public boolean addPasswordField(String fieldName, String fieldPrettyName, int size) { if (get(fieldName) == null) { PasswordClass text_class = new PasswordClass(); text_class.setName(fieldName); text_class.setPrettyName(fieldPrettyName); text_class.setSize(size); text_class.setObject(this); put(fieldName, text_class); return true; } return false; }
/** * Transforms a plain text password so that it has the same encryption as a password stored in the database. The * current configuration for this password XProperty cannot be used, as the user might have a different encryption * mechanism (for example, if the user was imported, or the password was not yet upgraded). * * @param storedPassword The stored password, which gives the storage type and algorithm. * @param plainPassword The plain text password to be encrypted. * @return The input password, encrypted with the same mechanism as the stored password. */ public String getEquivalentPassword(String storedPassword, String plainPassword) { String result = plainPassword; if (storedPassword.startsWith(HASH_IDENTIFIER + SEPARATOR)) { result = getPasswordHash(result, getAlgorithmFromPassword(storedPassword)); } else if (storedPassword.startsWith(CRYPT_IDENTIFIER + SEPARATOR)) { result = getPasswordCrypt(result, getAlgorithmFromPassword(storedPassword)); } return result; }
public String getPasswordCrypt(String password) { return getPasswordCrypt(password, getCryptAlgorithm()); }
public String getPasswordHash(String password) { return getPasswordHash(password, getHashAlgorithm()); }
public String getProcessedPassword(String password) { String storageType = getStorageType(); String result = password; if (storageType.equals(PasswordMetaClass.HASH)) { result = getPasswordHash(result); } else if (storageType.equals(PasswordMetaClass.ENCRYPTED)) { result = getPasswordCrypt(result); } return result; }
@Override public BaseProperty fromString(String value) { if (value.equals(FORM_PASSWORD_PLACEHODLER)) { return null; } BaseProperty property = newProperty(); if (value.startsWith(HASH_IDENTIFIER + SEPARATOR) || value.startsWith(CRYPT_IDENTIFIER + SEPARATOR)) { property.setValue(value); } else { property.setValue(getProcessedPassword(value)); } return property; }
protected boolean checkPassword(String username, String password, XWikiContext context) throws XWikiException { long time = System.currentTimeMillis(); try { boolean result = false; final XWikiDocument doc = context.getWiki().getDocument(username, context); final BaseObject userObject = doc.getObject("XWiki.XWikiUsers"); // We only allow empty password from users having a XWikiUsers object. if (userObject != null) { final String stored = userObject.getStringValue("password"); result = new PasswordClass().getEquivalentPassword(stored, password).equals(stored); } if (LOG.isDebugEnabled()) { if (result) { LOG.debug("Password check for user " + username + " successful"); } else { LOG.debug("Password check for user " + username + " failed"); } LOG.debug((System.currentTimeMillis() - time) + " milliseconds spent validating password."); } return result; } catch (Throwable e) { LOG.error("Failed to check password", e); return false; } }
@Override public void displayEdit(StringBuffer buffer, String name, String prefix, BaseCollection object, XWikiContext context) { input input = new input(); ElementInterface prop = object.safeget(name); if (prop != null) { input.setValue(FORM_PASSWORD_PLACEHODLER); } input.setType("password"); input.setName(prefix + name); input.setID(prefix + name); input.setSize(getSize()); input.setDisabled(isDisabled()); buffer.append(input.toString()); }
/** * @return One of 'Clear', 'Hash' or 'Encrypt'. */ public String getStorageType() { BaseProperty st = (BaseProperty) this.getField("storageType"); if (st != null) { String type = st.getValue().toString().trim(); if (!type.equals("")) { return type; } } return DEFAULT_STORAGE; }
public BaseCollection newObject(XWikiContext context) { return new PasswordClass(); } }
PropertyInterface validationKeyClass = getClass("XWiki.XWikiUsers", context).get("validkey"); if (validationKeyClass instanceof PasswordClass) { validationKey = ((PasswordClass) validationKeyClass).getEquivalentPassword(storedKey, validationKey);
/** * @return The hash algorithm configured for this XProperty. */ public String getHashAlgorithm() { BaseProperty alg = (BaseProperty) this.getField(PasswordMetaClass.ALGORITHM_KEY); if (alg != null && alg.getValue() != null && !alg.getValue().toString().trim().equals("")) { return alg.getValue().toString(); } return DEFAULT_HASH_ALGORITHM; }
/** * @return The encryption algorithm configured for this XProperty. */ public String getCryptAlgorithm() { BaseProperty alg = (BaseProperty) this.getField(PasswordMetaClass.ALGORITHM_KEY); if (alg != null && alg.getValue() != null && !alg.getValue().toString().trim().equals("")) { return alg.getValue().toString(); } return DEFAULT_CRYPT_ALGORITHM; }