Code: Select all
String encPwd = (String) event .getParameter(SFSEventParam.LOGIN_PASSWORD);
ISession session = (ISession) event.getParameter(SFSEventParam.SESSION);
encPwd = encPwd.toLowerCase();
String clearPwd = CryptoUtils.getClientPassword(session, encPwd);
But the value of clearPwd is not what I sent in - instead, it's a string that looks like some kind of hex number, and it changes with each new session, e.g. "f94f56419f6fd58a5d96b63246db2723"
What is more, I suspect something is very awry, because if you look at the interface definition in Javadocs you'll see:
Code: Select all
public static String getClientPassword(ISession session, String clearPass)
Why is the parameter called "clearPass"? Surely it should be called "encryptedPass"? The return value should be clearPass!
Am I wrong - or is this a bug?