protected boolean checkPassword(String username, String password, XWikiContext context) throws XWikiException { long time = System.currentTimeMillis(); try { boolean result = false; final XWikiDocument doc = context.getWiki().getDocument(username, context); final BaseObject userObject = doc.getObject("XWiki.XWikiUsers"); // We only allow empty password from users having a XWikiUsers object. if (userObject != null) { final String stored = userObject.getStringValue("password"); result = new PasswordClass().getEquivalentPassword(stored, password).equals(stored); } if (LOG.isDebugEnabled()) { if (result) { LOG.debug("Password check for user " + username + " successful"); } else { LOG.debug("Password check for user " + username + " failed"); } LOG.debug((System.currentTimeMillis() - time) + " milliseconds spent validating password."); } return result; } catch (Throwable e) { LOG.error("Failed to check password", e); return false; } }
PropertyInterface validationKeyClass = getClass("XWiki.XWikiUsers", context).get("validkey"); if (validationKeyClass instanceof PasswordClass) { validationKey = ((PasswordClass) validationKeyClass).getEquivalentPassword(storedKey, validationKey);