details: /erp/devel/pi/rev/5f83390cc5aa
changeset: 10210:5f83390cc5aa
user: Stefan Hühner <stefan.huehner <at> openbravo.com>
date: Fri Jan 28 17:40:28 2011 +0100
summary: Add write/update support to new references for password fields
encrypt/hash password type fields when updating them.
Writes aredirected to a new virtual property <fieldName>.cleartext in the
json update used for the updated. Value of that property is used in the
JsonToDataConverter instead of the original one and its processed before
being saved.
diffstat:
modules/org.openbravo.client.application/web/org.openbravo.client.application/js/ob-formitem-widgets.js
| 6 +-
modules/org.openbravo.client.kernel/src/org/openbravo/client/kernel/reference/PasswordUIDefinition.java
| 2 +-
modules/org.openbravo.service.json/src/org/openbravo/service/json/DataToJsonConverter.java
| 6 +
modules/org.openbravo.service.json/src/org/openbravo/service/json/JsonToDataConverter.java
| 39 +++++++++-
4 files changed, 50 insertions(+), 3 deletions(-)
diffs (134 lines):
diff -r 5b8be92551f9 -r 5f83390cc5aa
modules/org.openbravo.client.application/web/org.openbravo.client.application/js/ob-formitem-widgets.js
---
a/modules/org.openbravo.client.application/web/org.openbravo.client.application/js/ob-formitem-widgets.js
Fri Jan 28 16:41:41 2011 +0100
+++
b/modules/org.openbravo.client.application/web/org.openbravo.client.application/js/ob-formitem-widgets.js
Fri Jan 28 17:40:28 2011 +0100
@@ -280,7 +280,11 @@
isc.ClassFactory.defineClass('OBEncryptedItem', isc.PasswordItem);
// add specific properties here
-isc.OBEncryptedItem.addProperties({});
+isc.OBEncryptedItem.addProperties({
+ changed : function(form,item,value) {
+ this.form.setValue(item.name + '.cleartext', value);
+ }
+});
// == OBFormButton ==
// The default form button.
diff -r 5b8be92551f9 -r 5f83390cc5aa
modules/org.openbravo.client.kernel/src/org/openbravo/client/kernel/reference/PasswordUIDefinition.java
---
a/modules/org.openbravo.client.kernel/src/org/openbravo/client/kernel/reference/PasswordUIDefinition.java
Fri Jan 28 16:41:41 2011 +0100
+++
b/modules/org.openbravo.client.kernel/src/org/openbravo/client/kernel/reference/PasswordUIDefinition.java
Fri Jan 28 17:40:28 2011 +0100
@@ -11,7 +11,7 @@
* under the License.
* The Original Code is Openbravo ERP.
* The Initial Developer of the Original Code is Openbravo SLU
- * All portions are Copyright (C) 2010 Openbravo SLU
+ * All portions are Copyright (C) 2011 Openbravo SLU
* All Rights Reserved.
* Contributor(s): ______________________________________.
************************************************************************
diff -r 5b8be92551f9 -r 5f83390cc5aa
modules/org.openbravo.service.json/src/org/openbravo/service/json/DataToJsonConverter.java
---
a/modules/org.openbravo.service.json/src/org/openbravo/service/json/DataToJsonConverter.java
Fri Jan 28 16:41:41 2011 +0100
+++
b/modules/org.openbravo.service.json/src/org/openbravo/service/json/DataToJsonConverter.java
Fri Jan 28 17:40:28 2011 +0100
@@ -30,6 +30,8 @@
import org.codehaus.jettison.json.JSONObject;
import org.openbravo.base.model.Entity;
import org.openbravo.base.model.Property;
+import org.openbravo.base.model.domaintype.EncryptedStringDomainType;
+import org.openbravo.base.model.domaintype.HashedStringDomainType;
import org.openbravo.base.structure.ActiveEnabled;
import org.openbravo.base.structure.BaseOBObject;
import org.openbravo.dal.core.DalUtil;
@@ -225,6 +227,10 @@
} else {
return xmlDateFormat.format(value);
}
+ // for the properties of type password -> do not return raw-value at all
+ } else if (property.getDomainType() instanceof HashedStringDomainType
+ || property.getDomainType() instanceof EncryptedStringDomainType) {
+ return "***";
}
return value;
}
diff -r 5b8be92551f9 -r 5f83390cc5aa
modules/org.openbravo.service.json/src/org/openbravo/service/json/JsonToDataConverter.java
---
a/modules/org.openbravo.service.json/src/org/openbravo/service/json/JsonToDataConverter.java
Fri Jan 28 16:41:41 2011 +0100
+++
b/modules/org.openbravo.service.json/src/org/openbravo/service/json/JsonToDataConverter.java
Fri Jan 28 17:40:28 2011 +0100
@@ -31,6 +31,8 @@
import java.util.List;
import java.util.Map;
+import javax.servlet.ServletException;
+
import org.apache.log4j.Logger;
import org.codehaus.jettison.json.JSONArray;
import org.codehaus.jettison.json.JSONException;
@@ -38,6 +40,8 @@
import org.openbravo.base.exception.OBException;
import org.openbravo.base.model.Entity;
import org.openbravo.base.model.Property;
+import org.openbravo.base.model.domaintype.EncryptedStringDomainType;
+import org.openbravo.base.model.domaintype.HashedStringDomainType;
import org.openbravo.base.provider.OBProvider;
import org.openbravo.base.structure.BaseOBObject;
import org.openbravo.base.structure.Traceable;
@@ -45,6 +49,8 @@
import org.openbravo.dal.service.OBDal;
import org.openbravo.dal.service.OBQuery;
import org.openbravo.model.common.enterprise.Organization;
+import org.openbravo.utils.CryptoUtility;
+import org.openbravo.utils.FormatUtilities;
/**
* Converts json data to Openbravo business object(s).
@@ -159,6 +165,26 @@
return new BigDecimal(((Number) value).doubleValue());
} else if (value instanceof String && ((String) value).trim().length()
== 0) {
return null;
+ } else if (value instanceof String
+ && property.getDomainType() instanceof HashedStringDomainType) {
+ String str = (String) value;
+ try {
+ return FormatUtilities.sha1Base64(str);
+ } catch (ServletException e) {
+ log.error("Error hashing password", e);
+ // TODO: translate error message
+ throw new Error("Could not encrypt password", e);
+ }
+ } else if (value instanceof String
+ && property.getDomainType() instanceof EncryptedStringDomainType) {
+ String str = (String) value;
+ try {
+ return CryptoUtility.encrypt(str);
+ } catch (ServletException e) {
+ log.error("Error encrypting password", e);
+ // TODO: translate error message
+ throw new Error("Could not encrypt password", e);
+ }
}
return value;
} catch (Exception e) {
@@ -305,13 +331,24 @@
// a foreign key
final boolean multiPathProperty = keyName.contains(DOT);
if (multiPathProperty) {
+ // TODO: handle passwords here also
handleMultiPathProperty("", keyName, obObject, jsonObject,
jsonObject.get(keyName));
} else {
if (!entity.hasProperty(keyName)) {
continue;
}
final Property property = entity.getProperty(keyName);
- setValue(obObject, property, jsonObject.get(keyName));
+ if (property.getDomainType() instanceof EncryptedStringDomainType
+ || property.getDomainType() instanceof HashedStringDomainType) {
+ if (jsonObject.has(keyName + ".cleartext")) {
+ Object valCleartext = jsonObject.get(keyName + ".cleartext");
+ setValue(obObject, property, valCleartext);
+ } else {
+ // no .cleartext value found -> skipping field
+ }
+ } else {
+ setValue(obObject, property, jsonObject.get(keyName));
+ }
}
}
}
------------------------------------------------------------------------------
Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
Finally, a world-class log management solution at an even better price-free!
Download using promo code Free_Logger_4_Dev2Dev. Offer expires
February 28th, so secure your free ArcSight Logger TODAY!
http://p.sf.net/sfu/arcsight-sfd2d
_______________________________________________
Openbravo-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openbravo-commits
