You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ofbiz.apache.org by do...@apache.org on 2012/05/04 00:20:24 UTC
svn commit: r1333664 - in /ofbiz/trunk:
applications/securityext/src/org/ofbiz/securityext/login/
framework/base/src/org/ofbiz/base/crypto/
framework/common/src/org/ofbiz/common/login/
specialpurpose/ldap/src/org/ofbiz/ldap/commons/
Author: doogie
Date: Thu May 3 22:20:24 2012
New Revision: 1333664
URL: http://svn.apache.org/viewvc?rev=1333664&view=rev
Log:
OPTIMIZE: Remove cryptPassword(String, String); it is not nescessary to
go thru a deprecation cycle for this, as this method was only recently
added, and has never been officially released.
Modified:
ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/login/LoginEvents.java
ofbiz/trunk/framework/base/src/org/ofbiz/base/crypto/HashCrypt.java
ofbiz/trunk/framework/base/src/org/ofbiz/base/crypto/Main.java
ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LdapAuthenticationServices.java
ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LoginServices.java
ofbiz/trunk/specialpurpose/ldap/src/org/ofbiz/ldap/commons/AbstractOFBizAuthenticationHandler.java
Modified: ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/login/LoginEvents.java
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/login/LoginEvents.java?rev=1333664&r1=1333663&r2=1333664&view=diff
==============================================================================
--- ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/login/LoginEvents.java (original)
+++ ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/login/LoginEvents.java Thu May 3 22:20:24 2012
@@ -212,7 +212,7 @@ public class LoginEvents {
if (useEncryption) {
// password encrypted, can't send, generate new password and email to user
passwordToSend = RandomStringUtils.randomAlphanumeric(Integer.parseInt(UtilProperties.getPropertyValue("security", "password.length.min", "5")));
- supposedUserLogin.set("currentPassword", HashCrypt.cryptPassword(LoginServices.getHashType(), passwordToSend));
+ supposedUserLogin.set("currentPassword", HashCrypt.cryptPassword(LoginServices.getHashType(), null, passwordToSend));
supposedUserLogin.set("passwordHint", "Auto-Generated Password");
if ("true".equals(UtilProperties.getPropertyValue("security.properties", "password.email_password.require_password_change"))){
supposedUserLogin.set("requirePasswordChange", "Y");
Modified: ofbiz/trunk/framework/base/src/org/ofbiz/base/crypto/HashCrypt.java
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/base/src/org/ofbiz/base/crypto/HashCrypt.java?rev=1333664&r1=1333663&r2=1333664&view=diff
==============================================================================
--- ofbiz/trunk/framework/base/src/org/ofbiz/base/crypto/HashCrypt.java (original)
+++ ofbiz/trunk/framework/base/src/org/ofbiz/base/crypto/HashCrypt.java Thu May 3 22:20:24 2012
@@ -111,12 +111,13 @@ public class HashCrypt {
return hashed.equals(new String(digestChars));
}
- public static String cryptPassword(String hashType, String password) {
- int saltLength = new Random().nextInt(15) + 1;
- return cryptPassword(hashType, RandomStringUtils.random(saltLength, CRYPT_CHAR_SET), password);
- }
-
public static String cryptPassword(String hashType, String salt, String password) {
+ if (hashType == null) {
+ hashType = "SHA";
+ }
+ if (salt == null) {
+ salt = RandomStringUtils.random(new Random().nextInt(15) + 1, CRYPT_CHAR_SET);
+ }
StringBuilder sb = new StringBuilder();
sb.append("$").append(hashType).append("$").append(salt).append("$");
sb.append(getCryptedBytes(hashType, salt, password.getBytes(UTF8)));
Modified: ofbiz/trunk/framework/base/src/org/ofbiz/base/crypto/Main.java
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/base/src/org/ofbiz/base/crypto/Main.java?rev=1333664&r1=1333663&r2=1333664&view=diff
==============================================================================
--- ofbiz/trunk/framework/base/src/org/ofbiz/base/crypto/Main.java (original)
+++ ofbiz/trunk/framework/base/src/org/ofbiz/base/crypto/Main.java Thu May 3 22:20:24 2012
@@ -21,7 +21,7 @@ package org.ofbiz.base.crypto;
public class Main {
public static void main(String[] args) throws Exception {
if (args[0].equals("-crypt")) {
- System.out.println(HashCrypt.cryptPassword(args[1], args[2]));
+ System.out.println(HashCrypt.cryptPassword(args[1], null, args[2]));
} else if (args[0].equals("-digest")) {
@SuppressWarnings("deprecation")
String digest = HashCrypt.getDigestHash(args[1]);
Modified: ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LdapAuthenticationServices.java
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LdapAuthenticationServices.java?rev=1333664&r1=1333663&r2=1333664&view=diff
==============================================================================
--- ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LdapAuthenticationServices.java (original)
+++ ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LdapAuthenticationServices.java Thu May 3 22:20:24 2012
@@ -103,7 +103,7 @@ public class LdapAuthenticationServices
}
if (!samePassword) {
Debug.logVerbose("Starting password synchronization", module);
- userLogin.set("currentPassword", useEncryption ? HashCrypt.cryptPassword(LoginServices.getHashType(), password) : password, false);
+ userLogin.set("currentPassword", useEncryption ? HashCrypt.cryptPassword(LoginServices.getHashType(), null, password) : password, false);
Transaction parentTx = null;
boolean beganTransaction = false;
try {
Modified: ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LoginServices.java
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LoginServices.java?rev=1333664&r1=1333663&r2=1333664&view=diff
==============================================================================
--- ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LoginServices.java (original)
+++ ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LoginServices.java Thu May 3 22:20:24 2012
@@ -456,7 +456,7 @@ public class LoginServices {
// save this password in history
GenericValue userLoginPwdHistToCreate = delegator.makeValue("UserLoginPasswordHistory", UtilMisc.toMap("userLoginId", userLoginId,"fromDate", nowTimestamp));
boolean useEncryption = "true".equals(UtilProperties.getPropertyValue("security.properties", "password.encrypt"));
- userLoginPwdHistToCreate.set("currentPassword", useEncryption ? HashCrypt.cryptPassword(getHashType(), currentPassword) : currentPassword);
+ userLoginPwdHistToCreate.set("currentPassword", useEncryption ? HashCrypt.cryptPassword(getHashType(), null, currentPassword) : currentPassword);
userLoginPwdHistToCreate.create();
}
@@ -520,7 +520,7 @@ public class LoginServices {
userLoginToCreate.set("passwordHint", passwordHint);
userLoginToCreate.set("enabled", enabled);
userLoginToCreate.set("requirePasswordChange", requirePasswordChange);
- userLoginToCreate.set("currentPassword", useEncryption ? HashCrypt.cryptPassword(getHashType(), currentPassword) : currentPassword);
+ userLoginToCreate.set("currentPassword", useEncryption ? HashCrypt.cryptPassword(getHashType(), null, currentPassword) : currentPassword);
try {
userLoginToCreate.set("partyId", partyId);
} catch (Exception e) {
@@ -672,7 +672,7 @@ public class LoginServices {
return ServiceUtil.returnError(errMsg);
}
} else {
- userLoginToUpdate.set("currentPassword", useEncryption ? HashCrypt.cryptPassword(getHashType(), newPassword) : newPassword, false);
+ userLoginToUpdate.set("currentPassword", useEncryption ? HashCrypt.cryptPassword(getHashType(), null, newPassword) : newPassword, false);
userLoginToUpdate.set("passwordHint", passwordHint, false);
userLoginToUpdate.set("requirePasswordChange", "N");
@@ -925,7 +925,7 @@ public class LoginServices {
Delegator delegator = userLogin.getDelegator();
String newPasswordHash = newPassword;
if (useEncryption) {
- newPasswordHash = HashCrypt.cryptPassword(getHashType(), newPassword);
+ newPasswordHash = HashCrypt.cryptPassword(getHashType(), null, newPassword);
}
try {
List<GenericValue> pwdHistList = delegator.findByAnd("UserLoginPasswordHistory", UtilMisc.toMap("userLoginId",userLogin.getString("userLoginId"),"currentPassword",newPasswordHash));
Modified: ofbiz/trunk/specialpurpose/ldap/src/org/ofbiz/ldap/commons/AbstractOFBizAuthenticationHandler.java
URL: http://svn.apache.org/viewvc/ofbiz/trunk/specialpurpose/ldap/src/org/ofbiz/ldap/commons/AbstractOFBizAuthenticationHandler.java?rev=1333664&r1=1333663&r2=1333664&view=diff
==============================================================================
--- ofbiz/trunk/specialpurpose/ldap/src/org/ofbiz/ldap/commons/AbstractOFBizAuthenticationHandler.java (original)
+++ ofbiz/trunk/specialpurpose/ldap/src/org/ofbiz/ldap/commons/AbstractOFBizAuthenticationHandler.java Thu May 3 22:20:24 2012
@@ -101,7 +101,7 @@ public abstract class AbstractOFBizAuthe
userLoginToCreate.set("passwordHint", "");
userLoginToCreate.set("enabled", "Y");
userLoginToCreate.set("partyId", getPartyId(rootElement, result));
- userLoginToCreate.set("currentPassword", useEncryption ? HashCrypt.cryptPassword(LoginServices.getHashType(), password) : password);
+ userLoginToCreate.set("currentPassword", useEncryption ? HashCrypt.cryptPassword(LoginServices.getHashType(), null, password) : password);
GenericValue userTryToLogin = delegator.findOne("UserLogin", false, "userLoginId", username);
if (userTryToLogin == null) {
@@ -119,7 +119,7 @@ public abstract class AbstractOFBizAuthe
throw new GenericEntityException(e.getLocalizedMessage());
}
} else {
- userTryToLogin.setString("currentPassword", useEncryption ? HashCrypt.cryptPassword(LoginServices.getHashType(), password) : password);
+ userTryToLogin.setString("currentPassword", useEncryption ? HashCrypt.cryptPassword(LoginServices.getHashType(), null, password) : password);
userTryToLogin.store();
}