Hey all,

i have a question about generating a user with the MgnlUserManager.

I'm using Magnolia 4.5.7 for a project where we have to import users from an 
old CMS. To import the users to Magnolia, we use MgnlUserManager-Object to 
create a new user in Magnolia. Also the default role for the default system 
rights are added to the users.

[code]  /**
         * Creates the magnolia user for the imported employee and set the 
correct user group.
         * 
         * @param empNode
         *                      the emplyoee node
         * @param travelAgencyUUID
         *                      the travel agency uuid/identifier
         * @throws ItemNotFoundException
         * @throws RepositoryException
         */
        private void createMgnlUser(Node empNode, String travelAgencyUUID, 
String masterPwd) throws ItemNotFoundException, RepositoryException {
                String userName = null;
                Node travelAgencyNode = 
this.dataSession.getNodeByIdentifier(travelAgencyUUID);
                this.costCenterID = 
travelAgencyNode.getProperty(DERCommon.getPropertyValue(this.resourceBundle, 
"KST")).getString();
                
                // Check if the subfolder for the travel agency already exists 
in the user repository. Otherwise create it.
                Node usersRootNode = this.userSession.getRootNode();
                Node travelAgencyUsersNode = 
DERCommon.getOrCreateNode(usersRootNode, "admin/" + travelAgencyNode.getName(), 
MgnlNodeType.NT_FOLDER);
                this.userSession.save();
                
                
this.mgnlUserManager.setRealmName(travelAgencyUsersNode.getPath().replaceFirst("/",
 ""));
                
                userName = 
empNode.getProperty(DERCommon.getPropertyValue(this.resourceBundle, 
"PNR")).getString();
                if (Security.getUserManager().getUser(userName) == null) {
                        User user = null;
                        
                        if(this.isRL(empNode)) {
                                user = 
this.mgnlUserManager.createUser(userName, masterPwd);
                                mgnlUserManager.addGroup(user, 
this.costCenterID + "_rl");
                        } else if(this.isLVL(empNode)) {
                                user = 
this.mgnlUserManager.createUser(userName, masterPwd);
                                mgnlUserManager.addGroup(user, 
this.costCenterID + "_lvl");
                        } else {
                                user = 
this.mgnlUserManager.createUser(userName, DERCommon.USER_STD_PWD);
                                mgnlUserManager.addGroup(user, 
this.costCenterID + "_emp");
                        }
                        
                        this.mgnlUserManager.setProperty(user, "enabled", 
"true");
                        this.mgnlUserManager.setProperty(user, "title", 
empNode.getProperty(DERCommon.getPropertyValue(this.resourceBundle, 
"VORNAME")).getString() 
                                                                                
                                        + " " + 
empNode.getProperty(DERCommon.getPropertyValue(this.resourceBundle, 
"NACHNAME")).getString());
                }
        }[/code]

Now we have the following Problem. The default MgnlUserManager which comes with 
the magnolia-core uses Base64 to encode the specified password. The generated 
password in the jcr e.g. 123456 looks like: YmE2ZDRmYmI=
If i create a user directly in the Magnolia-Author the same password looks 
like: $2a$12$dkE5vtlwmj.jbu2weP5YTOdnSliOApPVjBhS1jWgaAWVwaZbslNJS

After a short research i found this: 
[url]http://forum.magnolia-cms.com/forum/thread.html?threadId=fa98a037-8034-4b10-bffc-aea1957b1987[/url]
Which refers to 
[url]http://svn.magnolia-cms.com/view/community/magnolia/trunk/magnolia-core/src/main/java/info/magnolia/setup/HashUsersPasswords.java?revision=52870&pathrev=52870[/url]
 where BCrypt is used instead of Base64. So i defined my own MgnlUserManager 
where i changed the encodePassword from Base64 to BCrypt:
[code]    protected String encodePassword(String clearPassword) {
        // Old and wrong encode
        //return new String(Base64.encodeBase64(clearPassword.getBytes()));
        String pwd = SecurityUtil.getBCrypt(clearPassword);
        
        return pwd;
        
    }[/code]

Now i have the following password in the JCR: 
$2a$12$304vFWyzml2cia.awsctPOR.qxq3YpDzjMTDAzvp3R6inH/ODodtq

But the login won't work. Is there any way to generate the users and thay are 
able to login to the system? When we edit the auto generated user (with the 
superuser) and set the password with the edit formular which comes by default, 
we can login to the system. Just the auto generated password won't work!

-- 
Context is everything: 
http://forum.magnolia-cms.com/forum/thread.html?threadId=d10c8af8-5c33-4f05-9976-5cdeeb994718


----------------------------------------------------------------
For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html
Alternatively, use our forums: http://forum.magnolia-cms.com/
To unsubscribe, E-mail to: <[email protected]>
----------------------------------------------------------------

Reply via email to