svn commit: r1333664 - in /ofbiz/trunk: applications/securityext/src/o
Locked
 
|
Author: doogie
Date: Thu May 3 22:20:24 2012 New Revision: 1333664 URL: http://svn.apache.org/viewvc?rev=1333664&view=rev Log: OPTIMIZE: Remove cryptPassword(String, String); it is not nescessary to go thru a deprecation cycle for this, as this method was only recently added, and has never been officially released. Modified: ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/login/LoginEvents.java ofbiz/trunk/framework/base/src/org/ofbiz/base/crypto/HashCrypt.java ofbiz/trunk/framework/base/src/org/ofbiz/base/crypto/Main.java ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LdapAuthenticationServices.java ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LoginServices.java ofbiz/trunk/specialpurpose/ldap/src/org/ofbiz/ldap/commons/AbstractOFBizAuthenticationHandler.java Modified: ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/login/LoginEvents.java URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/login/LoginEvents.java?rev=1333664&r1=1333663&r2=1333664&view=diff ============================================================================== --- ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/login/LoginEvents.java (original) +++ ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/login/LoginEvents.java Thu May 3 22:20:24 2012 @@ -212,7 +212,7 @@ public class LoginEvents { if (useEncryption) { // password encrypted, can't send, generate new password and email to user passwordToSend = RandomStringUtils.randomAlphanumeric(Integer.parseInt(UtilProperties.getPropertyValue("security", "password.length.min", "5"))); - supposedUserLogin.set("currentPassword", HashCrypt.cryptPassword(LoginServices.getHashType(), passwordToSend)); + supposedUserLogin.set("currentPassword", HashCrypt.cryptPassword(LoginServices.getHashType(), null, passwordToSend)); supposedUserLogin.set("passwordHint", "Auto-Generated Password"); if ("true".equals(UtilProperties.getPropertyValue("security.properties", "password.email_password.require_password_change"))){ supposedUserLogin.set("requirePasswordChange", "Y"); Modified: ofbiz/trunk/framework/base/src/org/ofbiz/base/crypto/HashCrypt.java URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/base/src/org/ofbiz/base/crypto/HashCrypt.java?rev=1333664&r1=1333663&r2=1333664&view=diff ============================================================================== --- ofbiz/trunk/framework/base/src/org/ofbiz/base/crypto/HashCrypt.java (original) +++ ofbiz/trunk/framework/base/src/org/ofbiz/base/crypto/HashCrypt.java Thu May 3 22:20:24 2012 @@ -111,12 +111,13 @@ public class HashCrypt { return hashed.equals(new String(digestChars)); } - public static String cryptPassword(String hashType, String password) { - int saltLength = new Random().nextInt(15) + 1; - return cryptPassword(hashType, RandomStringUtils.random(saltLength, CRYPT_CHAR_SET), password); - } - public static String cryptPassword(String hashType, String salt, String password) { + if (hashType == null) { + hashType = "SHA"; + } + if (salt == null) { + salt = RandomStringUtils.random(new Random().nextInt(15) + 1, CRYPT_CHAR_SET); + } StringBuilder sb = new StringBuilder(); sb.append("$").append(hashType).append("$").append(salt).append("$"); sb.append(getCryptedBytes(hashType, salt, password.getBytes(UTF8))); Modified: ofbiz/trunk/framework/base/src/org/ofbiz/base/crypto/Main.java URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/base/src/org/ofbiz/base/crypto/Main.java?rev=1333664&r1=1333663&r2=1333664&view=diff ============================================================================== --- ofbiz/trunk/framework/base/src/org/ofbiz/base/crypto/Main.java (original) +++ ofbiz/trunk/framework/base/src/org/ofbiz/base/crypto/Main.java Thu May 3 22:20:24 2012 @@ -21,7 +21,7 @@ package org.ofbiz.base.crypto; public class Main { public static void main(String[] args) throws Exception { if (args[0].equals("-crypt")) { - System.out.println(HashCrypt.cryptPassword(args[1], args[2])); + System.out.println(HashCrypt.cryptPassword(args[1], null, args[2])); } else if (args[0].equals("-digest")) { @SuppressWarnings("deprecation") String digest = HashCrypt.getDigestHash(args[1]); Modified: ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LdapAuthenticationServices.java URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LdapAuthenticationServices.java?rev=1333664&r1=1333663&r2=1333664&view=diff ============================================================================== --- ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LdapAuthenticationServices.java (original) +++ ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LdapAuthenticationServices.java Thu May 3 22:20:24 2012 @@ -103,7 +103,7 @@ public class LdapAuthenticationServices } if (!samePassword) { Debug.logVerbose("Starting password synchronization", module); - userLogin.set("currentPassword", useEncryption ? HashCrypt.cryptPassword(LoginServices.getHashType(), password) : password, false); + userLogin.set("currentPassword", useEncryption ? HashCrypt.cryptPassword(LoginServices.getHashType(), null, password) : password, false); Transaction parentTx = null; boolean beganTransaction = false; try { Modified: ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LoginServices.java URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LoginServices.java?rev=1333664&r1=1333663&r2=1333664&view=diff ============================================================================== --- ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LoginServices.java (original) +++ ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LoginServices.java Thu May 3 22:20:24 2012 @@ -456,7 +456,7 @@ public class LoginServices { // save this password in history GenericValue userLoginPwdHistToCreate = delegator.makeValue("UserLoginPasswordHistory", UtilMisc.toMap("userLoginId", userLoginId,"fromDate", nowTimestamp)); boolean useEncryption = "true".equals(UtilProperties.getPropertyValue("security.properties", "password.encrypt")); - userLoginPwdHistToCreate.set("currentPassword", useEncryption ? HashCrypt.cryptPassword(getHashType(), currentPassword) : currentPassword); + userLoginPwdHistToCreate.set("currentPassword", useEncryption ? HashCrypt.cryptPassword(getHashType(), null, currentPassword) : currentPassword); userLoginPwdHistToCreate.create(); } @@ -520,7 +520,7 @@ public class LoginServices { userLoginToCreate.set("passwordHint", passwordHint); userLoginToCreate.set("enabled", enabled); userLoginToCreate.set("requirePasswordChange", requirePasswordChange); - userLoginToCreate.set("currentPassword", useEncryption ? HashCrypt.cryptPassword(getHashType(), currentPassword) : currentPassword); + userLoginToCreate.set("currentPassword", useEncryption ? HashCrypt.cryptPassword(getHashType(), null, currentPassword) : currentPassword); try { userLoginToCreate.set("partyId", partyId); } catch (Exception e) { @@ -672,7 +672,7 @@ public class LoginServices { return ServiceUtil.returnError(errMsg); } } else { - userLoginToUpdate.set("currentPassword", useEncryption ? HashCrypt.cryptPassword(getHashType(), newPassword) : newPassword, false); + userLoginToUpdate.set("currentPassword", useEncryption ? HashCrypt.cryptPassword(getHashType(), null, newPassword) : newPassword, false); userLoginToUpdate.set("passwordHint", passwordHint, false); userLoginToUpdate.set("requirePasswordChange", "N"); @@ -925,7 +925,7 @@ public class LoginServices { Delegator delegator = userLogin.getDelegator(); String newPasswordHash = newPassword; if (useEncryption) { - newPasswordHash = HashCrypt.cryptPassword(getHashType(), newPassword); + newPasswordHash = HashCrypt.cryptPassword(getHashType(), null, newPassword); } try { List<GenericValue> pwdHistList = delegator.findByAnd("UserLoginPasswordHistory", UtilMisc.toMap("userLoginId",userLogin.getString("userLoginId"),"currentPassword",newPasswordHash)); Modified: ofbiz/trunk/specialpurpose/ldap/src/org/ofbiz/ldap/commons/AbstractOFBizAuthenticationHandler.java URL: http://svn.apache.org/viewvc/ofbiz/trunk/specialpurpose/ldap/src/org/ofbiz/ldap/commons/AbstractOFBizAuthenticationHandler.java?rev=1333664&r1=1333663&r2=1333664&view=diff ============================================================================== --- ofbiz/trunk/specialpurpose/ldap/src/org/ofbiz/ldap/commons/AbstractOFBizAuthenticationHandler.java (original) +++ ofbiz/trunk/specialpurpose/ldap/src/org/ofbiz/ldap/commons/AbstractOFBizAuthenticationHandler.java Thu May 3 22:20:24 2012 @@ -101,7 +101,7 @@ public abstract class AbstractOFBizAuthe userLoginToCreate.set("passwordHint", ""); userLoginToCreate.set("enabled", "Y"); userLoginToCreate.set("partyId", getPartyId(rootElement, result)); - userLoginToCreate.set("currentPassword", useEncryption ? HashCrypt.cryptPassword(LoginServices.getHashType(), password) : password); + userLoginToCreate.set("currentPassword", useEncryption ? HashCrypt.cryptPassword(LoginServices.getHashType(), null, password) : password); GenericValue userTryToLogin = delegator.findOne("UserLogin", false, "userLoginId", username); if (userTryToLogin == null) { @@ -119,7 +119,7 @@ public abstract class AbstractOFBizAuthe throw new GenericEntityException(e.getLocalizedMessage()); } } else { - userTryToLogin.setString("currentPassword", useEncryption ? HashCrypt.cryptPassword(LoginServices.getHashType(), password) : password); + userTryToLogin.setString("currentPassword", useEncryption ? HashCrypt.cryptPassword(LoginServices.getHashType(), null, password) : password); userTryToLogin.store(); } |
«
Return to OFBiz - Commits
|
1 view|%1 views
| Free forum by Nabble | Edit this page |