![]() |
|
|
|
|
Issue Type:
|
![Bug]() Bug
|
|
Affects Versions:
|
4.5.7 |
|
Assignee:
|
Unassigned |
|
Attachments:
|
createMgnlUser.txt |
|
Created:
|
05/Feb/13 10:57 AM
|
|
Description:
|
We have a question about generating a user with the MgnlUserManager.
We are using Magnolia 4.5.7 for a project where we have to import users from an old CMS. To import the users to Magnolia, we use MgnlUserManager-Object to create a new user in Magnolia. Also the default role for the default system rights are added to the users.
See Attachment "createMgnlUser.txt".
Now we have the following Problem. The default MgnlUserManager which comes with the magnolia-core uses Base64 to encode the specified password. The generated password in the jcr e.g. 123456 looks like: YmE2ZDRmYmI=
If i create a user directly in the Magnolia-Author the same password looks like: $2a$12$dkE5vtlwmj.jbu2weP5YTOdnSliOApPVjBhS1jWgaAWVwaZbslNJS
After a short research we found this: http://forum.magnolia-cms.com/forum/thread.html?threadId=fa98a037-8034-4b10-bffc-aea1957b1987
Which refers to http://svn.magnolia-cms.com/view/community/magnolia/trunk/magnolia-core/src/main/java/info/magnolia/setup/HashUsersPasswords.java?revision=52870&pathrev=52870 where BCrypt is used instead of Base64. So we defined our own MgnlUserManager where we changed the encodePassword from Base64 to BCrypt:
protected String encodePassword(String clearPassword)
{
// Old and wrong encode
//return new String(Base64.encodeBase64(clearPassword.getBytes()));
String pwd = SecurityUtil.getBCrypt(clearPassword); return pwd;
}
Now we have the following password in the JCR: $2a$12$304vFWyzml2cia.awsctPOR.qxq3YpDzjMTDAzvp3R6inH/ODodtq
But the login won't work. Is there any way to generate the users and they are able to login to the system? When we edit the auto generated user (with the superuser) and set the password with the edit formular which comes by default, we can login to the system. Just the generated password via MgnlUserManager won't work!
|
|
Project:
|
Magnolia
|
|
Priority:
|
![Blocker]() Blocker
|
|
Reporter:
|
Jens Denke
|
|
Security Level:
|
Public |
|
|
|
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
|
----------------------------------------------------------------
For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html
Alternatively, use our forums: http://forum.magnolia-cms.com/
To unsubscribe, E-mail to: <dev-list-unsubscr...@magnolia-cms.com>
----------------------------------------------------------------
