From 80f766554a3dd117b2958fd8c55b8fab2b73f9f9 Mon Sep 17 00:00:00 2001 From: Demian Date: Thu, 11 Jun 2015 10:20:37 -0300 Subject: Implemented password hashing using a salt, following this code&guidelines: https://crackstation.net/hashing-security.htm --- src/org/traccar/model/User.java | 24 ++++++++++++++++++++---- 1 file changed, 20 insertions(+), 4 deletions(-) (limited to 'src/org/traccar/model/User.java') diff --git a/src/org/traccar/model/User.java b/src/org/traccar/model/User.java index 410bc4d74..fa09861ed 100644 --- a/src/org/traccar/model/User.java +++ b/src/org/traccar/model/User.java @@ -15,7 +15,8 @@ */ package org.traccar.model; -import org.traccar.helper.Hashing; +import org.traccar.helper.PasswordHash; +import org.traccar.helper.PasswordHash.HashingResult; public class User implements Factory { @@ -36,10 +37,15 @@ public class User implements Factory { public String getEmail() { return email; } public void setEmail(String email) { this.email = email; } - private byte[] password; - public byte[] getPassword() { return password; } - public void setPassword(String password) { this.password = Hashing.sha256(password); } + private String password; + public String getPassword() { return password; } + public void setPassword(String password) { + this.password = password; + } + private String salt; + public String getSalt() { return salt; } + public void setSalt(String salt) { this.salt = salt; } private boolean readonly; private boolean admin; @@ -59,4 +65,14 @@ public class User implements Factory { private double longitude; private int zoom; + + public boolean isPasswordValid(String inputPassword) { + return PasswordHash.validatePassword(inputPassword.toCharArray(), PasswordHash.PBKDF2_ITERATIONS, this.salt, this.password); + } + + public void hashPassword(String password) { + HashingResult hashingResult = PasswordHash.createHash(password); + this.password = hashingResult.hash; + this.salt = hashingResult.salt; + } } -- cgit v1.2.3