Modified: openmeetings/application/trunk/openmeetings-service/src/main/java/org/apache/openmeetings/service/user/UserManager.java URL: http://svn.apache.org/viewvc/openmeetings/application/trunk/openmeetings-service/src/main/java/org/apache/openmeetings/service/user/UserManager.java?rev=1738512&r1=1738511&r2=1738512&view=diff ============================================================================== --- openmeetings/application/trunk/openmeetings-service/src/main/java/org/apache/openmeetings/service/user/UserManager.java (original) +++ openmeetings/application/trunk/openmeetings-service/src/main/java/org/apache/openmeetings/service/user/UserManager.java Mon Apr 11 05:38:22 2016 @@ -38,6 +38,7 @@ import java.util.Map; import java.util.Random; import java.util.Set; import java.util.TimeZone; +import java.util.UUID; import javax.persistence.EntityManager; import javax.persistence.PersistenceContext; @@ -65,7 +66,7 @@ import org.apache.openmeetings.db.util.T import org.apache.openmeetings.service.mail.EmailManager; import org.apache.openmeetings.util.CalendarPatterns; import org.apache.openmeetings.util.DaoHelper; -import org.apache.openmeetings.util.crypt.ManageCryptStyle; +import org.apache.openmeetings.util.crypt.CryptProvider; import org.apache.wicket.util.string.Strings; import org.red5.logging.Red5LoggerFactory; import org.red5.server.api.scope.IScope; @@ -371,11 +372,7 @@ public class UserManager implements IUse if (checkName && checkEmail) { String link = cfgDao.getBaseUrl(); - String hash = activatedHash; - if (hash == null){ - hash = ManageCryptStyle.getInstanceOfCrypt().createPassPhrase(login - + CalendarPatterns.getDateWithTimeByMiliSeconds(new Date())); - } + String hash = Strings.isEmpty(activatedHash) ? UUID.randomUUID().toString() : activatedHash; link += "activate?u=" + hash; if (sendWelcomeMessage && email.length() != 0) {
Copied: openmeetings/application/trunk/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/CryptProvider.java (from r1738510, openmeetings/application/trunk/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/ManageCryptStyle.java) URL: http://svn.apache.org/viewvc/openmeetings/application/trunk/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/CryptProvider.java?p2=openmeetings/application/trunk/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/CryptProvider.java&p1=openmeetings/application/trunk/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/ManageCryptStyle.java&r1=1738510&r2=1738512&rev=1738512&view=diff ============================================================================== --- openmeetings/application/trunk/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/ManageCryptStyle.java (original) +++ openmeetings/application/trunk/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/CryptProvider.java Mon Apr 11 05:38:22 2016 @@ -24,14 +24,14 @@ import static org.apache.openmeetings.ut import org.red5.logging.Red5LoggerFactory; import org.slf4j.Logger; -public class ManageCryptStyle { - private static final Logger log = Red5LoggerFactory.getLogger(ManageCryptStyle.class, webAppRootKey); +public class CryptProvider { + private static final Logger log = Red5LoggerFactory.getLogger(CryptProvider.class, webAppRootKey); - public static ICryptString getInstanceOfCrypt() { + public static ICrypt get() { try { log.debug("getInstanceOfCrypt:: configKeyCryptClassName: " + configKeyCryptClassName); - return configKeyCryptClassName == null ? null : (ICryptString) Class.forName(configKeyCryptClassName).newInstance(); + return configKeyCryptClassName == null ? null : (ICrypt) Class.forName(configKeyCryptClassName).newInstance(); } catch (Exception err) { log.error("[getInstanceOfCrypt]", err); } Copied: openmeetings/application/trunk/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/ICrypt.java (from r1738510, openmeetings/application/trunk/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/ICryptString.java) URL: http://svn.apache.org/viewvc/openmeetings/application/trunk/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/ICrypt.java?p2=openmeetings/application/trunk/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/ICrypt.java&p1=openmeetings/application/trunk/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/ICryptString.java&r1=1738510&r2=1738512&rev=1738512&view=diff ============================================================================== --- openmeetings/application/trunk/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/ICryptString.java (original) +++ openmeetings/application/trunk/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/ICrypt.java Mon Apr 11 05:38:22 2016 @@ -19,30 +19,32 @@ package org.apache.openmeetings.util.crypt; /** - * interface for Encryption-Class - * see: http://openmeetings.apache.org/CustomCryptMechanism.html + * Interface for Encryption-Class see: + * http://openmeetings.apache.org/CustomCryptMechanism.html see: + * https://crackstation.net/hashing-security.htm * - * @author sebastianwagner + * @author sebastianwagner, solomax * */ -public interface ICryptString { - +public interface ICrypt { /** - * create a pass phrase + * Creates hash of given string * - * @param userGivenPass - * @return + * @param str + * - string to calculate hash for + * @return hash of passed string */ - public String createPassPhrase(String userGivenPass); - + String hash(String str); + /** - * verify a password + * Verify string passed is matches given hash * - * @param passGiven - * @param passwdFromDb - * @return + * @param str + * - string to check hash for + * @param hash + * - hash to compare + * @return <code>true</code> in case string matches hash, <code>false</code> otherwise */ - public boolean verifyPassword(String passGiven, String passwdFromDb); - + boolean verify(String str, String hash); } Modified: openmeetings/application/trunk/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/MD5.java URL: http://svn.apache.org/viewvc/openmeetings/application/trunk/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/MD5.java?rev=1738512&r1=1738511&r2=1738512&view=diff ============================================================================== --- openmeetings/application/trunk/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/MD5.java (original) +++ openmeetings/application/trunk/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/MD5.java Mon Apr 11 05:38:22 2016 @@ -25,7 +25,7 @@ import java.security.NoSuchAlgorithmExce import org.apache.commons.codec.binary.Hex; public class MD5 { - public static String do_checksum(String data) throws NoSuchAlgorithmException { + public static String checksum(String data) throws NoSuchAlgorithmException { MessageDigest md5 = MessageDigest.getInstance("MD5"); byte[] b = data == null ? new byte[0] : data.getBytes(StandardCharsets.UTF_8); md5.update(b, 0, b.length); Modified: openmeetings/application/trunk/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/MD5CryptImplementation.java URL: http://svn.apache.org/viewvc/openmeetings/application/trunk/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/MD5CryptImplementation.java?rev=1738512&r1=1738511&r2=1738512&view=diff ============================================================================== --- openmeetings/application/trunk/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/MD5CryptImplementation.java (original) +++ openmeetings/application/trunk/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/MD5CryptImplementation.java Mon Apr 11 05:38:22 2016 @@ -25,18 +25,18 @@ import java.security.NoSuchAlgorithmExce import org.red5.logging.Red5LoggerFactory; import org.slf4j.Logger; -public class MD5CryptImplementation implements ICryptString { +public class MD5CryptImplementation implements ICrypt { private static final Logger log = Red5LoggerFactory.getLogger(MD5CryptImplementation.class, webAppRootKey); /* * (non-Javadoc) - * @see org.apache.openmeetings.utils.crypt.ICryptString#createPassPhrase(java.lang.String) + * @see org.apache.openmeetings.utils.crypt.ICrypt#hash(java.lang.String) */ @Override - public String createPassPhrase(String userGivenPass) { + public String hash(String str) { String passPhrase = null; try { - passPhrase = MD5Crypt.crypt(userGivenPass); + passPhrase = MD5Crypt.crypt(str); } catch (NoSuchAlgorithmException e) { log.error("Error", e); } @@ -45,19 +45,18 @@ public class MD5CryptImplementation impl /* * (non-Javadoc) - * @see org.apache.openmeetings.utils.crypt.ICryptString#verifyPassword(java.lang.String, java.lang.String) + * @see org.apache.openmeetings.utils.crypt.ICrypt#verify(java.lang.String, java.lang.String) */ @Override - public boolean verifyPassword(String passGiven, String passwdFromDb) { + public boolean verify(String str, String hash) { boolean validPassword = false; - String salt = passwdFromDb.split("\\$")[2]; + String salt = hash.split("\\$")[2]; try { - validPassword = passwdFromDb.equals(MD5Crypt.crypt(passGiven, salt)); + validPassword = hash.equals(MD5Crypt.crypt(str, salt)); } catch (NoSuchAlgorithmException e) { log.error("Error", e); } return validPassword; } - } Modified: openmeetings/application/trunk/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/MD5Implementation.java URL: http://svn.apache.org/viewvc/openmeetings/application/trunk/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/MD5Implementation.java?rev=1738512&r1=1738511&r2=1738512&view=diff ============================================================================== --- openmeetings/application/trunk/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/MD5Implementation.java (original) +++ openmeetings/application/trunk/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/MD5Implementation.java Mon Apr 11 05:38:22 2016 @@ -25,18 +25,18 @@ import java.security.NoSuchAlgorithmExce import org.red5.logging.Red5LoggerFactory; import org.slf4j.Logger; -public class MD5Implementation implements ICryptString { +public class MD5Implementation implements ICrypt { private static final Logger log = Red5LoggerFactory.getLogger(MD5Implementation.class, webAppRootKey); /* * (non-Javadoc) - * @see org.apache.openmeetings.utils.crypt.ICryptString#createPassPhrase(java.lang.String) + * @see org.apache.openmeetings.utils.crypt.ICrypt#hash(java.lang.String) */ @Override - public String createPassPhrase(String userGivenPass) { + public String hash(String str) { String passPhrase = null; try { - passPhrase = MD5.do_checksum(userGivenPass); + passPhrase = MD5.checksum(str); } catch (NoSuchAlgorithmException e) { log.error("Error", e); } @@ -45,11 +45,10 @@ public class MD5Implementation implement /* * (non-Javadoc) - * @see org.apache.openmeetings.utils.crypt.ICryptString#verifyPassword(java.lang.String, java.lang.String) + * @see org.apache.openmeetings.utils.crypt.ICrypt#verify(java.lang.String, java.lang.String) */ @Override - public boolean verifyPassword(String passGiven, String passwdFromDb) { - return (passwdFromDb.equals(createPassPhrase(passGiven))); + public boolean verify(String str, String hash) { + return hash != null && hash.equals(hash(str)); } - } Added: openmeetings/application/trunk/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/SHA256.java URL: http://svn.apache.org/viewvc/openmeetings/application/trunk/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/SHA256.java?rev=1738512&view=auto ============================================================================== --- openmeetings/application/trunk/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/SHA256.java (added) +++ openmeetings/application/trunk/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/SHA256.java Mon Apr 11 05:38:22 2016 @@ -0,0 +1,34 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License") + you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.openmeetings.util.crypt; + +import java.nio.charset.StandardCharsets; +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; + +import org.apache.commons.codec.binary.Hex; + +public class SHA256 { + public static String checksum(String data) throws NoSuchAlgorithmException { + MessageDigest md = MessageDigest.getInstance("SHA-256"); + byte[] b = data == null ? new byte[0] : data.getBytes(StandardCharsets.UTF_8); + md.update(b); + return Hex.encodeHexString(md.digest()); + } +} Added: openmeetings/application/trunk/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/SHA256Implementation.java URL: http://svn.apache.org/viewvc/openmeetings/application/trunk/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/SHA256Implementation.java?rev=1738512&view=auto ============================================================================== --- openmeetings/application/trunk/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/SHA256Implementation.java (added) +++ openmeetings/application/trunk/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/SHA256Implementation.java Mon Apr 11 05:38:22 2016 @@ -0,0 +1,101 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License") + you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.openmeetings.util.crypt; + +import static org.apache.openmeetings.util.OpenmeetingsVariables.webAppRootKey; + +import java.nio.charset.StandardCharsets; +import java.security.NoSuchAlgorithmException; +import java.security.SecureRandom; + +import org.apache.commons.codec.binary.Base64; +import org.bouncycastle.crypto.digests.SHA256Digest; +import org.bouncycastle.crypto.generators.PKCS5S2ParametersGenerator; +import org.bouncycastle.crypto.params.KeyParameter; +import org.red5.logging.Red5LoggerFactory; +import org.slf4j.Logger; + +public class SHA256Implementation implements ICrypt { + private static final Logger log = Red5LoggerFactory.getLogger(SHA256Implementation.class, webAppRootKey); + private static final String SECURE_RND_ALG = "SHA1PRNG"; + private static final int ITERATIONS = 1000; + private static final int KEY_LENGTH = 128 * 8; + private static final int SALT_LENGTH = 256; + + private static byte[] getSalt() throws NoSuchAlgorithmException { + SecureRandom sr = SecureRandom.getInstance(SECURE_RND_ALG); + byte[] salt = new byte[SALT_LENGTH]; + sr.nextBytes(salt); + return salt; + } + + private static String hash(String str, byte[] salt, int iter) { + PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator(new SHA256Digest()); + gen.init(str.getBytes(StandardCharsets.UTF_8), salt, iter); + byte[] dk = ((KeyParameter) gen.generateDerivedParameters(KEY_LENGTH)).getKey(); + return Base64.encodeBase64String(dk); + } + + /* + * (non-Javadoc) + * @see org.apache.openmeetings.utils.crypt.ICrypt#hash(java.lang.String) + */ + @Override + public String hash(String str) { + if (str == null) { + return null; + } + String hash = null; + try { + byte[] salt = getSalt(); + String h = hash(str, salt, ITERATIONS); + hash = String.format("%s:%s:%s", ITERATIONS, h, Base64.encodeBase64String(salt)); + } catch (NoSuchAlgorithmException e) { + log.error("Error", e); + } + return hash; + } + + /* + * (non-Javadoc) + * @see org.apache.openmeetings.utils.crypt.ICrypt#verify(java.lang.String, java.lang.String) + */ + @Override + public boolean verify(String str, String hash) { + if (str == null) { + return hash == null; + } + if (hash == null) { + return false; + } + String[] ss = hash.split(":"); + if (ss.length != 3) { + return false; + } + try { + int iter = Integer.parseInt(ss[0]); + String h1 = ss[1]; + byte[] salt = Base64.decodeBase64(ss[2]); + String h2 = hash(str, salt, iter); + return h2.equals(h1); + } catch (Exception e) { + return false; + } + } +} Added: openmeetings/application/trunk/openmeetings-util/src/test/java/org/apache/openmeetings/util/crypt/AbstractCryptTest.java URL: http://svn.apache.org/viewvc/openmeetings/application/trunk/openmeetings-util/src/test/java/org/apache/openmeetings/util/crypt/AbstractCryptTest.java?rev=1738512&view=auto ============================================================================== --- openmeetings/application/trunk/openmeetings-util/src/test/java/org/apache/openmeetings/util/crypt/AbstractCryptTest.java (added) +++ openmeetings/application/trunk/openmeetings-util/src/test/java/org/apache/openmeetings/util/crypt/AbstractCryptTest.java Mon Apr 11 05:38:22 2016 @@ -0,0 +1,62 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License") + you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.openmeetings.util.crypt; + +import static org.junit.Assert.*; + +import java.util.ArrayList; +import java.util.List; +import java.util.Random; + +import org.apache.commons.lang3.RandomStringUtils; +import org.junit.Test; + +public abstract class AbstractCryptTest { + protected static ICrypt crypt; + + @Test + public void nulltest() { + String hash = crypt.hash(null); + assertEquals("Hash for null should be null", null, hash); + + assertTrue("Hash for null should be null", crypt.verify(null, null)); + } + + private static List<String> get(int count) { + Random rnd = new Random(); + List<String> l = new ArrayList<>(count + 1); + l.add(""); + for (int i = 0; i < count; ++i) { + l.add(RandomStringUtils.random(rnd.nextInt(256))); + } + return l; + } + + @Test + public void test() { + for (String str : get(64)) { + String h1 = crypt.hash(str); + assertNotNull("Hash should not be null", h1); + String h2 = crypt.hash(str); + assertNotEquals("Hashes of same string should NOT be the same", h1, h2); + assertTrue("String should be verified successfully", crypt.verify(str, h1)); + assertTrue("String should be verified successfully", crypt.verify(str, h2)); + } + } +} Added: openmeetings/application/trunk/openmeetings-util/src/test/java/org/apache/openmeetings/util/crypt/TestSHA.java URL: http://svn.apache.org/viewvc/openmeetings/application/trunk/openmeetings-util/src/test/java/org/apache/openmeetings/util/crypt/TestSHA.java?rev=1738512&view=auto ============================================================================== --- openmeetings/application/trunk/openmeetings-util/src/test/java/org/apache/openmeetings/util/crypt/TestSHA.java (added) +++ openmeetings/application/trunk/openmeetings-util/src/test/java/org/apache/openmeetings/util/crypt/TestSHA.java Mon Apr 11 05:38:22 2016 @@ -0,0 +1,28 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License") + you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.openmeetings.util.crypt; + +import org.junit.BeforeClass; + +public class TestSHA extends AbstractCryptTest { + @BeforeClass + public static void setup() { + crypt = new SHA256Implementation(); + } +} Modified: openmeetings/application/trunk/openmeetings-web/src/main/java/org/apache/openmeetings/web/pages/ResetPage.java URL: http://svn.apache.org/viewvc/openmeetings/application/trunk/openmeetings-web/src/main/java/org/apache/openmeetings/web/pages/ResetPage.java?rev=1738512&r1=1738511&r2=1738512&view=diff ============================================================================== --- openmeetings/application/trunk/openmeetings-web/src/main/java/org/apache/openmeetings/web/pages/ResetPage.java (original) +++ openmeetings/application/trunk/openmeetings-web/src/main/java/org/apache/openmeetings/web/pages/ResetPage.java Mon Apr 11 05:38:22 2016 @@ -34,12 +34,11 @@ public class ResetPage extends BaseNotIn Object user = Application.getBean(UserDao.class).getUserByHash(resetHash); if (user instanceof User){ add(new ResetPasswordDialog("resetPassword", (User)user)); - }else { + } else { setResponsePage(Application.get().getSignInPageClass()); } } else { setResponsePage(Application.get().getSignInPageClass()); } } - } Modified: openmeetings/application/trunk/openmeetings-web/src/main/java/org/apache/openmeetings/web/pages/auth/RegisterDialog.java URL: http://svn.apache.org/viewvc/openmeetings/application/trunk/openmeetings-web/src/main/java/org/apache/openmeetings/web/pages/auth/RegisterDialog.java?rev=1738512&r1=1738511&r2=1738512&view=diff ============================================================================== --- openmeetings/application/trunk/openmeetings-web/src/main/java/org/apache/openmeetings/web/pages/auth/RegisterDialog.java (original) +++ openmeetings/application/trunk/openmeetings-web/src/main/java/org/apache/openmeetings/web/pages/auth/RegisterDialog.java Mon Apr 11 05:38:22 2016 @@ -23,7 +23,6 @@ import static org.apache.openmeetings.db import static org.apache.openmeetings.util.CalendarPatterns.getDateWithTimeByMiliSeconds; import static org.apache.openmeetings.util.OpenmeetingsVariables.CONFIG_DEFAULT_GROUP_ID; import static org.apache.openmeetings.util.OpenmeetingsVariables.webAppRootKey; -import static org.apache.openmeetings.util.crypt.ManageCryptStyle.getInstanceOfCrypt; import static org.apache.openmeetings.web.app.Application.getBean; import static org.apache.openmeetings.web.app.WebSession.AVAILABLE_TIMEZONES; import static org.apache.wicket.validation.validator.StringValidator.minimumLength; @@ -32,11 +31,13 @@ import java.util.Arrays; import java.util.Date; import java.util.List; import java.util.TimeZone; +import java.util.UUID; import org.apache.openmeetings.db.dao.basic.ConfigurationDao; import org.apache.openmeetings.db.dao.user.IUserManager; import org.apache.openmeetings.db.dao.user.UserDao; import org.apache.openmeetings.db.entity.user.User; +import org.apache.openmeetings.util.crypt.CryptProvider; import org.apache.openmeetings.web.app.Application; import org.apache.openmeetings.web.app.WebSession; import org.apache.openmeetings.web.common.LanguageDropDown; @@ -191,7 +192,7 @@ public class RegisterDialog extends Abst @Override protected void onSubmit(AjaxRequestTarget target) { - String hash = getInstanceOfCrypt().createPassPhrase(login + getDateWithTimeByMiliSeconds(new Date())); + String hash = UUID.randomUUID().toString(); try { getBean(IUserManager.class).registerUserInit(UserDao.getDefaultRights(), login, password, lastName Modified: openmeetings/application/trunk/openmeetings-web/src/main/java/org/apache/openmeetings/web/pages/auth/ResetPasswordDialog.java URL: http://svn.apache.org/viewvc/openmeetings/application/trunk/openmeetings-web/src/main/java/org/apache/openmeetings/web/pages/auth/ResetPasswordDialog.java?rev=1738512&r1=1738511&r2=1738512&view=diff ============================================================================== --- openmeetings/application/trunk/openmeetings-web/src/main/java/org/apache/openmeetings/web/pages/auth/ResetPasswordDialog.java (original) +++ openmeetings/application/trunk/openmeetings-web/src/main/java/org/apache/openmeetings/web/pages/auth/ResetPasswordDialog.java Mon Apr 11 05:38:22 2016 @@ -149,7 +149,7 @@ public class ResetPasswordDialog extends @Override protected void onSubmit(AjaxRequestTarget target) { try { - getBean(UserDao.class).update(user, password.getConvertedInput(), user.getId()); + getBean(UserDao.class).resetPassword(user, password.getConvertedInput()); } catch (Exception e) { error(e.getMessage()); } @@ -171,10 +171,9 @@ public class ResetPasswordDialog extends private static final long serialVersionUID = 1L; @Override - protected String $() - { - return this.$(Options.asString("open")); - } - }); + protected String $() { + return this.$(Options.asString("open")); + } + }); } } Modified: openmeetings/application/trunk/openmeetings-web/src/main/java/org/apache/openmeetings/web/room/InvitationDialog.java URL: http://svn.apache.org/viewvc/openmeetings/application/trunk/openmeetings-web/src/main/java/org/apache/openmeetings/web/room/InvitationDialog.java?rev=1738512&r1=1738511&r2=1738512&view=diff ============================================================================== --- openmeetings/application/trunk/openmeetings-web/src/main/java/org/apache/openmeetings/web/room/InvitationDialog.java (original) +++ openmeetings/application/trunk/openmeetings-web/src/main/java/org/apache/openmeetings/web/room/InvitationDialog.java Mon Apr 11 05:38:22 2016 @@ -47,7 +47,7 @@ import org.apache.openmeetings.db.entity import org.apache.openmeetings.db.entity.user.User.Type; import org.apache.openmeetings.db.util.AuthLevelUtil; import org.apache.openmeetings.service.room.InvitationManager; -import org.apache.openmeetings.util.crypt.ManageCryptStyle; +import org.apache.openmeetings.util.crypt.CryptProvider; import org.apache.openmeetings.web.app.Application; import org.apache.openmeetings.web.app.WebSession; import org.apache.openmeetings.web.common.LanguageDropDown; @@ -270,7 +270,7 @@ public class InvitationDialog extends Ab i.setUpdated(null); i.setUsed(false); - i.setPassword(ManageCryptStyle.getInstanceOfCrypt().createPassPhrase(i.getPassword())); //FIXME should be hidden + i.setPassword(CryptProvider.get().hash(i.getPassword())); //FIXME should be hidden //FIXME another HACK Calendar d = Calendar.getInstance(); d.setTime(i.getValidFrom()); Modified: openmeetings/application/trunk/openmeetings-web/src/test/java/org/apache/openmeetings/test/session/TestHashMapSession.java URL: http://svn.apache.org/viewvc/openmeetings/application/trunk/openmeetings-web/src/test/java/org/apache/openmeetings/test/session/TestHashMapSession.java?rev=1738512&r1=1738511&r2=1738512&view=diff ============================================================================== --- openmeetings/application/trunk/openmeetings-web/src/test/java/org/apache/openmeetings/test/session/TestHashMapSession.java (original) +++ openmeetings/application/trunk/openmeetings-web/src/test/java/org/apache/openmeetings/test/session/TestHashMapSession.java Mon Apr 11 05:38:22 2016 @@ -30,7 +30,7 @@ import org.apache.openmeetings.core.sess import org.apache.openmeetings.db.entity.room.Client; import org.apache.openmeetings.test.AbstractJUnitDefaults; import org.apache.openmeetings.util.OpenmeetingsVariables; -import org.apache.openmeetings.util.crypt.ManageCryptStyle; +import org.apache.openmeetings.util.crypt.CryptProvider; import org.junit.Test; import org.red5.logging.Red5LoggerFactory; import org.slf4j.Logger; @@ -60,8 +60,7 @@ public class TestHashMapSession extends rcm.setScope("scopeName"); long random = System.currentTimeMillis() + new BigInteger(256, new Random()).longValue(); - rcm.setPublicSID(ManageCryptStyle.getInstanceOfCrypt() - .createPassPhrase(String.valueOf(random).toString())); + rcm.setPublicSID(CryptProvider.get().hash(String.valueOf(random).toString())); rcm.setUserport(0); rcm.setUserip("remoteAddress"); Modified: openmeetings/application/trunk/openmeetings-web/src/test/java/org/apache/openmeetings/test/userdata/TestAuth.java URL: http://svn.apache.org/viewvc/openmeetings/application/trunk/openmeetings-web/src/test/java/org/apache/openmeetings/test/userdata/TestAuth.java?rev=1738512&r1=1738511&r2=1738512&view=diff ============================================================================== --- openmeetings/application/trunk/openmeetings-web/src/test/java/org/apache/openmeetings/test/userdata/TestAuth.java (original) +++ openmeetings/application/trunk/openmeetings-web/src/test/java/org/apache/openmeetings/test/userdata/TestAuth.java Mon Apr 11 05:38:22 2016 @@ -21,7 +21,7 @@ package org.apache.openmeetings.test.use import org.apache.openmeetings.db.dao.server.SessiondataDao; import org.apache.openmeetings.db.entity.server.Sessiondata; import org.apache.openmeetings.test.AbstractJUnitDefaults; -import org.apache.openmeetings.util.crypt.ManageCryptStyle; +import org.apache.openmeetings.util.crypt.CryptProvider; import org.junit.Test; import org.springframework.beans.factory.annotation.Autowired; @@ -35,7 +35,7 @@ public class TestAuth extends AbstractJU System.out.println("sessionData: " + sessionData.getSessionId()); - String tTemp = ManageCryptStyle.getInstanceOfCrypt().createPassPhrase("test"); + String tTemp = CryptProvider.get().hash("test"); System.out.println("tTemp: " + tTemp);
