Author: doogie
Date: Wed Apr 18 23:49:22 2012
New Revision: 1327741
URL: http://svn.apache.org/viewvc?rev=1327741&view=rev
Log:
FEATURE: Make use of new HashCrypt cryptPassword functionality.
Modified:
ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/login/LoginEvents.java
ofbiz/trunk/framework/base/src/org/ofbiz/base/crypto/HashCrypt.java
ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LdapAuthenticationServices.java
ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LoginServices.java
ofbiz/trunk/specialpurpose/ldap/src/org/ofbiz/ldap/commons/AbstractOFBizAuthenticationHandler.java
Modified:
ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/login/LoginEvents.java
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/login/LoginEvents.java?rev=1327741&r1=1327740&r2=1327741&view=diff
==============================================================================
---
ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/login/LoginEvents.java
(original)
+++
ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/login/LoginEvents.java
Wed Apr 18 23:49:22 2012
@@ -212,7 +212,7 @@ public class LoginEvents {
if (useEncryption) {
// password encrypted, can't send, generate new password and
email to user
passwordToSend =
RandomStringUtils.randomAlphanumeric(Integer.parseInt(UtilProperties.getPropertyValue("security",
"password.length.min", "5")));
- supposedUserLogin.set("currentPassword",
HashCrypt.getDigestHash(passwordToSend, LoginServices.getHashType()));
+ supposedUserLogin.set("currentPassword",
HashCrypt.cryptPassword(LoginServices.getHashType(), passwordToSend));
supposedUserLogin.set("passwordHint", "Auto-Generated
Password");
if
("true".equals(UtilProperties.getPropertyValue("security.properties",
"password.email_password.require_password_change"))){
supposedUserLogin.set("requirePasswordChange", "Y");
Modified: ofbiz/trunk/framework/base/src/org/ofbiz/base/crypto/HashCrypt.java
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/framework/base/src/org/ofbiz/base/crypto/HashCrypt.java?rev=1327741&r1=1327740&r2=1327741&view=diff
==============================================================================
--- ofbiz/trunk/framework/base/src/org/ofbiz/base/crypto/HashCrypt.java
(original)
+++ ofbiz/trunk/framework/base/src/org/ofbiz/base/crypto/HashCrypt.java Wed Apr
18 23:49:22 2012
@@ -118,10 +118,18 @@ public class HashCrypt {
}
}
+ /**
+ * @deprecated use cryptPassword
+ */
+ @Deprecated
public static String getDigestHash(String str) {
return getDigestHash(str, "SHA");
}
+ /**
+ * @deprecated use cryptPassword
+ */
+ @Deprecated
public static String getDigestHash(String str, String hashType) {
if (str == null) return null;
try {
@@ -141,6 +149,10 @@ public class HashCrypt {
}
}
+ /**
+ * @deprecated use cryptPassword
+ */
+ @Deprecated
public static String getDigestHash(String str, String code, String
hashType) {
if (str == null) return null;
try {
@@ -162,6 +174,10 @@ public class HashCrypt {
}
}
+ /**
+ * @deprecated use cryptPassword
+ */
+ @Deprecated
public static String getHashTypeFromPrefix(String hashString) {
if (UtilValidate.isEmpty(hashString) || hashString.charAt(0) != '{') {
return null;
@@ -170,6 +186,10 @@ public class HashCrypt {
return hashString.substring(1, hashString.indexOf('}'));
}
+ /**
+ * @deprecated use cryptPassword
+ */
+ @Deprecated
public static String removeHashTypePrefix(String hashString) {
if (UtilValidate.isEmpty(hashString) || hashString.charAt(0) != '{') {
return hashString;
@@ -178,6 +198,10 @@ public class HashCrypt {
return hashString.substring(hashString.indexOf('}') + 1);
}
+ /**
+ * @deprecated no replacement, logic moved into comparePassword
+ */
+ @Deprecated
public static String getDigestHashOldFunnyHexEncode(String str, String
hashType) {
if (UtilValidate.isEmpty(hashType)) hashType = "SHA";
if (str == null) return null;
Modified:
ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LdapAuthenticationServices.java
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LdapAuthenticationServices.java?rev=1327741&r1=1327740&r2=1327741&view=diff
==============================================================================
---
ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LdapAuthenticationServices.java
(original)
+++
ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LdapAuthenticationServices.java
Wed Apr 18 23:49:22 2012
@@ -94,24 +94,16 @@ public class LdapAuthenticationServices
// Synchronize user's OFBiz password with user's LDAP password
if (userLogin != null) {
boolean useEncryption =
"true".equals(UtilProperties.getPropertyValue("security.properties",
"password.encrypt"));
- String encodedPassword = useEncryption ?
HashCrypt.getDigestHash(password, LoginServices.getHashType()) : password;
- String encodedPasswordOldFunnyHexEncode = useEncryption ?
HashCrypt.getDigestHashOldFunnyHexEncode(password, LoginServices.getHashType())
: password;
- String encodedPasswordUsingDbHashType = encodedPassword;
String currentPassword = userLogin.getString("currentPassword");
- if (useEncryption && currentPassword != null &&
currentPassword.startsWith("{")) {
- String dbHashType =
HashCrypt.getHashTypeFromPrefix(currentPassword);
- if (dbHashType != null) {
- encodedPasswordUsingDbHashType =
HashCrypt.getDigestHash(password, dbHashType);
- }
+ boolean samePassword;
+ if (useEncryption) {
+ samePassword = HashCrypt.comparePassword(currentPassword,
LoginServices.getHashType(), password);
+ } else {
+ samePassword = currentPassword.equals(password);
}
- boolean samePassword = currentPassword != null &&
-
(HashCrypt.removeHashTypePrefix(encodedPassword).equals(HashCrypt.removeHashTypePrefix(currentPassword))
||
-
HashCrypt.removeHashTypePrefix(encodedPasswordOldFunnyHexEncode).equals(HashCrypt.removeHashTypePrefix(currentPassword))
||
-
HashCrypt.removeHashTypePrefix(encodedPasswordUsingDbHashType).equals(HashCrypt.removeHashTypePrefix(currentPassword))
||
-
("true".equals(UtilProperties.getPropertyValue("security.properties",
"password.accept.encrypted.and.plain")) && password.equals(currentPassword)));
if (!samePassword) {
Debug.logVerbose("Starting password synchronization", module);
- userLogin.set("currentPassword", useEncryption ?
HashCrypt.getDigestHash(password, LoginServices.getHashType()) : password,
false);
+ userLogin.set("currentPassword", useEncryption ?
HashCrypt.cryptPassword(LoginServices.getHashType(), password) : password,
false);
Transaction parentTx = null;
boolean beganTransaction = false;
try {
Modified:
ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LoginServices.java
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LoginServices.java?rev=1327741&r1=1327740&r2=1327741&view=diff
==============================================================================
--- ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LoginServices.java
(original)
+++ ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LoginServices.java
Wed Apr 18 23:49:22 2012
@@ -456,7 +456,7 @@ public class LoginServices {
// save this password in history
GenericValue userLoginPwdHistToCreate =
delegator.makeValue("UserLoginPasswordHistory", UtilMisc.toMap("userLoginId",
userLoginId,"fromDate", nowTimestamp));
boolean useEncryption =
"true".equals(UtilProperties.getPropertyValue("security.properties",
"password.encrypt"));
- userLoginPwdHistToCreate.set("currentPassword", useEncryption ?
HashCrypt.getDigestHash(currentPassword, getHashType()) : currentPassword);
+ userLoginPwdHistToCreate.set("currentPassword", useEncryption ?
HashCrypt.cryptPassword(getHashType(), currentPassword) : currentPassword);
userLoginPwdHistToCreate.create();
}
@@ -520,7 +520,7 @@ public class LoginServices {
userLoginToCreate.set("passwordHint", passwordHint);
userLoginToCreate.set("enabled", enabled);
userLoginToCreate.set("requirePasswordChange", requirePasswordChange);
- userLoginToCreate.set("currentPassword", useEncryption ?
HashCrypt.getDigestHash(currentPassword, getHashType()) : currentPassword);
+ userLoginToCreate.set("currentPassword", useEncryption ?
HashCrypt.cryptPassword(getHashType(), currentPassword) : currentPassword);
try {
userLoginToCreate.set("partyId", partyId);
} catch (Exception e) {
@@ -672,7 +672,7 @@ public class LoginServices {
return ServiceUtil.returnError(errMsg);
}
} else {
- userLoginToUpdate.set("currentPassword", useEncryption ?
HashCrypt.getDigestHash(newPassword, getHashType()) : newPassword, false);
+ userLoginToUpdate.set("currentPassword", useEncryption ?
HashCrypt.cryptPassword(getHashType(), newPassword) : newPassword, false);
userLoginToUpdate.set("passwordHint", passwordHint, false);
userLoginToUpdate.set("requirePasswordChange", "N");
@@ -925,7 +925,7 @@ public class LoginServices {
Delegator delegator = userLogin.getDelegator();
String newPasswordHash = newPassword;
if (useEncryption) {
- newPasswordHash = HashCrypt.getDigestHash(newPassword,
getHashType());
+ newPasswordHash = HashCrypt.cryptPassword(getHashType(),
newPassword);
}
try {
List<GenericValue> pwdHistList =
delegator.findByAnd("UserLoginPasswordHistory",
UtilMisc.toMap("userLoginId",userLogin.getString("userLoginId"),"currentPassword",newPasswordHash));
@@ -984,21 +984,7 @@ public class LoginServices {
boolean passwordMatches = false;
if (oldPassword != null) {
if (useEncryption) {
- String encodedPassword =
HashCrypt.getDigestHash(currentPassword, getHashType());
- String encodedPasswordOldFunnyHexEncode =
HashCrypt.getDigestHashOldFunnyHexEncode(currentPassword, getHashType());
- String encodedPasswordUsingDbHashType = encodedPassword;
- if (oldPassword.startsWith("{")) {
- // get encode according to the type in the database
- String dbHashType =
HashCrypt.getHashTypeFromPrefix(oldPassword);
- if (dbHashType != null) {
- encodedPasswordUsingDbHashType =
HashCrypt.getDigestHash(currentPassword, dbHashType);
- }
- }
- passwordMatches =
HashCrypt.removeHashTypePrefix(encodedPassword).equals(HashCrypt.removeHashTypePrefix(oldPassword))
||
-
HashCrypt.removeHashTypePrefix(encodedPasswordOldFunnyHexEncode).equals(HashCrypt.removeHashTypePrefix(oldPassword))
||
-
HashCrypt.removeHashTypePrefix(encodedPasswordUsingDbHashType).equals(HashCrypt.removeHashTypePrefix(oldPassword))
||
-
("true".equals(UtilProperties.getPropertyValue("security.properties",
"password.accept.encrypted.and.plain")) && oldPassword.equals(currentPassword));
- //passwordMatches = HashCrypt.comparePassword(oldPassword,
getHashType(), currentPassword);
+ passwordMatches = HashCrypt.comparePassword(oldPassword,
getHashType(), currentPassword);
} else {
passwordMatches = oldPassword.equals(currentPassword);
}
Modified:
ofbiz/trunk/specialpurpose/ldap/src/org/ofbiz/ldap/commons/AbstractOFBizAuthenticationHandler.java
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/specialpurpose/ldap/src/org/ofbiz/ldap/commons/AbstractOFBizAuthenticationHandler.java?rev=1327741&r1=1327740&r2=1327741&view=diff
==============================================================================
---
ofbiz/trunk/specialpurpose/ldap/src/org/ofbiz/ldap/commons/AbstractOFBizAuthenticationHandler.java
(original)
+++
ofbiz/trunk/specialpurpose/ldap/src/org/ofbiz/ldap/commons/AbstractOFBizAuthenticationHandler.java
Wed Apr 18 23:49:22 2012
@@ -101,7 +101,7 @@ public abstract class AbstractOFBizAuthe
userLoginToCreate.set("passwordHint", "");
userLoginToCreate.set("enabled", "Y");
userLoginToCreate.set("partyId", getPartyId(rootElement, result));
- userLoginToCreate.set("currentPassword", useEncryption ?
HashCrypt.getDigestHash(password, LoginServices.getHashType()) : password);
+ userLoginToCreate.set("currentPassword", useEncryption ?
HashCrypt.cryptPassword(LoginServices.getHashType(), password) : password);
GenericValue userTryToLogin = delegator.findOne("UserLogin", false,
"userLoginId", username);
if (userTryToLogin == null) {
@@ -119,7 +119,7 @@ public abstract class AbstractOFBizAuthe
throw new GenericEntityException(e.getLocalizedMessage());
}
} else {
- userTryToLogin.setString("currentPassword", useEncryption ?
HashCrypt.getDigestHash(password, LoginServices.getHashType()) : password);
+ userTryToLogin.setString("currentPassword", useEncryption ?
HashCrypt.cryptPassword(LoginServices.getHashType(), password) : password);
userTryToLogin.store();
}
