbHashType);
- }
- }
- passwordMatches = (HashCrypt.removeHashTypePrefix(encodedPassword).equals(HashCrypt.removeHashTypePrefix(currentPassword)) ||
- HashCrypt.removeHashTypePrefix(encodedPasswordOldFunnyHexEncode).equals(HashCrypt.removeHashTypePrefix(currentPassword))
- HashCrypt.removeHashTypePrefix(encodedPasswordUsingDbHashType).equals(HashCrypt.removeHashTypePrefix(currentPassword)) ||
- ("true".equals(UtilProperties.getPropertyValue("security.properties", "password.accept.encrypted.and.plain")) && password.equ
-
passwordMatches = HashCrypt.comparePassword(oldPassword, getHashType(), currentPassword);
} else {
passwordMatches = oldPassword.equals(currentPassword);
@@ -1005,35 +990,5 @@ public class LoginServices {
passwordMatches = currentPassword.equals(oldPassword);
}
return passwordMatches;
-
-
-
-
-
-
-
-
-
-
- String currentPassword = userLogin.getString("currentPassword");
- if (useEncryption && currentPassword != null && currentPassword.startsWith("{")) {
- // get encode according to the type in the database
- String dbHashType = HashCrypt.getHashTypeFromPrefix(currentPassword);
- if (dbHashType != null) {
- encodedPasswordUsingDbHashType = HashCrypt.getDigestHash(password, dbHashType);
- }
- }
- if (oldPassword != null) {
-
-(userLogin.get("currentPassword") != null &&
-
-
-// FIXME: needs to be getBytes("UTF-8")
-
-
-
-
-
-
}
}