Hans: thanks for your attention and this, and sorry for delaying the
fix. Login not working after a password change is a pretty serious bug!
The problem was that in the LoginServices.userLogin method/service it
wasn't removing the prefix from both the password entered and the
password from the database (UserLogin.currentPassword).
This last change you made fixed the problem because it effectively
disabled the prefix removal. That can potentially cause other problems
though, so I've changed that back to the prefix removal method works
again, but now it is done on both sides so the comparison will work.
I've tested this based on the changes in SVN rev 656515 and it is
working fine now.
-David
On May 14, 2008, at 3:22 AM,
[hidden email] wrote:
> Author: hansbak
> Date: Wed May 14 02:22:54 2008
> New Revision: 656175
>
> URL:
http://svn.apache.org/viewvc?rev=656175&view=rev> Log:
> a better fix than rev 656100
>
> Modified:
> ofbiz/trunk/framework/base/src/base/org/ofbiz/base/crypto/
> HashCrypt.java
> ofbiz/trunk/framework/common/src/org/ofbiz/common/login/
> LoginServices.java
>
> Modified: ofbiz/trunk/framework/base/src/base/org/ofbiz/base/crypto/
> HashCrypt.java
> URL:
http://svn.apache.org/viewvc/ofbiz/trunk/framework/base/src/base/org/ofbiz/base/crypto/HashCrypt.java?rev=656175&r1=656174&r2=656175&view=diff> =
> =
> =
> =
> =
> =
> =
> =
> ======================================================================
> --- ofbiz/trunk/framework/base/src/base/org/ofbiz/base/crypto/
> HashCrypt.java (original)
> +++ ofbiz/trunk/framework/base/src/base/org/ofbiz/base/crypto/
> HashCrypt.java Wed May 14 02:22:54 2008
> @@ -81,7 +81,7 @@
> }
>
> public static String removeHashTypePrefix(String hashString) {
> - if (UtilValidate.isEmpty(hashString) ||
> hashString.charAt(0) != '{') {
> + if (UtilValidate.isNotEmpty(hashString) ||
> hashString.charAt(0) != '{') {
> return hashString;
> }
>
>
> Modified: ofbiz/trunk/framework/common/src/org/ofbiz/common/login/
> LoginServices.java
> URL:
http://svn.apache.org/viewvc/ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LoginServices.java?rev=656175&r1=656174&r2=656175&view=diff> =
> =
> =
> =
> =
> =
> =
> =
> ======================================================================
> --- ofbiz/trunk/framework/common/src/org/ofbiz/common/login/
> LoginServices.java (original)
> +++ ofbiz/trunk/framework/common/src/org/ofbiz/common/login/
> LoginServices.java Wed May 14 02:22:54 2008
> @@ -162,8 +162,7 @@
> // if the
> password.accept.encrypted.and.plain property in security is set to
> true allow plain or encrypted passwords
> // if this is a system account don't bother
> checking the passwords
> if ((userLogin.get("currentPassword") !=
> null &&
> -
> (encodedPassword.equals(userLogin.getString("currentPassword")) ||
> -
> HashCrypt
> .removeHashTypePrefix
> (encodedPassword).equals(userLogin.getString("currentPassword")) ||
> +
> (HashCrypt
> .removeHashTypePrefix
> (encodedPassword).equals(userLogin.getString("currentPassword")) ||
>
> HashCrypt
> .removeHashTypePrefix
> (encodedPasswordOldFunnyHexEncode
> ).equals(userLogin.getString("currentPassword")) ||
>
> HashCrypt
> .removeHashTypePrefix
> (encodedPasswordUsingDbHashType
> ).equals(userLogin.getString("currentPassword")) ||
>
> ("true
> ".equals(UtilProperties.getPropertyValue("security.properties",
> "password.accept.encrypted.and.plain")) &&
> password.equals(userLogin.getString("currentPassword")))))) {
>
>
Locked
