diff options
author | Demian <demianalonso@gmail.com> | 2015-06-11 10:20:37 -0300 |
---|---|---|
committer | Demian <dalonso@ecotaxi.com> | 2015-06-16 18:42:13 -0300 |
commit | 80f766554a3dd117b2958fd8c55b8fab2b73f9f9 (patch) | |
tree | e2eb21db6c5c941201dead8e0f1db91c2d62fe84 /src/org/traccar/database | |
parent | 8ff799f9d16715259131cd535f7f918823f161f9 (diff) | |
download | traccar-server-80f766554a3dd117b2958fd8c55b8fab2b73f9f9.tar.gz traccar-server-80f766554a3dd117b2958fd8c55b8fab2b73f9f9.tar.bz2 traccar-server-80f766554a3dd117b2958fd8c55b8fab2b73f9f9.zip |
Implemented password hashing using a salt, following this code&guidelines: https://crackstation.net/hashing-security.htm
Diffstat (limited to 'src/org/traccar/database')
-rw-r--r-- | src/org/traccar/database/DataManager.java | 17 |
1 files changed, 9 insertions, 8 deletions
diff --git a/src/org/traccar/database/DataManager.java b/src/org/traccar/database/DataManager.java index ef9e2a31a..79de15998 100644 --- a/src/org/traccar/database/DataManager.java +++ b/src/org/traccar/database/DataManager.java @@ -166,8 +166,8 @@ public class DataManager { User admin = new User(); admin.setName("admin"); admin.setEmail("admin"); - admin.setPassword("admin"); admin.setAdmin(true); + admin.hashPassword("admin"); admin.setId(QueryBuilder.create(dataSource, properties.getProperty("database.insertUser")) .setObject(admin) .executeUpdate()); @@ -221,10 +221,10 @@ public class DataManager { } public User login(String email, String password) throws SQLException { - return QueryBuilder.create(dataSource, properties.getProperty("database.loginUser")) + User user = QueryBuilder.create(dataSource, properties.getProperty("database.loginUser")) .setString("email", email) - .setBytes("password", Hashing.sha256(password)) .executeQuerySingle(new User()); + return user != null && user.isPasswordValid(password) ? user : null; } public Collection<User> getUsers() throws SQLException { @@ -232,19 +232,20 @@ public class DataManager { .executeQuery(new User()); } - public void addUser(User user) throws SQLException { + public void addUser(User user, String password) throws SQLException { + user.hashPassword(password); user.setId(QueryBuilder.create(dataSource, properties.getProperty("database.insertUser")) .setObject(user) .executeUpdate()); Context.getPermissionsManager().refresh(); } - public void updateUser(User user) throws SQLException { + public void updateUser(User user, String password) throws SQLException { QueryBuilder.create(dataSource, properties.getProperty("database.updateUser")) .setObject(user) .executeUpdate(); - - if(user.getPassword() != null) { + if(password != null) { + user.hashPassword(password); QueryBuilder.create(dataSource, properties.getProperty("database.updateUserPassword")) .setObject(user) .executeUpdate(); @@ -252,7 +253,7 @@ public class DataManager { Context.getPermissionsManager().refresh(); } - + public void removeUser(User user) throws SQLException { QueryBuilder.create(dataSource, properties.getProperty("database.deleteUser")) .setObject(user) |