Author: solomax Date: Thu Mar 24 17:06:48 2016 New Revision: 1736468 URL: http://svn.apache.org/viewvc?rev=1736468&view=rev Log: [OPENMEETINGS-1355] random UUID is used to generate password reset hash
Modified: openmeetings/application/branches/3.1.x/openmeetings-web/src/main/java/org/apache/openmeetings/web/pages/auth/ForgetPasswordDialog.java openmeetings/application/trunk/openmeetings-web/src/main/java/org/apache/openmeetings/web/pages/auth/ForgetPasswordDialog.java Modified: openmeetings/application/branches/3.1.x/openmeetings-web/src/main/java/org/apache/openmeetings/web/pages/auth/ForgetPasswordDialog.java URL: http://svn.apache.org/viewvc/openmeetings/application/branches/3.1.x/openmeetings-web/src/main/java/org/apache/openmeetings/web/pages/auth/ForgetPasswordDialog.java?rev=1736468&r1=1736467&r2=1736468&view=diff ============================================================================== --- openmeetings/application/branches/3.1.x/openmeetings-web/src/main/java/org/apache/openmeetings/web/pages/auth/ForgetPasswordDialog.java (original) +++ openmeetings/application/branches/3.1.x/openmeetings-web/src/main/java/org/apache/openmeetings/web/pages/auth/ForgetPasswordDialog.java Thu Mar 24 17:06:48 2016 @@ -22,15 +22,14 @@ import static org.apache.openmeetings.ut import static org.apache.openmeetings.web.app.Application.getBean; import java.util.Arrays; -import java.util.Date; import java.util.List; +import java.util.UUID; import org.apache.openmeetings.core.mail.MailHandler; import org.apache.openmeetings.db.dao.basic.ConfigurationDao; import org.apache.openmeetings.db.dao.user.UserDao; import org.apache.openmeetings.db.entity.user.User; import org.apache.openmeetings.service.mail.template.ResetPasswordTemplate; -import org.apache.openmeetings.util.crypt.ManageCryptStyle; import org.apache.openmeetings.web.app.Application; import org.apache.openmeetings.web.pages.ResetPage; import org.apache.wicket.ajax.AjaxRequestTarget; @@ -239,9 +238,8 @@ public class ForgetPasswordDialog extend } private void sendHashByUser(User us, String appLink, UserDao userDao) throws Exception { - String loginData = us.getLogin() + new Date(); log.debug("User: " + us.getLogin()); - us.setResethash(ManageCryptStyle.getInstanceOfCrypt().createPassPhrase(loginData)); + us.setResethash(UUID.randomUUID().toString()); userDao.update(us, -1L); String reset_link = appLink + "?hash=" + us.getResethash(); Modified: openmeetings/application/trunk/openmeetings-web/src/main/java/org/apache/openmeetings/web/pages/auth/ForgetPasswordDialog.java URL: http://svn.apache.org/viewvc/openmeetings/application/trunk/openmeetings-web/src/main/java/org/apache/openmeetings/web/pages/auth/ForgetPasswordDialog.java?rev=1736468&r1=1736467&r2=1736468&view=diff ============================================================================== --- openmeetings/application/trunk/openmeetings-web/src/main/java/org/apache/openmeetings/web/pages/auth/ForgetPasswordDialog.java (original) +++ openmeetings/application/trunk/openmeetings-web/src/main/java/org/apache/openmeetings/web/pages/auth/ForgetPasswordDialog.java Thu Mar 24 17:06:48 2016 @@ -22,15 +22,14 @@ import static org.apache.openmeetings.ut import static org.apache.openmeetings.web.app.Application.getBean; import java.util.Arrays; -import java.util.Date; import java.util.List; +import java.util.UUID; import org.apache.openmeetings.core.mail.MailHandler; import org.apache.openmeetings.db.dao.basic.ConfigurationDao; import org.apache.openmeetings.db.dao.user.UserDao; import org.apache.openmeetings.db.entity.user.User; import org.apache.openmeetings.service.mail.template.ResetPasswordTemplate; -import org.apache.openmeetings.util.crypt.ManageCryptStyle; import org.apache.openmeetings.web.app.Application; import org.apache.openmeetings.web.pages.ResetPage; import org.apache.wicket.ajax.AjaxRequestTarget; @@ -239,9 +238,8 @@ public class ForgetPasswordDialog extend } private void sendHashByUser(User us, String appLink, UserDao userDao) throws Exception { - String loginData = us.getLogin() + new Date(); log.debug("User: " + us.getLogin()); - us.setResethash(ManageCryptStyle.getInstanceOfCrypt().createPassPhrase(loginData)); + us.setResethash(UUID.randomUUID().toString()); userDao.update(us, -1L); String reset_link = appLink + "?hash=" + us.getResethash();