Author: doogie
Date: Tue Jun 1 21:59:21 2010
New Revision: 950274
URL: http://svn.apache.org/viewvc?rev=950274&view=rev
Log:
Revert wrongly committed 950261
Modified:
ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LoginServices.java
Modified:
ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LoginServices.java
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LoginServices.java?rev=950274&r1=950273&r2=950274&view=diff
==============================================================================
--- ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LoginServices.java
(original)
+++ ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LoginServices.java
Tue Jun 1 21:59:21 2010
@@ -153,6 +153,19 @@ public class LoginServices {
}
if (userLogin != null) {
+ String encodedPassword = useEncryption ?
HashCrypt.getDigestHash(password, getHashType()) : password;
+ String encodedPasswordOldFunnyHexEncode = useEncryption ?
HashCrypt.getDigestHashOldFunnyHexEncode(password, getHashType()) : password;
+ String encodedPasswordUsingDbHashType = encodedPassword;
+
+ String currentPassword =
userLogin.getString("currentPassword");
+ if (useEncryption && currentPassword != null &&
currentPassword.startsWith("{")) {
+ // get encode according to the type in the database
+ String dbHashType =
HashCrypt.getHashTypeFromPrefix(currentPassword);
+ if (dbHashType != null) {
+ encodedPasswordUsingDbHashType =
HashCrypt.getDigestHash(password, dbHashType);
+ }
+ }
+
String ldmStr =
UtilProperties.getPropertyValue("security.properties", "login.disable.minutes");
long loginDisableMinutes = 30;
@@ -205,7 +218,11 @@ public class LoginServices {
// if the password.accept.encrypted.and.plain property
in security is set to true allow plain or encrypted passwords
// if this is a system account don't bother checking
the passwords
// if externalAuth passed; this is run as well
- if ((!authFatalError && externalAuth) ||
checkPassword(userLogin.getString("currentPassword"), useEncryption, password))
{
+ if ((!authFatalError && externalAuth) ||
(userLogin.get("currentPassword") != null &&
+
(HashCrypt.removeHashTypePrefix(encodedPassword).equals(HashCrypt.removeHashTypePrefix(currentPassword))
||
+
HashCrypt.removeHashTypePrefix(encodedPasswordOldFunnyHexEncode).equals(HashCrypt.removeHashTypePrefix(currentPassword))
||
+
HashCrypt.removeHashTypePrefix(encodedPasswordUsingDbHashType).equals(HashCrypt.removeHashTypePrefix(currentPassword))
||
+
("true".equals(UtilProperties.getPropertyValue("security.properties",
"password.accept.encrypted.and.plain")) &&
password.equals(userLogin.getString("currentPassword")))))) {
Debug.logVerbose("[LoginServices.userLogin] :
Password Matched", module);
// update the hasLoggedOut flag
@@ -237,7 +254,7 @@ public class LoginServices {
result.put("userLogin", userLogin);
result.put(ModelService.RESPONSE_MESSAGE,
ModelService.RESPOND_SUCCESS);
} else {
- //Debug.logInfo("Entered password [" +
encodedPassword + "], Entered password OldFunnyHexEncode [" +
encodedPasswordOldFunnyHexEncode + "], db password [" +
userLogin.getString("currentPassword") + "]", module);
+ Debug.logInfo("Entered password [" +
encodedPassword + "], Entered password OldFunnyHexEncode [" +
encodedPasswordOldFunnyHexEncode + "], db password [" +
userLogin.getString("currentPassword") + "]", module);
// password is incorrect, but this may be the
result of a stale cache entry,
// so lets clear the cache and try again if this
is the first pass
@@ -886,9 +903,28 @@ public class LoginServices {
String errMsg = null;
if (!ignoreCurrentPassword) {
+
+ String encodedPassword = useEncryption ?
HashCrypt.getDigestHash(currentPassword, getHashType()) : currentPassword;
+ String encodedPasswordOldFunnyHexEncode = useEncryption ?
HashCrypt.getDigestHashOldFunnyHexEncode(currentPassword, getHashType()) :
currentPassword;
+ String encodedPasswordUsingDbHashType = encodedPassword;
+
+ String oldPassword = userLogin.getString("currentPassword");
+ if (useEncryption && oldPassword != null &&
oldPassword.startsWith("{")) {
+ // get encode according to the type in the database
+ String dbHashType =
HashCrypt.getHashTypeFromPrefix(oldPassword);
+ if (dbHashType != null) {
+ encodedPasswordUsingDbHashType =
HashCrypt.getDigestHash(currentPassword, dbHashType);
+ }
+ }
+
// if the password.accept.encrypted.and.plain property in security
is set to true allow plain or encrypted passwords
// if this is a system account don't bother checking the passwords
- boolean passwordMatches =
checkPassword(userLogin.getString("currentPassword"), useEncryption,
currentPassword);
+ boolean passwordMatches = (oldPassword != null &&
+
(HashCrypt.removeHashTypePrefix(encodedPassword).equals(HashCrypt.removeHashTypePrefix(oldPassword))
||
+
HashCrypt.removeHashTypePrefix(encodedPasswordOldFunnyHexEncode).equals(HashCrypt.removeHashTypePrefix(oldPassword))
||
+
HashCrypt.removeHashTypePrefix(encodedPasswordUsingDbHashType).equals(HashCrypt.removeHashTypePrefix(oldPassword))
||
+
("true".equals(UtilProperties.getPropertyValue("security.properties",
"password.accept.encrypted.and.plain")) &&
currentPassword.equals(oldPassword))));
+
if ((currentPassword == null) || (userLogin != null &&
currentPassword != null && !passwordMatches)) {
errMsg =
UtilProperties.getMessage(resource,"loginservices.old_password_not_correct_reenter",
locale);
errorMessageList.add(errMsg);
@@ -976,64 +1012,4 @@ public class LoginServices {
return hashType;
}
-
- private static boolean checkPassword(String oldPassword, boolean
useEncryption, String currentPassword) {
- boolean passwordMatches = false;
- if (oldPassword != null) {
- if (useEncryption) {
- String encodedPassword =
HashCrypt.getDigestHash(currentPassword, getHashType());
- String encodedPasswordOldFunnyHexEncode =
HashCrypt.getDigestHashOldFunnyHexEncode(password, getHashType());
- String encodedPasswordUsingDbHashType = encodedPassword;
- if (oldPassword.startsWith("{")) {
- // get encode according to the type in the database
- String dbHashType =
HashCrypt.getHashTypeFromPrefix(oldPassword);
- if (dbHashType != null) {
- encodedPasswordUsingDbHashType =
HashCrypt.getDigestHash(password, dbHashType);
- }
- }
- passwordMatches =
(HashCrypt.removeHashTypePrefix(encodedPassword).equals(HashCrypt.removeHashTypePrefix(currentPassword))
||
-
HashCrypt.removeHashTypePrefix(encodedPasswordOldFunnyHexEncode).equals(HashCrypt.removeHashTypePrefix(currentPassword))
-
HashCrypt.removeHashTypePrefix(encodedPasswordUsingDbHashType).equals(HashCrypt.removeHashTypePrefix(currentPassword))
||
-
("true".equals(UtilProperties.getPropertyValue("security.properties",
"password.accept.encrypted.and.plain")) && password.equ
-
- passwordMatches = HashCrypt.comparePassword(oldPassword,
getHashType(), currentPassword);
- } else {
- passwordMatches = oldPassword.equals(currentPassword);
- }
- }
- if (!passwordMatches &&
"true".equals(UtilProperties.getPropertyValue("security.properties",
"password.accept.encrypted.and.plain"))) {
- passwordMatches = currentPassword.equals(oldPassword);
- }
- return passwordMatches;
-
-
-
-
-
-
-
-
-
-
- String currentPassword = userLogin.getString("currentPassword");
- if (useEncryption && currentPassword != null &&
currentPassword.startsWith("{")) {
- // get encode according to the type in the database
- String dbHashType =
HashCrypt.getHashTypeFromPrefix(currentPassword);
- if (dbHashType != null) {
- encodedPasswordUsingDbHashType =
HashCrypt.getDigestHash(password, dbHashType);
- }
- }
- if (oldPassword != null) {
-
-(userLogin.get("currentPassword") != null &&
-
-
-// FIXME: needs to be getBytes("UTF-8")
-
-
-
-
-
-
- }
}
