BCrypt eingefügt

pom.xml

@@ -38,7 +38,11 @@
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-web</artifactId>
 		</dependency>
-
+		<dependency>
+			<groupId>org.mindrot</groupId>
+			<artifactId>jbcrypt</artifactId>
+			<version>0.4</version>
+		</dependency>
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-test</artifactId>

src/main/java/com/cloudcomputing/todo/mapper/UserMapper.java

@@ -4,6 +4,7 @@ import com.cloudcomputing.todo.dto.UserDTO;
 import com.cloudcomputing.todo.entity.User;
 import com.cloudcomputing.todo.service.UserService;
 import org.springframework.stereotype.Component;
+import org.mindrot.jbcrypt.BCrypt;
 
 @Component
 public class UserMapper {
@@ -22,7 +23,7 @@ public class UserMapper {
         User user = new User();
         user.setUserId(userDTO.getUserId());
         user.setUserName(userDTO.getUserName());
-        user.setPasswordHash(saltAndHashPassword(userDTO.getUserName(), userDTO.getPassword()));
+        user.setPasswordHash(BCrypt.hashpw(userDTO.getPassword(), BCrypt.gensalt()));
         return user;
     }
 
@@ -31,7 +32,7 @@ public class UserMapper {
     * helper method for salting and hashing
     *
      */
-
+    /*
     //salts and hashes password by byte values
     public String saltAndHashPassword(String userName, String pw) {
         //turn username into byte-array to use as unique salt
@@ -53,4 +54,6 @@ public class UserMapper {
 
         return saltAsString + passwordAsString;
     }
+        */
+
 }

src/main/java/com/cloudcomputing/todo/util/CustomAuthenticator.java

@@ -8,6 +8,7 @@ import jakarta.servlet.http.HttpSession;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.ResponseEntity;
 import org.springframework.stereotype.Component;
+import org.mindrot.jbcrypt.BCrypt;
 
 @Component
 public class CustomAuthenticator {
@@ -24,8 +25,9 @@ public class CustomAuthenticator {
 
         if (user != null) {
             expectedHash = user.getPasswordHash();
+            return BCrypt.checkpw(userDTO.getPassword(), expectedHash);
         }
 
-        return userMapper.saltAndHashPassword(userDTO.getUserName(), userDTO.getPassword()).equals(expectedHash);
+        return false;
     }
 }