svn commit: r950273 - /ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LoginServices.java

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

svn commit: r950273 - /ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LoginServices.java

doogie-3
Author: doogie
Date: Tue Jun  1 21:59:02 2010
New Revision: 950273

URL: http://svn.apache.org/viewvc?rev=950273&view=rev
Log:
Revert wrongly committed 950262

Modified:
    ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LoginServices.java

Modified: ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LoginServices.java
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LoginServices.java?rev=950273&r1=950272&r2=950273&view=diff
==============================================================================
--- ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LoginServices.java (original)
+++ ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LoginServices.java Tue Jun  1 21:59:02 2010
@@ -456,7 +456,7 @@ public class LoginServices {
         // save this password in history
         GenericValue userLoginPwdHistToCreate = delegator.makeValue("UserLoginPasswordHistory", UtilMisc.toMap("userLoginId", userLoginId,"fromDate", nowTimestamp));
         boolean useEncryption = "true".equals(UtilProperties.getPropertyValue("security.properties", "password.encrypt"));
-        userLoginPwdHistToCreate.set("currentPassword", useEncryption ? HashCrypt.cryptPassword(getHashType(), currentPassword) : currentPassword);
+        userLoginPwdHistToCreate.set("currentPassword", useEncryption ? HashCrypt.getDigestHash(currentPassword, getHashType()) : currentPassword);
         userLoginPwdHistToCreate.create();
     }
 
@@ -521,7 +521,7 @@ public class LoginServices {
         userLoginToCreate.set("enabled", enabled);
         userLoginToCreate.set("requirePasswordChange", requirePasswordChange);
         userLoginToCreate.set("partyId", partyId);
-        userLoginToCreate.set("currentPassword", useEncryption ? HashCrypt.cryptPassword(getHashType(), currentPassword) : currentPassword);
+        userLoginToCreate.set("currentPassword", useEncryption ? HashCrypt.getDigestHash(currentPassword, getHashType()) : currentPassword);
 
         try {
             EntityCondition condition = EntityCondition.makeCondition(EntityFunction.UPPER_FIELD("userLoginId"), EntityOperator.EQUALS, EntityFunction.UPPER(userLoginId));
@@ -667,7 +667,7 @@ public class LoginServices {
                 return ServiceUtil.returnError(errMsg);
             }
         } else {
-            userLoginToUpdate.set("currentPassword", useEncryption ? HashCrypt.cryptPassword(getHashType(), newPassword) : newPassword, false);
+            userLoginToUpdate.set("currentPassword", useEncryption ? HashCrypt.getDigestHash(newPassword, getHashType()) : newPassword, false);
             userLoginToUpdate.set("passwordHint", passwordHint, false);
             userLoginToUpdate.set("requirePasswordChange", "N");
 
@@ -893,7 +893,7 @@ public class LoginServices {
                 errMsg = UtilProperties.getMessage(resource,"loginservices.old_password_not_correct_reenter", locale);
                 errorMessageList.add(errMsg);
             }
-            if (currentPassword.equals(newPassword)) {
+            if (currentPassword.equals(newPassword) || encodedPassword.equals(newPassword)) {
                 errMsg = UtilProperties.getMessage(resource,"loginservices.new_password_is_equal_to_old_password", locale);
                 errorMessageList.add(errMsg);
             }
@@ -922,7 +922,7 @@ public class LoginServices {
             Delegator delegator = userLogin.getDelegator();
             String newPasswordHash = newPassword;
             if (useEncryption) {
-                newPasswordHash = HashCrypt.cryptPassword(getHashType(), newPassword);
+                newPasswordHash = HashCrypt.getDigestHash(newPassword, getHashType());
             }
             try {
                 List<GenericValue> pwdHistList = delegator.findByAnd("UserLoginPasswordHistory", UtilMisc.toMap("userLoginId",userLogin.getString("userLoginId"),"currentPassword",newPasswordHash));
@@ -981,6 +981,21 @@ public class LoginServices {
         boolean passwordMatches = false;
         if (oldPassword != null) {
             if (useEncryption) {
+                String encodedPassword = HashCrypt.getDigestHash(currentPassword, getHashType());
+                String encodedPasswordOldFunnyHexEncode = HashCrypt.getDigestHashOldFunnyHexEncode(password, getHashType());
+                String encodedPasswordUsingDbHashType = encodedPassword;
+                if (oldPassword.startsWith("{")) {
+                    // get encode according to the type in the database
+                    String dbHashType = HashCrypt.getHashTypeFromPrefix(oldPassword);
+                    if (dbHashType != null) {
+                        encodedPasswordUsingDbHashType = HashCrypt.getDigestHash(password, dbHashType);
+                    }
+                }
+                passwordMatches = (HashCrypt.removeHashTypePrefix(encodedPassword).equals(HashCrypt.removeHashTypePrefix(currentPassword)) ||
+                        HashCrypt.removeHashTypePrefix(encodedPasswordOldFunnyHexEncode).equals(HashCrypt.removeHashTypePrefix(currentPassword))
+                        HashCrypt.removeHashTypePrefix(encodedPasswordUsingDbHashType).equals(HashCrypt.removeHashTypePrefix(currentPassword)) ||
+                    ("true".equals(UtilProperties.getPropertyValue("security.properties", "password.accept.encrypted.and.plain")) && password.equ
+
                 passwordMatches = HashCrypt.comparePassword(oldPassword, getHashType(), currentPassword);
             } else {
                 passwordMatches = oldPassword.equals(currentPassword);
@@ -990,5 +1005,35 @@ public class LoginServices {
             passwordMatches = currentPassword.equals(oldPassword);
         }
         return passwordMatches;
+
+
+
+
+
+
+
+
+
+
+        String currentPassword = userLogin.getString("currentPassword");
+        if (useEncryption && currentPassword != null && currentPassword.startsWith("{")) {
+            // get encode according to the type in the database
+            String dbHashType = HashCrypt.getHashTypeFromPrefix(currentPassword);
+            if (dbHashType != null) {
+                encodedPasswordUsingDbHashType = HashCrypt.getDigestHash(password, dbHashType);
+            }
+        }
+        if (oldPassword != null) {
+
+(userLogin.get("currentPassword") != null &&
+
+
+// FIXME: needs to be getBytes("UTF-8")
+
+
+
+
+
+
     }
 }