From 271e14603c5ce78e1244ebf1854283585f8dd0fb Mon Sep 17 00:00:00 2001
From: jan <jan.schnaidt@student.reutlingen-university.de>
Date: Mon, 11 Nov 2024 20:16:21 +0100
Subject: [PATCH] =?UTF-8?q?BCrypt=20eingef=C3=BCgt?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 pom.xml                                                    | 6 +++++-
 .../java/com/cloudcomputing/todo/mapper/UserMapper.java    | 7 +++++--
 .../com/cloudcomputing/todo/util/CustomAuthenticator.java  | 4 +++-
 3 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/pom.xml b/pom.xml
index bd0ed16..4d72f91 100644
--- a/pom.xml
+++ b/pom.xml
@@ -38,7 +38,11 @@
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-web</artifactId>
 		</dependency>
-
+		<dependency>
+			<groupId>org.mindrot</groupId>
+			<artifactId>jbcrypt</artifactId>
+			<version>0.4</version>
+		</dependency>
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-test</artifactId>
diff --git a/src/main/java/com/cloudcomputing/todo/mapper/UserMapper.java b/src/main/java/com/cloudcomputing/todo/mapper/UserMapper.java
index 8f0a916..9969798 100644
--- a/src/main/java/com/cloudcomputing/todo/mapper/UserMapper.java
+++ b/src/main/java/com/cloudcomputing/todo/mapper/UserMapper.java
@@ -4,6 +4,7 @@ import com.cloudcomputing.todo.dto.UserDTO;
 import com.cloudcomputing.todo.entity.User;
 import com.cloudcomputing.todo.service.UserService;
 import org.springframework.stereotype.Component;
+import org.mindrot.jbcrypt.BCrypt;
 
 @Component
 public class UserMapper {
@@ -22,7 +23,7 @@ public class UserMapper {
         User user = new User();
         user.setUserId(userDTO.getUserId());
         user.setUserName(userDTO.getUserName());
-        user.setPasswordHash(saltAndHashPassword(userDTO.getUserName(), userDTO.getPassword()));
+        user.setPasswordHash(BCrypt.hashpw(userDTO.getPassword(), BCrypt.gensalt()));
         return user;
     }
 
@@ -31,7 +32,7 @@ public class UserMapper {
     * helper method for salting and hashing
     *
      */
-
+    /*
     //salts and hashes password by byte values
     public String saltAndHashPassword(String userName, String pw) {
         //turn username into byte-array to use as unique salt
@@ -53,4 +54,6 @@ public class UserMapper {
 
         return saltAsString + passwordAsString;
     }
+        */
+
 }
diff --git a/src/main/java/com/cloudcomputing/todo/util/CustomAuthenticator.java b/src/main/java/com/cloudcomputing/todo/util/CustomAuthenticator.java
index 2ec9d4d..4cc2b10 100644
--- a/src/main/java/com/cloudcomputing/todo/util/CustomAuthenticator.java
+++ b/src/main/java/com/cloudcomputing/todo/util/CustomAuthenticator.java
@@ -8,6 +8,7 @@ import jakarta.servlet.http.HttpSession;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.ResponseEntity;
 import org.springframework.stereotype.Component;
+import org.mindrot.jbcrypt.BCrypt;
 
 @Component
 public class CustomAuthenticator {
@@ -24,8 +25,9 @@ public class CustomAuthenticator {
 
         if (user != null) {
             expectedHash = user.getPasswordHash();
+            return BCrypt.checkpw(userDTO.getPassword(), expectedHash);
         }
 
-        return userMapper.saltAndHashPassword(userDTO.getUserName(), userDTO.getPassword()).equals(expectedHash);
+        return false;
     }
 }
-- 
GitLab