svn commit: r1622050 - /ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/login/LoginEvents.java

Tue, 02 Sep 2014 09:18:44 -0700 

Author: jleroux
Date: Tue Sep  2 16:17:36 2014
New Revision: 1622050

URL: http://svn.apache.org/r1622050
Log:
A patch from Ritu Raj Lakhera for "Forgot password functionality is not 
honoring the 'password.lowercase' property of 'security.properties'" 
https://issues.apache.org/jira/browse/OFBIZ-5745

Forgot password functionality (LoginEvents.emailPassword) is not honoring the 
'password.lowercase' property of 'security.properties'. And thus customer is 
not able to Login on e-commerce site with new generated password.
Test Case:
1. Set property 'password.lowercase' as true in 'security.properties'.
2. Request a forgot password and customer get the new password as 'a0e7J'
3. Customer is not able to login on e-commerce site.

Modified:
    
ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/login/LoginEvents.java

Modified: 
ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/login/LoginEvents.java
URL: 
http://svn.apache.org/viewvc/ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/login/LoginEvents.java?rev=1622050&r1=1622049&r2=1622050&view=diff
==============================================================================
--- 
ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/login/LoginEvents.java
 (original)
+++ 
ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/login/LoginEvents.java
 Tue Sep  2 16:17:36 2014
@@ -212,6 +212,9 @@ public class LoginEvents {
             if (useEncryption) {
                 // password encrypted, can't send, generate new password and 
email to user
                 passwordToSend = 
RandomStringUtils.randomAlphanumeric(Integer.parseInt(UtilProperties.getPropertyValue("security",
 "password.length.min", "5")));
+                if 
("true".equals(UtilProperties.getPropertyValue("security.properties", 
"password.lowercase"))){
+                    passwordToSend=passwordToSend.toLowerCase();
+                }
                 supposedUserLogin.set("currentPassword", 
HashCrypt.cryptUTF8(LoginServices.getHashType(), null, passwordToSend));
                 supposedUserLogin.set("passwordHint", "Auto-Generated 
Password");
                 if 
("true".equals(UtilProperties.getPropertyValue("security.properties", 
"password.email_password.require_password_change"))){

Reply via email to