Author: lektran
Date: Fri Feb 12 03:33:20 2010
New Revision: 909216
URL:
http://svn.apache.org/viewvc?rev=909216&view=revLog:
Moved username.lowercase and password.lowercase security property checks from calling events to the userLogin service itself
Modified:
ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LoginServices.java
ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginWorker.java
Modified: ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LoginServices.java
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LoginServices.java?rev=909216&r1=909215&r2=909216&view=diff==============================================================================
--- ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LoginServices.java (original)
+++ ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LoginServices.java Fri Feb 12 03:33:20 2010
@@ -110,6 +110,13 @@
errMsg = UtilProperties.getMessage(resource,"loginservices.password_missing", locale);
} else {
+ if ("true".equalsIgnoreCase(UtilProperties.getPropertyValue("security.properties", "username.lowercase"))) {
+ username = username.toLowerCase();
+ }
+ if ("true".equalsIgnoreCase(UtilProperties.getPropertyValue("security.properties", "password.lowercase"))) {
+ password = password.toLowerCase();
+ }
+
boolean repeat = true;
// starts at zero but it incremented at the beggining so in the first pass passNumber will be 1
int passNumber = 0;
Modified: ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginWorker.java
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginWorker.java?rev=909216&r1=909215&r2=909216&view=diff==============================================================================
--- ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginWorker.java (original)
+++ ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginWorker.java Fri Feb 12 03:33:20 2010
@@ -239,19 +239,12 @@
if (userLogin == null) {
// check parameters
- if (username == null) username = request.getParameter("USERNAME");
- if (password == null) password = request.getParameter("PASSWORD");
+ username = request.getParameter("USERNAME");
+ password = request.getParameter("PASSWORD");
// check session attributes
if (username == null) username = (String) session.getAttribute("USERNAME");
if (password == null) password = (String) session.getAttribute("PASSWORD");
- if ((username != null) && ("true".equalsIgnoreCase(UtilProperties.getPropertyValue("security.properties", "username.lowercase")))) {
- username = username.toLowerCase();
- }
- if ((password != null) && ("true".equalsIgnoreCase(UtilProperties.getPropertyValue("security.properties", "password.lowercase")))) {
- password = password.toLowerCase();
- }
-
// in this condition log them in if not already; if not logged in or can't log in, save parameters and return error
if ((username == null) || (password == null) || ("error".equals(login(request, response)))) {
@@ -323,14 +316,6 @@
return "error";
}
-
- if ((username != null) && ("true".equalsIgnoreCase(UtilProperties.getPropertyValue("security.properties", "username.lowercase")))) {
- username = username.toLowerCase();
- }
- if ((password != null) && ("true".equalsIgnoreCase(UtilProperties.getPropertyValue("security.properties", "password.lowercase")))) {
- password = password.toLowerCase();
- }
-
String requirePasswordChange = request.getParameter("requirePasswordChange");
// get the visit id to pass to the userLogin for history
Locked
