Author: doogie
Date: Tue Jun 1 21:47:00 2010 New Revision: 950261 URL: http://svn.apache.org/viewvc?rev=950261&view=rev Log: Refactored LoginServices. Modified: ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LoginServices.java Modified: ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LoginServices.java URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LoginServices.java?rev=950261&r1=950260&r2=950261&view=diff ============================================================================== --- ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LoginServices.java (original) +++ ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LoginServices.java Tue Jun 1 21:47:00 2010 @@ -153,19 +153,6 @@ public class LoginServices { } if (userLogin != null) { - String encodedPassword = useEncryption ? HashCrypt.getDigestHash(password, getHashType()) : password; - String encodedPasswordOldFunnyHexEncode = useEncryption ? HashCrypt.getDigestHashOldFunnyHexEncode(password, getHashType()) : password; - String encodedPasswordUsingDbHashType = encodedPassword; - - String currentPassword = userLogin.getString("currentPassword"); - if (useEncryption && currentPassword != null && currentPassword.startsWith("{")) { - // get encode according to the type in the database - String dbHashType = HashCrypt.getHashTypeFromPrefix(currentPassword); - if (dbHashType != null) { - encodedPasswordUsingDbHashType = HashCrypt.getDigestHash(password, dbHashType); - } - } - String ldmStr = UtilProperties.getPropertyValue("security.properties", "login.disable.minutes"); long loginDisableMinutes = 30; @@ -218,11 +205,7 @@ public class LoginServices { // if the password.accept.encrypted.and.plain property in security is set to true allow plain or encrypted passwords // if this is a system account don't bother checking the passwords // if externalAuth passed; this is run as well - if ((!authFatalError && externalAuth) || (userLogin.get("currentPassword") != null && - (HashCrypt.removeHashTypePrefix(encodedPassword).equals(HashCrypt.removeHashTypePrefix(currentPassword)) || - HashCrypt.removeHashTypePrefix(encodedPasswordOldFunnyHexEncode).equals(HashCrypt.removeHashTypePrefix(currentPassword)) || - HashCrypt.removeHashTypePrefix(encodedPasswordUsingDbHashType).equals(HashCrypt.removeHashTypePrefix(currentPassword)) || - ("true".equals(UtilProperties.getPropertyValue("security.properties", "password.accept.encrypted.and.plain")) && password.equals(userLogin.getString("currentPassword")))))) { + if ((!authFatalError && externalAuth) || checkPassword(userLogin.getString("currentPassword"), useEncryption, password)) { Debug.logVerbose("[LoginServices.userLogin] : Password Matched", module); // update the hasLoggedOut flag @@ -254,7 +237,7 @@ public class LoginServices { result.put("userLogin", userLogin); result.put(ModelService.RESPONSE_MESSAGE, ModelService.RESPOND_SUCCESS); } else { - Debug.logInfo("Entered password [" + encodedPassword + "], Entered password OldFunnyHexEncode [" + encodedPasswordOldFunnyHexEncode + "], db password [" + userLogin.getString("currentPassword") + "]", module); + //Debug.logInfo("Entered password [" + encodedPassword + "], Entered password OldFunnyHexEncode [" + encodedPasswordOldFunnyHexEncode + "], db password [" + userLogin.getString("currentPassword") + "]", module); // password is incorrect, but this may be the result of a stale cache entry, // so lets clear the cache and try again if this is the first pass @@ -903,28 +886,9 @@ public class LoginServices { String errMsg = null; if (!ignoreCurrentPassword) { - - String encodedPassword = useEncryption ? HashCrypt.getDigestHash(currentPassword, getHashType()) : currentPassword; - String encodedPasswordOldFunnyHexEncode = useEncryption ? HashCrypt.getDigestHashOldFunnyHexEncode(currentPassword, getHashType()) : currentPassword; - String encodedPasswordUsingDbHashType = encodedPassword; - - String oldPassword = userLogin.getString("currentPassword"); - if (useEncryption && oldPassword != null && oldPassword.startsWith("{")) { - // get encode according to the type in the database - String dbHashType = HashCrypt.getHashTypeFromPrefix(oldPassword); - if (dbHashType != null) { - encodedPasswordUsingDbHashType = HashCrypt.getDigestHash(currentPassword, dbHashType); - } - } - // if the password.accept.encrypted.and.plain property in security is set to true allow plain or encrypted passwords // if this is a system account don't bother checking the passwords - boolean passwordMatches = (oldPassword != null && - (HashCrypt.removeHashTypePrefix(encodedPassword).equals(HashCrypt.removeHashTypePrefix(oldPassword)) || - HashCrypt.removeHashTypePrefix(encodedPasswordOldFunnyHexEncode).equals(HashCrypt.removeHashTypePrefix(oldPassword)) || - HashCrypt.removeHashTypePrefix(encodedPasswordUsingDbHashType).equals(HashCrypt.removeHashTypePrefix(oldPassword)) || - ("true".equals(UtilProperties.getPropertyValue("security.properties", "password.accept.encrypted.and.plain")) && currentPassword.equals(oldPassword)))); - + boolean passwordMatches = checkPassword(userLogin.getString("currentPassword"), useEncryption, currentPassword); if ((currentPassword == null) || (userLogin != null && currentPassword != null && !passwordMatches)) { errMsg = UtilProperties.getMessage(resource,"loginservices.old_password_not_correct_reenter", locale); errorMessageList.add(errMsg); @@ -1012,4 +976,64 @@ public class LoginServices { return hashType; } + + private static boolean checkPassword(String oldPassword, boolean useEncryption, String currentPassword) { + boolean passwordMatches = false; + if (oldPassword != null) { + if (useEncryption) { + String encodedPassword = HashCrypt.getDigestHash(currentPassword, getHashType()); + String encodedPasswordOldFunnyHexEncode = HashCrypt.getDigestHashOldFunnyHexEncode(password, getHashType()); + String encodedPasswordUsingDbHashType = encodedPassword; + if (oldPassword.startsWith("{")) { + // get encode according to the type in the database + String dbHashType = HashCrypt.getHashTypeFromPrefix(oldPassword); + if (dbHashType != null) { + encodedPasswordUsingDbHashType = HashCrypt.getDigestHash(password, dbHashType); + } + } + passwordMatches = (HashCrypt.removeHashTypePrefix(encodedPassword).equals(HashCrypt.removeHashTypePrefix(currentPassword)) || + HashCrypt.removeHashTypePrefix(encodedPasswordOldFunnyHexEncode).equals(HashCrypt.removeHashTypePrefix(currentPassword)) + HashCrypt.removeHashTypePrefix(encodedPasswordUsingDbHashType).equals(HashCrypt.removeHashTypePrefix(currentPassword)) || + ("true".equals(UtilProperties.getPropertyValue("security.properties", "password.accept.encrypted.and.plain")) && password.equ + + passwordMatches = HashCrypt.comparePassword(oldPassword, getHashType(), currentPassword); + } else { + passwordMatches = oldPassword.equals(currentPassword); + } + } + if (!passwordMatches && "true".equals(UtilProperties.getPropertyValue("security.properties", "password.accept.encrypted.and.plain"))) { + passwordMatches = currentPassword.equals(oldPassword); + } + return passwordMatches; + + + + + + + + + + + String currentPassword = userLogin.getString("currentPassword"); + if (useEncryption && currentPassword != null && currentPassword.startsWith("{")) { + // get encode according to the type in the database + String dbHashType = HashCrypt.getHashTypeFromPrefix(currentPassword); + if (dbHashType != null) { + encodedPasswordUsingDbHashType = HashCrypt.getDigestHash(password, dbHashType); + } + } + if (oldPassword != null) { + +(userLogin.get("currentPassword") != null && + + +// FIXME: needs to be getBytes("UTF-8") + + + + + + + } } |
Free forum by Nabble | Edit this page |