From 1444f62d0df8a2d327169dbca2644acc8c3d73e2 Mon Sep 17 00:00:00 2001 From: mdb Date: Fri, 1 Nov 2002 00:33:48 +0000 Subject: [PATCH] Check passwords encrypted both ways because we have a bunch of passwords in our databases that were encrypted in the old manner which need to still work. We love the legacy we leave. git-svn-id: https://samskivert.googlecode.com/svn/trunk@884 6335cc39-0255-0410-8fd6-9bcaacd3b74c --- .../com/samskivert/servlet/user/User.java | 13 +++++++---- .../com/samskivert/servlet/user/UserUtil.java | 22 ++++++++++++++----- 2 files changed, 25 insertions(+), 10 deletions(-) diff --git a/projects/samskivert/src/java/com/samskivert/servlet/user/User.java b/projects/samskivert/src/java/com/samskivert/servlet/user/User.java index 1f5f3e80..2d120551 100644 --- a/projects/samskivert/src/java/com/samskivert/servlet/user/User.java +++ b/projects/samskivert/src/java/com/samskivert/servlet/user/User.java @@ -1,5 +1,5 @@ // -// $Id: User.java,v 1.7 2002/09/18 01:18:51 shaper Exp $ +// $Id: User.java,v 1.8 2002/11/01 00:33:48 mdb Exp $ // // samskivert library - useful routines for java programs // Copyright (C) 2001 Michael Bayne @@ -76,7 +76,7 @@ public class User */ public void setPassword (String password) { - this.password = UserUtil.encryptPassword(username, password); + this.password = UserUtil.encryptPassword(username, password, true); _dirty.setModified("password"); } @@ -97,8 +97,13 @@ public class User */ public boolean passwordsMatch (String password) { - String epasswd = UserUtil.encryptPassword(username, password); - return this.password.equals(epasswd); + String epasswd1 = UserUtil.encryptPassword(username, password, true); + String epasswd2 = UserUtil.encryptPassword(username, password, false); + // because we used to be case sensitive, we have to check both + // versions of the encrypted password here for backward + // compatibility + return (this.password.equals(epasswd1) || + this.password.equals(epasswd2)); } /** diff --git a/projects/samskivert/src/java/com/samskivert/servlet/user/UserUtil.java b/projects/samskivert/src/java/com/samskivert/servlet/user/UserUtil.java index 596f1ec0..6df87390 100644 --- a/projects/samskivert/src/java/com/samskivert/servlet/user/UserUtil.java +++ b/projects/samskivert/src/java/com/samskivert/servlet/user/UserUtil.java @@ -1,5 +1,5 @@ // -// $Id: UserUtil.java,v 1.7 2002/10/30 18:58:42 mdb Exp $ +// $Id: UserUtil.java,v 1.8 2002/11/01 00:33:48 mdb Exp $ // // samskivert library - useful routines for java programs // Copyright (C) 2001 Michael Bayne @@ -45,11 +45,22 @@ public class UserUtil /** * Encrypts the user's password according to our preferred scheme. + * + * @param username the username of the user whose password is to be + * encrypted. + * @param password the plaintext of the password to be encrypted. + * @param ignoreUserCase true if the username should be uncapitalized + * prior to performing the encryption so that future password checks + * will work if the user registers as "Bluebeard" but logs in as + * "bluebeard". */ - public static String encryptPassword (String username, String password) + public static String encryptPassword ( + String username, String password, boolean ignoreUserCase) { - // lets not be (case) sensitive about these things - username = username.toLowerCase(); + // perhaps we'll not be too (case) sensitive + if (ignoreUserCase) { + username = username.toLowerCase(); + } return Crypt.crypt(username.substring(0, 2), password); } @@ -59,8 +70,7 @@ public class UserUtil System.err.println("Usage: UserUtil username password"); System.exit(-1); } - System.out.println("Encrypted password: " + - encryptPassword(args[0], args[1])); + encryptPassword(args[0], args[1], true)); } }