OFBiz › OFBiz - Commits

svn commit: r1622051 - in /ofbiz/branches/release13.07: ./ applications/securityext/src/org/ofbiz/securityext/login/LoginEvents.java

_‹ Previous Topic Next Topic _›

Classic

List

Threaded

1 message

jleroux@apache.org

svn commit: r1622051 - in /ofbiz/branches/release13.07: ./ applications/securityext/src/org/ofbiz/securityext/login/LoginEvents.java

Author: jleroux
Date: Tue Sep 2 16:18:55 2014
New Revision: 1622051

URL: http://svn.apache.org/r1622051
Log:
"Applied fix from trunk for revision: 1622050"
------------------------------------------------------------------------
r1622050 | jleroux | 2014-09-02 18:17:36 +0200 (mar. 02 sept. 2014) | 7 lignes

A patch from Ritu Raj Lakhera for "Forgot password functionality is not honoring the 'password.lowercase' property of 'security.properties'" https://issues.apache.org/jira/browse/OFBIZ-5745

Forgot password functionality (LoginEvents.emailPassword) is not honoring the 'password.lowercase' property of 'security.properties'. And thus customer is not able to Login on e-commerce site with new generated password.
Test Case:
1. Set property 'password.lowercase' as true in 'security.properties'.
2. Request a forgot password and customer get the new password as 'a0e7J'
3. Customer is not able to login on e-commerce site.
------------------------------------------------------------------------

Modified:
ofbiz/branches/release13.07/ (props changed)
ofbiz/branches/release13.07/applications/securityext/src/org/ofbiz/securityext/login/LoginEvents.java

Propchange: ofbiz/branches/release13.07/
------------------------------------------------------------------------------
Merged /ofbiz/trunk:r1622050

Modified: ofbiz/branches/release13.07/applications/securityext/src/org/ofbiz/securityext/login/LoginEvents.java
URL: http://svn.apache.org/viewvc/ofbiz/branches/release13.07/applications/securityext/src/org/ofbiz/securityext/login/LoginEvents.java?rev=1622051&r1=1622050&r2=1622051&view=diff
==============================================================================
--- ofbiz/branches/release13.07/applications/securityext/src/org/ofbiz/securityext/login/LoginEvents.java (original)
+++ ofbiz/branches/release13.07/applications/securityext/src/org/ofbiz/securityext/login/LoginEvents.java Tue Sep 2 16:18:55 2014
@@ -212,6 +212,9 @@ public class LoginEvents {
if (useEncryption) {
// password encrypted, can't send, generate new password and email to user
passwordToSend = RandomStringUtils.randomAlphanumeric(Integer.parseInt(UtilProperties.getPropertyValue("security", "password.length.min", "5")));
+ if ("true".equals(UtilProperties.getPropertyValue("security.properties", "password.lowercase"))){
+ passwordToSend=passwordToSend.toLowerCase();
+ }
supposedUserLogin.set("currentPassword", HashCrypt.cryptUTF8(LoginServices.getHashType(), null, passwordToSend));
supposedUserLogin.set("passwordHint", "Auto-Generated Password");
if ("true".equals(UtilProperties.getPropertyValue("security.properties", "password.email_password.require_password_change"))){