From 271e14603c5ce78e1244ebf1854283585f8dd0fb Mon Sep 17 00:00:00 2001 From: jan <jan.schnaidt@student.reutlingen-university.de> Date: Mon, 11 Nov 2024 20:16:21 +0100 Subject: [PATCH] =?UTF-8?q?BCrypt=20eingef=C3=BCgt?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- pom.xml | 6 +++++- .../java/com/cloudcomputing/todo/mapper/UserMapper.java | 7 +++++-- .../com/cloudcomputing/todo/util/CustomAuthenticator.java | 4 +++- 3 files changed, 13 insertions(+), 4 deletions(-) diff --git a/pom.xml b/pom.xml index bd0ed16..4d72f91 100644 --- a/pom.xml +++ b/pom.xml @@ -38,7 +38,11 @@ <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> </dependency> - + <dependency> + <groupId>org.mindrot</groupId> + <artifactId>jbcrypt</artifactId> + <version>0.4</version> + </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-test</artifactId> diff --git a/src/main/java/com/cloudcomputing/todo/mapper/UserMapper.java b/src/main/java/com/cloudcomputing/todo/mapper/UserMapper.java index 8f0a916..9969798 100644 --- a/src/main/java/com/cloudcomputing/todo/mapper/UserMapper.java +++ b/src/main/java/com/cloudcomputing/todo/mapper/UserMapper.java @@ -4,6 +4,7 @@ import com.cloudcomputing.todo.dto.UserDTO; import com.cloudcomputing.todo.entity.User; import com.cloudcomputing.todo.service.UserService; import org.springframework.stereotype.Component; +import org.mindrot.jbcrypt.BCrypt; @Component public class UserMapper { @@ -22,7 +23,7 @@ public class UserMapper { User user = new User(); user.setUserId(userDTO.getUserId()); user.setUserName(userDTO.getUserName()); - user.setPasswordHash(saltAndHashPassword(userDTO.getUserName(), userDTO.getPassword())); + user.setPasswordHash(BCrypt.hashpw(userDTO.getPassword(), BCrypt.gensalt())); return user; } @@ -31,7 +32,7 @@ public class UserMapper { * helper method for salting and hashing * */ - + /* //salts and hashes password by byte values public String saltAndHashPassword(String userName, String pw) { //turn username into byte-array to use as unique salt @@ -53,4 +54,6 @@ public class UserMapper { return saltAsString + passwordAsString; } + */ + } diff --git a/src/main/java/com/cloudcomputing/todo/util/CustomAuthenticator.java b/src/main/java/com/cloudcomputing/todo/util/CustomAuthenticator.java index 2ec9d4d..4cc2b10 100644 --- a/src/main/java/com/cloudcomputing/todo/util/CustomAuthenticator.java +++ b/src/main/java/com/cloudcomputing/todo/util/CustomAuthenticator.java @@ -8,6 +8,7 @@ import jakarta.servlet.http.HttpSession; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.ResponseEntity; import org.springframework.stereotype.Component; +import org.mindrot.jbcrypt.BCrypt; @Component public class CustomAuthenticator { @@ -24,8 +25,9 @@ public class CustomAuthenticator { if (user != null) { expectedHash = user.getPasswordHash(); + return BCrypt.checkpw(userDTO.getPassword(), expectedHash); } - return userMapper.saltAndHashPassword(userDTO.getUserName(), userDTO.getPassword()).equals(expectedHash); + return false; } } -- GitLab