=== modified file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/DefaultSecurityService.java' --- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/DefaultSecurityService.java 2014-10-14 06:46:36 +0000 +++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/DefaultSecurityService.java 2014-10-14 13:58:05 +0000 @@ -38,6 +38,7 @@ import org.hisp.dhis.i18n.locale.LocaleManager; import org.hisp.dhis.message.MessageSender; import org.hisp.dhis.period.Cal; +import org.hisp.dhis.security.migration.MigrationPasswordManager; import org.hisp.dhis.setting.SystemSettingManager; import org.hisp.dhis.system.util.ValidationUtils; import org.hisp.dhis.system.velocity.VelocityManager; @@ -78,9 +79,9 @@ // Dependencies // ------------------------------------------------------------------------- - private PasswordManager passwordManager; + private MigrationPasswordManager passwordManager; - public void setPasswordManager( PasswordManager passwordManager ) + public void setPasswordManager( MigrationPasswordManager passwordManager ) { this.passwordManager = passwordManager; } @@ -347,7 +348,7 @@ return "account_restoreCode_is_null"; } - boolean validCode = passwordManager.matches( code, restoreCode ); + boolean validCode = passwordManager.tokenMatches( code, restoreCode, credentials.getUsername() ); return validCode ? null : "code_does_not_match_restoreCode - code: '"+ code + "' restoreCode: '" + restoreCode + "'" ; } @@ -408,7 +409,7 @@ return "could_not_verify_token"; } - boolean validToken = passwordManager.matches( token, restoreToken ); + boolean validToken = passwordManager.tokenMatches( token, restoreToken, credentials.getUsername() ); return validToken ? null : "restore_token_does_not_match_supplied_token"; } === modified file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/migration/MigrationPasswordManager.java' --- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/migration/MigrationPasswordManager.java 2014-08-26 12:00:27 +0000 +++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/migration/MigrationPasswordManager.java 2014-10-14 13:58:05 +0000 @@ -33,6 +33,20 @@ */ public boolean legacyMatches( String encodedPassword, String password, String username ); + + /** + * Determines whether encodedToken is a valid hash of token. + * This method is a wrapper for passwordManager.matches() in order to support + * authenticating tokens which were generated using the legacy hash implementation in addition + * to the current hashing scheme. + * + * @param token the unencoded token as supplied from the user. + * @param encodedToken the encoded token to match against. + * @param username the username associated with the token (used for salting by the legacy password encoder). + * @return true if the token matches for either the legacy or current hashing scheme, false otherwise. + */ + public boolean tokenMatches( String token, String encodedToken, String username ); + /** * Return the class name of the legacy password encoder. * @return the name of the legacy password encoder class. === modified file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/migration/MigrationSpringSecurityPasswordManager.java' --- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/migration/MigrationSpringSecurityPasswordManager.java 2014-08-27 13:26:08 +0000 +++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/migration/MigrationSpringSecurityPasswordManager.java 2014-10-14 14:38:16 +0000 @@ -49,6 +49,12 @@ } @Override + public boolean tokenMatches( String token, String encodedToken, String username ) + { + return legacyMatches( encodedToken, token, username ) || super.matches( token, encodedToken ); + } + + @Override public String getLegacyPasswordEncoderClassName() { return legacyPasswordEncoder.getClass().getName();