Author: doogie
Date: Tue Jun 1 21:59:02 2010
New Revision: 950273
URL: http://svn.apache.org/viewvc?rev=950273&view=rev
Log:
Revert wrongly committed 950262
Modified:
ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LoginServices.java
Modified:
ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LoginServices.java
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LoginServices.java?rev=950273&r1=950272&r2=950273&view=diff
==============================================================================
--- ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LoginServices.java
(original)
+++ ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LoginServices.java
Tue Jun 1 21:59:02 2010
@@ -456,7 +456,7 @@ public class LoginServices {
// save this password in history
GenericValue userLoginPwdHistToCreate =
delegator.makeValue("UserLoginPasswordHistory", UtilMisc.toMap("userLoginId",
userLoginId,"fromDate", nowTimestamp));
boolean useEncryption =
"true".equals(UtilProperties.getPropertyValue("security.properties",
"password.encrypt"));
- userLoginPwdHistToCreate.set("currentPassword", useEncryption ?
HashCrypt.cryptPassword(getHashType(), currentPassword) : currentPassword);
+ userLoginPwdHistToCreate.set("currentPassword", useEncryption ?
HashCrypt.getDigestHash(currentPassword, getHashType()) : currentPassword);
userLoginPwdHistToCreate.create();
}
@@ -521,7 +521,7 @@ public class LoginServices {
userLoginToCreate.set("enabled", enabled);
userLoginToCreate.set("requirePasswordChange", requirePasswordChange);
userLoginToCreate.set("partyId", partyId);
- userLoginToCreate.set("currentPassword", useEncryption ?
HashCrypt.cryptPassword(getHashType(), currentPassword) : currentPassword);
+ userLoginToCreate.set("currentPassword", useEncryption ?
HashCrypt.getDigestHash(currentPassword, getHashType()) : currentPassword);
try {
EntityCondition condition =
EntityCondition.makeCondition(EntityFunction.UPPER_FIELD("userLoginId"),
EntityOperator.EQUALS, EntityFunction.UPPER(userLoginId));
@@ -667,7 +667,7 @@ public class LoginServices {
return ServiceUtil.returnError(errMsg);
}
} else {
- userLoginToUpdate.set("currentPassword", useEncryption ?
HashCrypt.cryptPassword(getHashType(), newPassword) : newPassword, false);
+ userLoginToUpdate.set("currentPassword", useEncryption ?
HashCrypt.getDigestHash(newPassword, getHashType()) : newPassword, false);
userLoginToUpdate.set("passwordHint", passwordHint, false);
userLoginToUpdate.set("requirePasswordChange", "N");
@@ -893,7 +893,7 @@ public class LoginServices {
errMsg =
UtilProperties.getMessage(resource,"loginservices.old_password_not_correct_reenter",
locale);
errorMessageList.add(errMsg);
}
- if (currentPassword.equals(newPassword)) {
+ if (currentPassword.equals(newPassword) ||
encodedPassword.equals(newPassword)) {
errMsg =
UtilProperties.getMessage(resource,"loginservices.new_password_is_equal_to_old_password",
locale);
errorMessageList.add(errMsg);
}
@@ -922,7 +922,7 @@ public class LoginServices {
Delegator delegator = userLogin.getDelegator();
String newPasswordHash = newPassword;
if (useEncryption) {
- newPasswordHash = HashCrypt.cryptPassword(getHashType(),
newPassword);
+ newPasswordHash = HashCrypt.getDigestHash(newPassword,
getHashType());
}
try {
List<GenericValue> pwdHistList =
delegator.findByAnd("UserLoginPasswordHistory",
UtilMisc.toMap("userLoginId",userLogin.getString("userLoginId"),"currentPassword",newPasswordHash));
@@ -981,6 +981,21 @@ public class LoginServices {
boolean passwordMatches = false;
if (oldPassword != null) {
if (useEncryption) {
+ String encodedPassword =
HashCrypt.getDigestHash(currentPassword, getHashType());
+ String encodedPasswordOldFunnyHexEncode =
HashCrypt.getDigestHashOldFunnyHexEncode(password, getHashType());
+ String encodedPasswordUsingDbHashType = encodedPassword;
+ if (oldPassword.startsWith("{")) {
+ // get encode according to the type in the database
+ String dbHashType =
HashCrypt.getHashTypeFromPrefix(oldPassword);
+ if (dbHashType != null) {
+ encodedPasswordUsingDbHashType =
HashCrypt.getDigestHash(password, dbHashType);
+ }
+ }
+ passwordMatches =
(HashCrypt.removeHashTypePrefix(encodedPassword).equals(HashCrypt.removeHashTypePrefix(currentPassword))
||
+
HashCrypt.removeHashTypePrefix(encodedPasswordOldFunnyHexEncode).equals(HashCrypt.removeHashTypePrefix(currentPassword))
+
HashCrypt.removeHashTypePrefix(encodedPasswordUsingDbHashType).equals(HashCrypt.removeHashTypePrefix(currentPassword))
||
+
("true".equals(UtilProperties.getPropertyValue("security.properties",
"password.accept.encrypted.and.plain")) && password.equ
+
passwordMatches = HashCrypt.comparePassword(oldPassword,
getHashType(), currentPassword);
} else {
passwordMatches = oldPassword.equals(currentPassword);
@@ -990,5 +1005,35 @@ public class LoginServices {
passwordMatches = currentPassword.equals(oldPassword);
}
return passwordMatches;
+
+
+
+
+
+
+
+
+
+
+ String currentPassword = userLogin.getString("currentPassword");
+ if (useEncryption && currentPassword != null &&
currentPassword.startsWith("{")) {
+ // get encode according to the type in the database
+ String dbHashType =
HashCrypt.getHashTypeFromPrefix(currentPassword);
+ if (dbHashType != null) {
+ encodedPasswordUsingDbHashType =
HashCrypt.getDigestHash(password, dbHashType);
+ }
+ }
+ if (oldPassword != null) {
+
+(userLogin.get("currentPassword") != null &&
+
+
+// FIXME: needs to be getBytes("UTF-8")
+
+
+
+
+
+
}
}
