diff options
author | Demian <demianalonso@gmail.com> | 2015-06-11 10:20:37 -0300 |
---|---|---|
committer | Demian <dalonso@ecotaxi.com> | 2015-06-16 18:42:13 -0300 |
commit | 80f766554a3dd117b2958fd8c55b8fab2b73f9f9 (patch) | |
tree | e2eb21db6c5c941201dead8e0f1db91c2d62fe84 /src/org/traccar/model | |
parent | 8ff799f9d16715259131cd535f7f918823f161f9 (diff) | |
download | traccar-server-80f766554a3dd117b2958fd8c55b8fab2b73f9f9.tar.gz traccar-server-80f766554a3dd117b2958fd8c55b8fab2b73f9f9.tar.bz2 traccar-server-80f766554a3dd117b2958fd8c55b8fab2b73f9f9.zip |
Implemented password hashing using a salt, following this code&guidelines: https://crackstation.net/hashing-security.htm
Diffstat (limited to 'src/org/traccar/model')
-rw-r--r-- | src/org/traccar/model/User.java | 24 |
1 files changed, 20 insertions, 4 deletions
diff --git a/src/org/traccar/model/User.java b/src/org/traccar/model/User.java index 410bc4d74..fa09861ed 100644 --- a/src/org/traccar/model/User.java +++ b/src/org/traccar/model/User.java @@ -15,7 +15,8 @@ */ package org.traccar.model; -import org.traccar.helper.Hashing; +import org.traccar.helper.PasswordHash; +import org.traccar.helper.PasswordHash.HashingResult; public class User implements Factory { @@ -36,10 +37,15 @@ public class User implements Factory { public String getEmail() { return email; } public void setEmail(String email) { this.email = email; } - private byte[] password; - public byte[] getPassword() { return password; } - public void setPassword(String password) { this.password = Hashing.sha256(password); } + private String password; + public String getPassword() { return password; } + public void setPassword(String password) { + this.password = password; + } + private String salt; + public String getSalt() { return salt; } + public void setSalt(String salt) { this.salt = salt; } private boolean readonly; private boolean admin; @@ -59,4 +65,14 @@ public class User implements Factory { private double longitude; private int zoom; + + public boolean isPasswordValid(String inputPassword) { + return PasswordHash.validatePassword(inputPassword.toCharArray(), PasswordHash.PBKDF2_ITERATIONS, this.salt, this.password); + } + + public void hashPassword(String password) { + HashingResult hashingResult = PasswordHash.createHash(password); + this.password = hashingResult.hash; + this.salt = hashingResult.salt; + } } |