Problems logging in / Error in LoginServices.java?
Locked
Problems logging in / Error in LoginServices.java?
 
|
In the latest version of OFBiz, creating a UserLogin results in a
currentPassword like this: "{SHA}607a966f5353c393...". But checking this password in the LoginServices.java runs: if ((userLogin.get("currentPassword") != null && (HashCrypt.removeHashTypePrefix (encodedPassword).equals(userLogin.getString("currentPassword")) || HashCrypt.removeHashTypePrefix (encodedPasswordOldFunnyHexEncode).equals(userLogin.getString( "currentPassword")) || HashCrypt.removeHashTypePrefix (encodedPasswordUsingDbHashType).equals(userLogin.getString( "currentPassword")) || ("true".equals(UtilProperties. getPropertyValue("security.properties", "password.accept.encrypted.and.plain")) && password.equals(userLogin.getString("currentPassword")))))) { Debug.logVerbose("[LoginServices.userLogin] : Password Matched", module); By this, with "HashCrypt.removeHashTypePrefix(encodedPassword)" you drop "{SHA} from the encodedPassword, whereas the stored password in " userLogin.getString("currentPassword")" always shows this sequence. Should this condition therefore be extended by "encodedPassword.equals(userLogin.getString("currentPassword")) ||"? Resulting in: if ((userLogin.get("currentPassword") != null && (encodedPassword.equals(userLogin.getString( "currentPassword")) || HashCrypt.removeHashTypePrefix (encodedPassword).equals(userLogin.getString("currentPassword")) || HashCrypt.removeHashTypePrefix (encodedPasswordOldFunnyHexEncode).equals(userLogin.getString( "currentPassword")) || HashCrypt.removeHashTypePrefix (encodedPasswordUsingDbHashType).equals(userLogin.getString( "currentPassword")) || ("true".equals(UtilProperties. getPropertyValue("security.properties", "password.accept.encrypted.and.plain")) && password.equals(userLogin.getString("currentPassword")))))) { Debug.logVerbose("[LoginServices.userLogin] : Password Matched", module); A quick answer would be great. Greetings Arnd Arnd Scharpegge Diplom-Informatiker / M.A. Consultant AEW Agrenon GmbH Johanniskirchplatz 6 33615 Bielefeld Deutschland Fon: +49 521 5247-0 Fax: +49 521 5247-250 Mobil: +49 170 91 93 216 Company and Management Headquarters: Agrenon GmbH, Johanniskirchplatz 6, 33615 Bielefeld, Deutschland, Fon: +49 521 5247-0, Fax: +49 521 5247-250, www.agrenon.com Court Registration: Amtsgericht Bielefeld HRB 36795 Chief Executive Officer: Dirk Osterkamp ---------------------------------------------------------------------------------------------------- This e-mail may contain trade secrets or privileged, undisclosed, or otherwise confidential information. If you have received this e-mail in error, you are hereby notified that any review, copying, or distribution of it is strictly prohibited. Please inform us immediately and destroy the original transmittal. Thank you for your cooperation. ---------------------------------------------------------------------------------------------------- Besuchen Sie uns! talk@lynx: ATLAS-Ausfuhr im SAP für Ihren Sprung ins elektronische Zollzeitalter! 27. Mai 2008 Beginn: 15.00 Uhr Geschäftsstelle Bielefeld |
Re: Problems logging in / Error in LoginServices.java?
|
|
Which revision are you using? I this is what it looks like, it has already been fixed. -David On May 26, 2008, at 10:23 AM, Arnd Scharpegge wrote: > In the latest version of OFBiz, creating a UserLogin results in a > currentPassword like this: "{SHA}607a966f5353c393...". > > But checking this password in the LoginServices.java runs: > > if ((userLogin.get("currentPassword") != null > && > (HashCrypt.removeHashTypePrefix > (encodedPassword).equals(userLogin.getString("currentPassword")) || > HashCrypt.removeHashTypePrefix > (encodedPasswordOldFunnyHexEncode).equals(userLogin.getString( > "currentPassword")) || > HashCrypt.removeHashTypePrefix > (encodedPasswordUsingDbHashType).equals(userLogin.getString( > "currentPassword")) || > ("true".equals(UtilProperties. > getPropertyValue("security.properties", > "password.accept.encrypted.and.plain")) && > password.equals(userLogin.getString("currentPassword")))))) { > > Debug.logVerbose("[LoginServices.userLogin] : > Password Matched", module); > > By this, with "HashCrypt.removeHashTypePrefix(encodedPassword)" you > drop > "{SHA} from the encodedPassword, whereas the stored password in " > userLogin.getString("currentPassword")" always shows this sequence. > > Should this condition therefore be extended by > "encodedPassword.equals(userLogin.getString("currentPassword")) ||"? > Resulting in: > > if ((userLogin.get("currentPassword") != null > && > > (encodedPassword.equals(userLogin.getString( > "currentPassword")) || > HashCrypt.removeHashTypePrefix > (encodedPassword).equals(userLogin.getString("currentPassword")) || > HashCrypt.removeHashTypePrefix > (encodedPasswordOldFunnyHexEncode).equals(userLogin.getString( > "currentPassword")) || > HashCrypt.removeHashTypePrefix > (encodedPasswordUsingDbHashType).equals(userLogin.getString( > "currentPassword")) || > ("true".equals(UtilProperties. > getPropertyValue("security.properties", > "password.accept.encrypted.and.plain")) && > password.equals(userLogin.getString("currentPassword")))))) { > > Debug.logVerbose("[LoginServices.userLogin] : > Password Matched", module); > > A quick answer would be great. > > > Greetings > > Arnd > > > > Arnd Scharpegge > Diplom-Informatiker / M.A. > Consultant AEW > Agrenon GmbH > Johanniskirchplatz 6 > 33615 Bielefeld > Deutschland > Fon: +49 521 5247-0 > Fax: +49 521 5247-250 > Mobil: +49 170 91 93 216 > > > Company and Management Headquarters: > Agrenon GmbH, Johanniskirchplatz 6, 33615 Bielefeld, Deutschland, > Fon: +49 521 5247-0, Fax: +49 521 5247-250, www.agrenon.com > > Court Registration: Amtsgericht Bielefeld HRB 36795 > Chief Executive Officer: Dirk Osterkamp > > ---------------------------------------------------------------------------------------------------- > This e-mail may contain trade secrets or privileged, undisclosed, or > otherwise confidential information. If you have received this e-mail > in error, you are hereby notified that any review, copying, or > distribution of it is strictly prohibited. Please inform us > immediately and destroy the original transmittal. Thank you for your > cooperation. > ---------------------------------------------------------------------------------------------------- > > > Besuchen Sie uns! > > talk@lynx: > ATLAS-Ausfuhr im SAP > für Ihren Sprung ins > elektronische Zollzeitalter! > > 27. Mai 2008 > Beginn: 15.00 Uhr > Geschäftsstelle Bielefeld |
Re: Re: Problems logging in / Error in LoginServices.java?
|
|
In reply to this post by Arnd Scharpegge-2
Thanks for your support. Working with the new code.
Better testing before checking in would have saved some of my time. ===================================== Which revision are you using? I this is what it looks like, it has already been fixed. -David Arnd Scharpegge Diplom-Informatiker / M.A. Consultant AEW Agrenon GmbH Johanniskirchplatz 6 33615 Bielefeld Deutschland Fon: +49 521 5247-0 Fax: +49 521 5247-250 Mobil: +49 170 91 93 216 Company and Management Headquarters: Agrenon GmbH, Johanniskirchplatz 6, 33615 Bielefeld, Deutschland, Fon: +49 521 5247-0, Fax: +49 521 5247-250, www.agrenon.com Court Registration: Amtsgericht Bielefeld HRB 36795 Chief Executive Officer: Dirk Osterkamp ---------------------------------------------------------------------------------------------------- This e-mail may contain trade secrets or privileged, undisclosed, or otherwise confidential information. If you have received this e-mail in error, you are hereby notified that any review, copying, or distribution of it is strictly prohibited. Please inform us immediately and destroy the original transmittal. Thank you for your cooperation. ---------------------------------------------------------------------------------------------------- Besuchen Sie uns! talk@lynx: ATLAS-Ausfuhr im SAP für Ihren Sprung ins elektronische Zollzeitalter! 27. Mai 2008 Beginn: 15.00 Uhr Geschäftsstelle Bielefeld |
Re: Problems logging in / Error in LoginServices.java?
|
|
On May 27, 2008, at 1:56 AM, Arnd Scharpegge wrote: > Thanks for your support. Working with the new code. > > Better testing before checking in would have saved some of my time. That may have saved you a little bit of your time. Admittedly being omniscient would personally save me a lot of my own time, oh and having a large set of perfect test cases would too. Until we all reach that sort of holy state that is more expected than possible, the best way you can save yourself time (making a huge difference for you personally) is to be more involved with the community and learn more about the software you are using. -David > ===================================== > > Which revision are you using? I this is what it looks like, it has > already been fixed. > > -David > > > > > Arnd Scharpegge > Diplom-Informatiker / M.A. > Consultant AEW > Agrenon GmbH > Johanniskirchplatz 6 > 33615 Bielefeld > Deutschland > Fon: +49 521 5247-0 > Fax: +49 521 5247-250 > Mobil: +49 170 91 93 216 > > > Company and Management Headquarters: > Agrenon GmbH, Johanniskirchplatz 6, 33615 Bielefeld, Deutschland, > Fon: +49 521 5247-0, Fax: +49 521 5247-250, www.agrenon.com > > Court Registration: Amtsgericht Bielefeld HRB 36795 > Chief Executive Officer: Dirk Osterkamp > > ---------------------------------------------------------------------------------------------------- > This e-mail may contain trade secrets or privileged, undisclosed, or > otherwise confidential information. If you have received this e-mail > in error, you are hereby notified that any review, copying, or > distribution of it is strictly prohibited. Please inform us > immediately and destroy the original transmittal. Thank you for your > cooperation. > ---------------------------------------------------------------------------------------------------- > > > Besuchen Sie uns! > > talk@lynx: > ATLAS-Ausfuhr im SAP > für Ihren Sprung ins > elektronische Zollzeitalter! > > 27. Mai 2008 > Beginn: 15.00 Uhr > Geschäftsstelle Bielefeld |
«
Return to OFBiz - Dev
|
1 view|%1 views
| Free forum by Nabble | Edit this page |