Author: jonesde
Date: Wed May 14 23:10:50 2008
New Revision: 656515
URL:
http://svn.apache.org/viewvc?rev=656515&view=revLog:
Reverted fix from Hans that effectively disabled the method to remove the hash type prefix, and fixed the userLogin service code to and fixed the userLogin service code to remove the prefix from the db currentPassword value, which was missing and was causing the problem
Modified:
ofbiz/trunk/framework/base/src/base/org/ofbiz/base/crypto/HashCrypt.java
ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LoginServices.java
Modified: ofbiz/trunk/framework/base/src/base/org/ofbiz/base/crypto/HashCrypt.java
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/framework/base/src/base/org/ofbiz/base/crypto/HashCrypt.java?rev=656515&r1=656514&r2=656515&view=diff==============================================================================
--- ofbiz/trunk/framework/base/src/base/org/ofbiz/base/crypto/HashCrypt.java (original)
+++ ofbiz/trunk/framework/base/src/base/org/ofbiz/base/crypto/HashCrypt.java Wed May 14 23:10:50 2008
@@ -81,7 +81,7 @@
}
public static String removeHashTypePrefix(String hashString) {
- if (UtilValidate.isNotEmpty(hashString) || hashString.charAt(0) != '{') {
+ if (UtilValidate.isEmpty(hashString) || hashString.charAt(0) != '{') {
return hashString;
}
Modified: ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LoginServices.java
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LoginServices.java?rev=656515&r1=656514&r2=656515&view=diff==============================================================================
--- ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LoginServices.java (original)
+++ ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LoginServices.java Wed May 14 23:10:50 2008
@@ -115,6 +115,7 @@
String currentPassword = userLogin.getString("currentPassword");
if (useEncryption && currentPassword != null && currentPassword.startsWith("{")) {
+ // get encode according to the type in the database
String dbHashType = HashCrypt.getHashTypeFromPrefix(currentPassword);
if (dbHashType != null) {
encodedPasswordUsingDbHashType = HashCrypt.getDigestHash(password, dbHashType);
@@ -162,9 +163,9 @@
// if the password.accept.encrypted.and.plain property in security is set to true allow plain or encrypted passwords
// if this is a system account don't bother checking the passwords
if ((userLogin.get("currentPassword") != null &&
- (HashCrypt.removeHashTypePrefix(encodedPassword).equals(userLogin.getString("currentPassword")) ||
- HashCrypt.removeHashTypePrefix(encodedPasswordOldFunnyHexEncode).equals(userLogin.getString("currentPassword")) ||
- HashCrypt.removeHashTypePrefix(encodedPasswordUsingDbHashType).equals(userLogin.getString("currentPassword")) ||
+ (HashCrypt.removeHashTypePrefix(encodedPassword).equals(HashCrypt.removeHashTypePrefix(currentPassword)) ||
+ HashCrypt.removeHashTypePrefix(encodedPasswordOldFunnyHexEncode).equals(HashCrypt.removeHashTypePrefix(currentPassword)) ||
+ HashCrypt.removeHashTypePrefix(encodedPasswordUsingDbHashType).equals(HashCrypt.removeHashTypePrefix(currentPassword)) ||
("true".equals(UtilProperties.getPropertyValue("security.properties", "password.accept.encrypted.and.plain")) && password.equals(userLogin.getString("currentPassword")))))) {
Debug.logVerbose("[LoginServices.userLogin] : Password Matched", module);
Locked
