aboutsummaryrefslogtreecommitdiff
path: root/src/org/traccar/database
diff options
context:
space:
mode:
authorDemian <demianalonso@gmail.com>2015-06-11 10:20:37 -0300
committerDemian <dalonso@ecotaxi.com>2015-06-16 18:42:13 -0300
commit80f766554a3dd117b2958fd8c55b8fab2b73f9f9 (patch)
treee2eb21db6c5c941201dead8e0f1db91c2d62fe84 /src/org/traccar/database
parent8ff799f9d16715259131cd535f7f918823f161f9 (diff)
downloadtraccar-server-80f766554a3dd117b2958fd8c55b8fab2b73f9f9.tar.gz
traccar-server-80f766554a3dd117b2958fd8c55b8fab2b73f9f9.tar.bz2
traccar-server-80f766554a3dd117b2958fd8c55b8fab2b73f9f9.zip
Implemented password hashing using a salt, following this code&guidelines: https://crackstation.net/hashing-security.htm
Diffstat (limited to 'src/org/traccar/database')
-rw-r--r--src/org/traccar/database/DataManager.java17
1 files changed, 9 insertions, 8 deletions
diff --git a/src/org/traccar/database/DataManager.java b/src/org/traccar/database/DataManager.java
index ef9e2a31a..79de15998 100644
--- a/src/org/traccar/database/DataManager.java
+++ b/src/org/traccar/database/DataManager.java
@@ -166,8 +166,8 @@ public class DataManager {
User admin = new User();
admin.setName("admin");
admin.setEmail("admin");
- admin.setPassword("admin");
admin.setAdmin(true);
+ admin.hashPassword("admin");
admin.setId(QueryBuilder.create(dataSource, properties.getProperty("database.insertUser"))
.setObject(admin)
.executeUpdate());
@@ -221,10 +221,10 @@ public class DataManager {
}
public User login(String email, String password) throws SQLException {
- return QueryBuilder.create(dataSource, properties.getProperty("database.loginUser"))
+ User user = QueryBuilder.create(dataSource, properties.getProperty("database.loginUser"))
.setString("email", email)
- .setBytes("password", Hashing.sha256(password))
.executeQuerySingle(new User());
+ return user != null && user.isPasswordValid(password) ? user : null;
}
public Collection<User> getUsers() throws SQLException {
@@ -232,19 +232,20 @@ public class DataManager {
.executeQuery(new User());
}
- public void addUser(User user) throws SQLException {
+ public void addUser(User user, String password) throws SQLException {
+ user.hashPassword(password);
user.setId(QueryBuilder.create(dataSource, properties.getProperty("database.insertUser"))
.setObject(user)
.executeUpdate());
Context.getPermissionsManager().refresh();
}
- public void updateUser(User user) throws SQLException {
+ public void updateUser(User user, String password) throws SQLException {
QueryBuilder.create(dataSource, properties.getProperty("database.updateUser"))
.setObject(user)
.executeUpdate();
-
- if(user.getPassword() != null) {
+ if(password != null) {
+ user.hashPassword(password);
QueryBuilder.create(dataSource, properties.getProperty("database.updateUserPassword"))
.setObject(user)
.executeUpdate();
@@ -252,7 +253,7 @@ public class DataManager {
Context.getPermissionsManager().refresh();
}
-
+
public void removeUser(User user) throws SQLException {
QueryBuilder.create(dataSource, properties.getProperty("database.deleteUser"))
.setObject(user)