Commit 7ef51863 authored by David Greene's avatar David Greene

Removing acceptPreHashedPassword 'feature'

parent 547aa284
...@@ -64,21 +64,10 @@ import org.slf4j.LoggerFactory; ...@@ -64,21 +64,10 @@ import org.slf4j.LoggerFactory;
* <li><tt>jdbcProvider.connectionString = jdbc:mysql://localhost/dbname?user=username&amp;password=secret</tt></li> * <li><tt>jdbcProvider.connectionString = jdbc:mysql://localhost/dbname?user=username&amp;password=secret</tt></li>
* <li><tt>jdbcAuthProvider.passwordSQL = SELECT password FROM user_account WHERE username=?</tt></li> * <li><tt>jdbcAuthProvider.passwordSQL = SELECT password FROM user_account WHERE username=?</tt></li>
* <li><tt>jdbcAuthProvider.passwordType = plain</tt></li> * <li><tt>jdbcAuthProvider.passwordType = plain</tt></li>
* <li><tt>jdbcAuthProvider.acceptPreHashedPassword = false</tt></li>
* <li><tt>jdbcAuthProvider.allowUpdate = true</tt></li> * <li><tt>jdbcAuthProvider.allowUpdate = true</tt></li>
* <li><tt>jdbcAuthProvider.setPasswordSQL = UPDATE user_account SET password=? WHERE username=?</tt></li> * <li><tt>jdbcAuthProvider.setPasswordSQL = UPDATE user_account SET password=? WHERE username=?</tt></li>
* <li><tt>jdbcAuthProvider.bcrypt.cost = 12</tt></li> * <li><tt>jdbcAuthProvider.bcrypt.cost = 12</tt></li>
* </ul> * </ul>
*
* <p>External systems integrating with Openfire may only have access to a hashed password. In this scenario, setting
* jdbcAuthProvider.acceptPreHashedPassword = true will allow this AuthProvider to directly compare the input to
* the hash stored in the database. This configuration is the rough equivalent to allowing the scenario where EITHER
* of the following authentication situations are allowed at the same time:<br>
* jdbcAuthProvider.passwordSQL = SELECT MD5(password) FROM user_account WHERE username=?<br>
* jdbcAuthProvider.passwordType = plain<br>
* -OR-<br>
* jdbcAuthProvider.passwordSQL = SELECT password FROM user_account WHERE username=?<br>
* jdbcAuthProvider.passwordType = md5<br></p>
* *
* <p>jdbcAuthProvider.passwordType can accept a comma separated string of password types. This can be useful in * <p>jdbcAuthProvider.passwordType can accept a comma separated string of password types. This can be useful in
* situations where legacy (ex/md5) password hashes were stored and then "upgraded" to a stronger hash algorithm. * situations where legacy (ex/md5) password hashes were stored and then "upgraded" to a stronger hash algorithm.
...@@ -127,7 +116,6 @@ public class JDBCAuthProvider implements AuthProvider, PropertyEventListener { ...@@ -127,7 +116,6 @@ public class JDBCAuthProvider implements AuthProvider, PropertyEventListener {
private boolean allowUpdate; private boolean allowUpdate;
private boolean useConnectionProvider; private boolean useConnectionProvider;
private int bcryptCost; private int bcryptCost;
private boolean acceptPreHashedPassword;
/** /**
* Constructs a new JDBC authentication provider. * Constructs a new JDBC authentication provider.
...@@ -145,7 +133,6 @@ public class JDBCAuthProvider implements AuthProvider, PropertyEventListener { ...@@ -145,7 +133,6 @@ public class JDBCAuthProvider implements AuthProvider, PropertyEventListener {
JiveGlobals.migrateProperty("jdbcAuthProvider.acceptPreHashedPassword"); JiveGlobals.migrateProperty("jdbcAuthProvider.acceptPreHashedPassword");
useConnectionProvider = JiveGlobals.getBooleanProperty("jdbcAuthProvider.useConnectionProvider"); useConnectionProvider = JiveGlobals.getBooleanProperty("jdbcAuthProvider.useConnectionProvider");
acceptPreHashedPassword = JiveGlobals.getBooleanProperty("jdbcAuthProvider.acceptPreHashedPassword");
if (!useConnectionProvider) { if (!useConnectionProvider) {
// Load the JDBC driver and connection string. // Load the JDBC driver and connection string.
...@@ -221,8 +208,7 @@ public class JDBCAuthProvider implements AuthProvider, PropertyEventListener { ...@@ -221,8 +208,7 @@ public class JDBCAuthProvider implements AuthProvider, PropertyEventListener {
throw new UnauthorizedException(); throw new UnauthorizedException();
} }
if ((acceptPreHashedPassword && userPassword.equals(password)) if (comparePasswords(password, userPassword)) {
|| comparePasswords(password, userPassword)) {
// Got this far, so the user must be authorized. // Got this far, so the user must be authorized.
createUser(username); createUser(username);
} else { } else {
...@@ -526,10 +512,6 @@ public class JDBCAuthProvider implements AuthProvider, PropertyEventListener { ...@@ -526,10 +512,6 @@ public class JDBCAuthProvider implements AuthProvider, PropertyEventListener {
public void propertySet(String property, Map<String, Object> params) { public void propertySet(String property, Map<String, Object> params) {
String value = (String) params.get("value"); String value = (String) params.get("value");
switch (property) { switch (property) {
case "jdbcAuthProvider.acceptPreHashedPassword":
acceptPreHashedPassword = Boolean.parseBoolean(value);
Log.debug("jdbcAuthProvider.acceptPreHashedPassword configured to: {}", acceptPreHashedPassword);
break;
case "jdbcAuthProvider.passwordSQL": case "jdbcAuthProvider.passwordSQL":
passwordSQL = value; passwordSQL = value;
Log.debug("jdbcAuthProvider.passwordSQL configured to: {}", passwordSQL); Log.debug("jdbcAuthProvider.passwordSQL configured to: {}", passwordSQL);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment