Author: solomax
Date: Thu Mar 24 17:06:48 2016
New Revision: 1736468
URL: http://svn.apache.org/viewvc?rev=1736468&view=rev
Log:
[OPENMEETINGS-1355] random UUID is used to generate password reset hash
Modified:
openmeetings/application/branches/3.1.x/openmeetings-web/src/main/java/org/apache/openmeetings/web/pages/auth/ForgetPasswordDialog.java
openmeetings/application/trunk/openmeetings-web/src/main/java/org/apache/openmeetings/web/pages/auth/ForgetPasswordDialog.java
Modified:
openmeetings/application/branches/3.1.x/openmeetings-web/src/main/java/org/apache/openmeetings/web/pages/auth/ForgetPasswordDialog.java
URL:
http://svn.apache.org/viewvc/openmeetings/application/branches/3.1.x/openmeetings-web/src/main/java/org/apache/openmeetings/web/pages/auth/ForgetPasswordDialog.java?rev=1736468&r1=1736467&r2=1736468&view=diff
==============================================================================
---
openmeetings/application/branches/3.1.x/openmeetings-web/src/main/java/org/apache/openmeetings/web/pages/auth/ForgetPasswordDialog.java
(original)
+++
openmeetings/application/branches/3.1.x/openmeetings-web/src/main/java/org/apache/openmeetings/web/pages/auth/ForgetPasswordDialog.java
Thu Mar 24 17:06:48 2016
@@ -22,15 +22,14 @@ import static org.apache.openmeetings.ut
import static org.apache.openmeetings.web.app.Application.getBean;
import java.util.Arrays;
-import java.util.Date;
import java.util.List;
+import java.util.UUID;
import org.apache.openmeetings.core.mail.MailHandler;
import org.apache.openmeetings.db.dao.basic.ConfigurationDao;
import org.apache.openmeetings.db.dao.user.UserDao;
import org.apache.openmeetings.db.entity.user.User;
import org.apache.openmeetings.service.mail.template.ResetPasswordTemplate;
-import org.apache.openmeetings.util.crypt.ManageCryptStyle;
import org.apache.openmeetings.web.app.Application;
import org.apache.openmeetings.web.pages.ResetPage;
import org.apache.wicket.ajax.AjaxRequestTarget;
@@ -239,9 +238,8 @@ public class ForgetPasswordDialog extend
}
private void sendHashByUser(User us, String appLink, UserDao userDao)
throws Exception {
- String loginData = us.getLogin() + new Date();
log.debug("User: " + us.getLogin());
-
us.setResethash(ManageCryptStyle.getInstanceOfCrypt().createPassPhrase(loginData));
+ us.setResethash(UUID.randomUUID().toString());
userDao.update(us, -1L);
String reset_link = appLink + "?hash=" + us.getResethash();
Modified:
openmeetings/application/trunk/openmeetings-web/src/main/java/org/apache/openmeetings/web/pages/auth/ForgetPasswordDialog.java
URL:
http://svn.apache.org/viewvc/openmeetings/application/trunk/openmeetings-web/src/main/java/org/apache/openmeetings/web/pages/auth/ForgetPasswordDialog.java?rev=1736468&r1=1736467&r2=1736468&view=diff
==============================================================================
---
openmeetings/application/trunk/openmeetings-web/src/main/java/org/apache/openmeetings/web/pages/auth/ForgetPasswordDialog.java
(original)
+++
openmeetings/application/trunk/openmeetings-web/src/main/java/org/apache/openmeetings/web/pages/auth/ForgetPasswordDialog.java
Thu Mar 24 17:06:48 2016
@@ -22,15 +22,14 @@ import static org.apache.openmeetings.ut
import static org.apache.openmeetings.web.app.Application.getBean;
import java.util.Arrays;
-import java.util.Date;
import java.util.List;
+import java.util.UUID;
import org.apache.openmeetings.core.mail.MailHandler;
import org.apache.openmeetings.db.dao.basic.ConfigurationDao;
import org.apache.openmeetings.db.dao.user.UserDao;
import org.apache.openmeetings.db.entity.user.User;
import org.apache.openmeetings.service.mail.template.ResetPasswordTemplate;
-import org.apache.openmeetings.util.crypt.ManageCryptStyle;
import org.apache.openmeetings.web.app.Application;
import org.apache.openmeetings.web.pages.ResetPage;
import org.apache.wicket.ajax.AjaxRequestTarget;
@@ -239,9 +238,8 @@ public class ForgetPasswordDialog extend
}
private void sendHashByUser(User us, String appLink, UserDao userDao)
throws Exception {
- String loginData = us.getLogin() + new Date();
log.debug("User: " + us.getLogin());
-
us.setResethash(ManageCryptStyle.getInstanceOfCrypt().createPassPhrase(loginData));
+ us.setResethash(UUID.randomUUID().toString());
userDao.update(us, -1L);
String reset_link = appLink + "?hash=" + us.getResethash();
