aboutsummaryrefslogtreecommitdiff
path: root/src/org/traccar/model
diff options
context:
space:
mode:
authorDemian <demianalonso@gmail.com>2015-06-11 10:20:37 -0300
committerDemian <dalonso@ecotaxi.com>2015-06-16 18:42:13 -0300
commit80f766554a3dd117b2958fd8c55b8fab2b73f9f9 (patch)
treee2eb21db6c5c941201dead8e0f1db91c2d62fe84 /src/org/traccar/model
parent8ff799f9d16715259131cd535f7f918823f161f9 (diff)
downloadtraccar-server-80f766554a3dd117b2958fd8c55b8fab2b73f9f9.tar.gz
traccar-server-80f766554a3dd117b2958fd8c55b8fab2b73f9f9.tar.bz2
traccar-server-80f766554a3dd117b2958fd8c55b8fab2b73f9f9.zip
Implemented password hashing using a salt, following this code&guidelines: https://crackstation.net/hashing-security.htm
Diffstat (limited to 'src/org/traccar/model')
-rw-r--r--src/org/traccar/model/User.java24
1 files changed, 20 insertions, 4 deletions
diff --git a/src/org/traccar/model/User.java b/src/org/traccar/model/User.java
index 410bc4d74..fa09861ed 100644
--- a/src/org/traccar/model/User.java
+++ b/src/org/traccar/model/User.java
@@ -15,7 +15,8 @@
*/
package org.traccar.model;
-import org.traccar.helper.Hashing;
+import org.traccar.helper.PasswordHash;
+import org.traccar.helper.PasswordHash.HashingResult;
public class User implements Factory {
@@ -36,10 +37,15 @@ public class User implements Factory {
public String getEmail() { return email; }
public void setEmail(String email) { this.email = email; }
- private byte[] password;
- public byte[] getPassword() { return password; }
- public void setPassword(String password) { this.password = Hashing.sha256(password); }
+ private String password;
+ public String getPassword() { return password; }
+ public void setPassword(String password) {
+ this.password = password;
+ }
+ private String salt;
+ public String getSalt() { return salt; }
+ public void setSalt(String salt) { this.salt = salt; }
private boolean readonly;
private boolean admin;
@@ -59,4 +65,14 @@ public class User implements Factory {
private double longitude;
private int zoom;
+
+ public boolean isPasswordValid(String inputPassword) {
+ return PasswordHash.validatePassword(inputPassword.toCharArray(), PasswordHash.PBKDF2_ITERATIONS, this.salt, this.password);
+ }
+
+ public void hashPassword(String password) {
+ HashingResult hashingResult = PasswordHash.createHash(password);
+ this.password = hashingResult.hash;
+ this.salt = hashingResult.salt;
+ }
}