svnno****@sourc*****
svnno****@sourc*****
2007年 7月 20日 (金) 08:56:32 JST
Revision: 320
http://svn.sourceforge.jp/cgi-bin/viewcvs.cgi?root=pal&view=rev&rev=320
Author: shinsuke
Date: 2007-07-20 08:56:31 +0900 (Fri, 20 Jul 2007)
Log Message:
-----------
encode secret answer by messagedigest.
Modified Paths:
--------------
pal-admin/trunk/src/main/java/jp/sf/pal/admin/PALAdminConstants.java
pal-admin/trunk/src/main/java/jp/sf/pal/admin/service/UserRegistrationService.java
pal-admin/trunk/src/main/java/jp/sf/pal/admin/web/registration/PublicPortalRegistrationRegisterPage.java
pal-admin/trunk/src/main/java/jp/sf/pal/admin/web/registration/PublicPortalRegistrationUpdatePage.java
pal-admin/trunk/src/main/java/jp/sf/pal/admin/web/registration/PublicPortalSecretAnswerPage.java
pal-admin/trunk/src/main/resources/appMessages.properties
-------------- next part --------------
Modified: pal-admin/trunk/src/main/java/jp/sf/pal/admin/PALAdminConstants.java
===================================================================
--- pal-admin/trunk/src/main/java/jp/sf/pal/admin/PALAdminConstants.java 2007-07-19 07:42:55 UTC (rev 319)
+++ pal-admin/trunk/src/main/java/jp/sf/pal/admin/PALAdminConstants.java 2007-07-19 23:56:31 UTC (rev 320)
@@ -143,4 +143,6 @@
public static final String CTX_RETURN_URL = "returnURL";
public static final String SEPARATOR = "::";
+
+ public static final String SECRET_ANSWER_DISPLAY = "*****************";
}
Modified: pal-admin/trunk/src/main/java/jp/sf/pal/admin/service/UserRegistrationService.java
===================================================================
--- pal-admin/trunk/src/main/java/jp/sf/pal/admin/service/UserRegistrationService.java 2007-07-19 07:42:55 UTC (rev 319)
+++ pal-admin/trunk/src/main/java/jp/sf/pal/admin/service/UserRegistrationService.java 2007-07-19 23:56:31 UTC (rev 320)
@@ -1,6 +1,9 @@
package jp.sf.pal.admin.service;
import java.io.Serializable;
+import java.io.UnsupportedEncodingException;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.util.Date;
import java.util.HashMap;
@@ -57,6 +60,35 @@
private static final String CTX_RETURN_URL = "returnURL";
+ public String getMessageDigest(String str) throws CommonException {
+ if (str == null) {
+ str = "";
+ }
+ // TODO move following params to portlet.xml
+ String algorithm = "MD5";
+ String encoding = "UTF-8";
+ try {
+ MessageDigest md = MessageDigest.getInstance(algorithm);
+ md.update(str.getBytes(encoding));
+ byte[] digest = md.digest();
+ StringBuffer buf = new StringBuffer();
+ for (int i = 0; i < digest.length; i++) {
+ int val = digest[i] & 0xFF;
+ if (val < 16) {
+ buf.append("0");
+ }
+ buf.append(Integer.toString(val, 16));
+ }
+ return buf.toString();
+ } catch (NoSuchAlgorithmException e) {
+ throw new CommonException("could.not.encode.secret.password",
+ "Could not encode secret password", e);
+ } catch (UnsupportedEncodingException e) {
+ throw new CommonException("could.not.encode.secret.password",
+ "Could not encode secret password", e);
+ }
+ }
+
public void register(UserRegistrationPage page) throws CommonException {
if (!UserRegistrationUtil
@@ -1082,7 +1114,10 @@
userInfo.put("user.secret.question", p.getUserSecretQuestion());
}
if (p.getUserSecretAnswer() != null) {
- userInfo.put("user.secret.answer", p.getUserSecretAnswer());
+ if (!PALAdminConstants.SECRET_ANSWER_DISPLAY.equals(p
+ .getUserSecretAnswer())) {
+ userInfo.put("user.secret.answer", p.getUserSecretAnswer());
+ }
}
if (p.getUserNameGivenYomi() != null) {
userInfo.put("user.name.given.yomi", p.getUserNameGivenYomi());
Modified: pal-admin/trunk/src/main/java/jp/sf/pal/admin/web/registration/PublicPortalRegistrationRegisterPage.java
===================================================================
--- pal-admin/trunk/src/main/java/jp/sf/pal/admin/web/registration/PublicPortalRegistrationRegisterPage.java 2007-07-19 07:42:55 UTC (rev 319)
+++ pal-admin/trunk/src/main/java/jp/sf/pal/admin/web/registration/PublicPortalRegistrationRegisterPage.java 2007-07-19 23:56:31 UTC (rev 320)
@@ -147,6 +147,8 @@
}
try {
+ setUserSecretAnswer(getUserRegistrationService().getMessageDigest(
+ getUserSecretAnswer()));
getUserRegistrationService().register(this);
if (UserRegistrationUtil.getBoolean(PALAdminConstants.SEND_MAIL)) {
FacesMessageUtil.addInfoMessage("success.check_your_email");
Modified: pal-admin/trunk/src/main/java/jp/sf/pal/admin/web/registration/PublicPortalRegistrationUpdatePage.java
===================================================================
--- pal-admin/trunk/src/main/java/jp/sf/pal/admin/web/registration/PublicPortalRegistrationUpdatePage.java 2007-07-19 07:42:55 UTC (rev 319)
+++ pal-admin/trunk/src/main/java/jp/sf/pal/admin/web/registration/PublicPortalRegistrationUpdatePage.java 2007-07-19 23:56:31 UTC (rev 320)
@@ -2,6 +2,7 @@
import java.io.Serializable;
+import jp.sf.pal.admin.PALAdminConstants;
import jp.sf.pal.common.CommonException;
import jp.sf.pal.common.util.FacesMessageUtil;
@@ -77,6 +78,11 @@
public Class<?> doFinish() {
try {
+ if (!PALAdminConstants.SECRET_ANSWER_DISPLAY
+ .equals(getUserSecretAnswer())) {
+ setUserSecretAnswer(getUserRegistrationService()
+ .getMessageDigest(getUserSecretAnswer()));
+ }
getUserRegistrationService().update(this);
FacesMessageUtil.addInfoMessage("updated.user.info");
} catch (CommonException e) {
@@ -93,6 +99,7 @@
public Class<?> prerender() {
try {
getUserRegistrationService().loadPage(this);
+ setUserSecretAnswer(PALAdminConstants.SECRET_ANSWER_DISPLAY);
} catch (CommonException e) {
FacesMessageUtil.addErrorMessage(e.getMessageId());
logger.log("EPA0001", new Object[] { this.toString() }, e);
Modified: pal-admin/trunk/src/main/java/jp/sf/pal/admin/web/registration/PublicPortalSecretAnswerPage.java
===================================================================
--- pal-admin/trunk/src/main/java/jp/sf/pal/admin/web/registration/PublicPortalSecretAnswerPage.java 2007-07-19 07:42:55 UTC (rev 319)
+++ pal-admin/trunk/src/main/java/jp/sf/pal/admin/web/registration/PublicPortalSecretAnswerPage.java 2007-07-19 23:56:31 UTC (rev 320)
@@ -2,6 +2,7 @@
import java.io.Serializable;
+import jp.sf.pal.admin.PALAdminConstants;
import jp.sf.pal.common.CommonException;
import jp.sf.pal.common.util.FacesMessageUtil;
@@ -44,6 +45,11 @@
public Class<?> doFinish() {
try {
+ if (!PALAdminConstants.SECRET_ANSWER_DISPLAY
+ .equals(getUserSecretAnswer())) {
+ setUserSecretAnswer(getUserRegistrationService()
+ .getMessageDigest(getUserSecretAnswer()));
+ }
if (getUserRegistrationService().checkSecretAnswer(this)) {
try {
getUserRegistrationService().sendNewPassword(this);
@@ -52,15 +58,18 @@
} catch (CommonException e) {
FacesMessageUtil.addErrorMessage(e.getMessageId());
logger.log("EPA0002", new Object[] { this.toString() }, e);
+ setUserSecretAnswer(null);
}
} else {
FacesMessageUtil.addInfoMessage("incorrect.scret.answer");
+ setUserSecretAnswer(null);
}
} catch (CommonException e) {
// FacesMessageUtil.addErrorMessage(e.getMessageId());
FacesMessageUtil.addInfoMessage("incorrect.scret.answer");
logger.log("EPA0002", new Object[] { this.toString() }, e);
+ setUserSecretAnswer(null);
}
return null;
}
Modified: pal-admin/trunk/src/main/resources/appMessages.properties
===================================================================
--- pal-admin/trunk/src/main/resources/appMessages.properties 2007-07-19 07:42:55 UTC (rev 319)
+++ pal-admin/trunk/src/main/resources/appMessages.properties 2007-07-19 23:56:31 UTC (rev 320)
@@ -145,3 +145,4 @@
could.not.delete.portlet=Could not delete the portlet. Please try again. If you see this error message again, please contact a site administrator.
deleted.portlet=Deleted portlet.
+could.not.encode.secret.password=System error occurs. Please contact a site administrator.
\ No newline at end of file