Author: jleroux
Date: Tue Sep 2 16:17:36 2014
New Revision: 1622050
URL: http://svn.apache.org/r1622050
Log:
A patch from Ritu Raj Lakhera for "Forgot password functionality is not
honoring the 'password.lowercase' property of 'security.properties'"
https://issues.apache.org/jira/browse/OFBIZ-5745
Forgot password functionality (LoginEvents.emailPassword) is not honoring the
'password.lowercase' property of 'security.properties'. And thus customer is
not able to Login on e-commerce site with new generated password.
Test Case:
1. Set property 'password.lowercase' as true in 'security.properties'.
2. Request a forgot password and customer get the new password as 'a0e7J'
3. Customer is not able to login on e-commerce site.
Modified:
ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/login/LoginEvents.java
Modified:
ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/login/LoginEvents.java
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/login/LoginEvents.java?rev=1622050&r1=1622049&r2=1622050&view=diff
==============================================================================
---
ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/login/LoginEvents.java
(original)
+++
ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/login/LoginEvents.java
Tue Sep 2 16:17:36 2014
@@ -212,6 +212,9 @@ public class LoginEvents {
if (useEncryption) {
// password encrypted, can't send, generate new password and
email to user
passwordToSend =
RandomStringUtils.randomAlphanumeric(Integer.parseInt(UtilProperties.getPropertyValue("security",
"password.length.min", "5")));
+ if
("true".equals(UtilProperties.getPropertyValue("security.properties",
"password.lowercase"))){
+ passwordToSend=passwordToSend.toLowerCase();
+ }
supposedUserLogin.set("currentPassword",
HashCrypt.cryptUTF8(LoginServices.getHashType(), null, passwordToSend));
supposedUserLogin.set("passwordHint", "Auto-Generated
Password");
if
("true".equals(UtilProperties.getPropertyValue("security.properties",
"password.email_password.require_password_change"))){