svn commit: r1622055 - /ofbiz/branches/release12.04/applications/securityext/src/org/ofbiz/securityext/login/LoginEvents.java

Tue, 02 Sep 2014 09:22:14 -0700 

Author: jleroux
Date: Tue Sep  2 16:21:21 2014
New Revision: 1622055

URL: http://svn.apache.org/r1622055
Log:
"Applied fix from trunk for revision: 1622050" 
------------------------------------------------------------------------
r1622050 | jleroux | 2014-09-02 18:17:36 +0200 (mar. 02 sept. 2014) | 7 lignes

A patch from Ritu Raj Lakhera for "Forgot password functionality is not 
honoring the 'password.lowercase' property of 'security.properties'" 
https://issues.apache.org/jira/browse/OFBIZ-5745

Forgot password functionality (LoginEvents.emailPassword) is not honoring the 
'password.lowercase' property of 'security.properties'. And thus customer is 
not able to Login on e-commerce site with new generated password.
Test Case:
1. Set property 'password.lowercase' as true in 'security.properties'.
2. Request a forgot password and customer get the new password as 'a0e7J'
3. Customer is not able to login on e-commerce site.
------------------------------------------------------------------------


Modified:
    
ofbiz/branches/release12.04/applications/securityext/src/org/ofbiz/securityext/login/LoginEvents.java

Modified: 
ofbiz/branches/release12.04/applications/securityext/src/org/ofbiz/securityext/login/LoginEvents.java
URL: 
http://svn.apache.org/viewvc/ofbiz/branches/release12.04/applications/securityext/src/org/ofbiz/securityext/login/LoginEvents.java?rev=1622055&r1=1622054&r2=1622055&view=diff
==============================================================================
--- 
ofbiz/branches/release12.04/applications/securityext/src/org/ofbiz/securityext/login/LoginEvents.java
 (original)
+++ 
ofbiz/branches/release12.04/applications/securityext/src/org/ofbiz/securityext/login/LoginEvents.java
 Tue Sep  2 16:21:21 2014
@@ -212,6 +212,9 @@ public class LoginEvents {
             if (useEncryption) {
                 // password encrypted, can't send, generate new password and 
email to user
                 passwordToSend = 
RandomStringUtils.randomAlphanumeric(Integer.parseInt(UtilProperties.getPropertyValue("security",
 "password.length.min", "5")));
+                if 
("true".equals(UtilProperties.getPropertyValue("security.properties", 
"password.lowercase"))){
+                    passwordToSend=passwordToSend.toLowerCase();
+                }
                 supposedUserLogin.set("currentPassword", 
HashCrypt.cryptPassword(LoginServices.getHashType(), passwordToSend));
                 supposedUserLogin.set("passwordHint", "Auto-Generated 
Password");
                 if 
("true".equals(UtilProperties.getPropertyValue("security.properties", 
"password.email_password.require_password_change"))){

Reply via email to