aboutsummaryrefslogtreecommitdiff
path: root/src/org/traccar/model
diff options
context:
space:
mode:
authorDemian <dalonso@ecotaxi.com>2015-06-16 18:25:28 -0300
committerDemian <dalonso@ecotaxi.com>2015-06-16 18:42:13 -0300
commit92ac9aaa10fcf65a005c4e06245ce4a9427d5148 (patch)
tree57a23077fc9af137baffbb51bcb4ba82cff2f94b /src/org/traccar/model
parent80f766554a3dd117b2958fd8c55b8fab2b73f9f9 (diff)
downloadtraccar-server-92ac9aaa10fcf65a005c4e06245ce4a9427d5148.tar.gz
traccar-server-92ac9aaa10fcf65a005c4e06245ce4a9427d5148.tar.bz2
traccar-server-92ac9aaa10fcf65a005c4e06245ce4a9427d5148.zip
Separated the persisted password (hashedPassword) from the password sent from the web request. Improved JSON serialization so it doesnt send as a response the hashed password and salt.
Diffstat (limited to 'src/org/traccar/model')
-rw-r--r--src/org/traccar/model/User.java30
1 files changed, 21 insertions, 9 deletions
diff --git a/src/org/traccar/model/User.java b/src/org/traccar/model/User.java
index fa09861ed..f7c55c0d6 100644
--- a/src/org/traccar/model/User.java
+++ b/src/org/traccar/model/User.java
@@ -15,6 +15,7 @@
*/
package org.traccar.model;
+import org.traccar.helper.IgnoreOnSerialization;
import org.traccar.helper.PasswordHash;
import org.traccar.helper.PasswordHash.HashingResult;
@@ -36,14 +37,16 @@ public class User implements Factory {
private String email;
public String getEmail() { return email; }
public void setEmail(String email) { this.email = email; }
-
- private String password;
- public String getPassword() { return password; }
- public void setPassword(String password) {
- this.password = password;
+
+ private String hashedPassword;
+ @IgnoreOnSerialization
+ public String getHashedPassword() { return hashedPassword; }
+ public void setHashedPassword(String hashedPassword) {
+ this.hashedPassword = hashedPassword;
}
-
+
private String salt;
+ @IgnoreOnSerialization
public String getSalt() { return salt; }
public void setSalt(String salt) { this.salt = salt; }
private boolean readonly;
@@ -65,14 +68,23 @@ public class User implements Factory {
private double longitude;
private int zoom;
-
+
+ private String password;
+ public String getPassword() { return password; }
+ public void setPassword(String password) {
+ this.password = password;
+ if(this.password != null && !this.password.trim().equals("")) {
+ this.hashPassword(password);
+ }
+ }
+
public boolean isPasswordValid(String inputPassword) {
- return PasswordHash.validatePassword(inputPassword.toCharArray(), PasswordHash.PBKDF2_ITERATIONS, this.salt, this.password);
+ return PasswordHash.validatePassword(inputPassword.toCharArray(), PasswordHash.PBKDF2_ITERATIONS, this.salt, this.hashedPassword);
}
public void hashPassword(String password) {
HashingResult hashingResult = PasswordHash.createHash(password);
- this.password = hashingResult.hash;
+ this.hashedPassword = hashingResult.hash;
this.salt = hashingResult.salt;
}
}