aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDemian <dalonso@ecotaxi.com>2015-06-16 18:25:28 -0300
committerDemian <dalonso@ecotaxi.com>2015-06-16 18:42:13 -0300
commit92ac9aaa10fcf65a005c4e06245ce4a9427d5148 (patch)
tree57a23077fc9af137baffbb51bcb4ba82cff2f94b
parent80f766554a3dd117b2958fd8c55b8fab2b73f9f9 (diff)
downloadtrackermap-server-92ac9aaa10fcf65a005c4e06245ce4a9427d5148.tar.gz
trackermap-server-92ac9aaa10fcf65a005c4e06245ce4a9427d5148.tar.bz2
trackermap-server-92ac9aaa10fcf65a005c4e06245ce4a9427d5148.zip
Separated the persisted password (hashedPassword) from the password sent from the web request. Improved JSON serialization so it doesnt send as a response the hashed password and salt.
-rw-r--r--debug.xml8
-rw-r--r--src/org/traccar/database/DataManager.java10
-rw-r--r--src/org/traccar/helper/IgnoreOnSerialization.java12
-rw-r--r--src/org/traccar/http/JsonConverter.java5
-rw-r--r--src/org/traccar/http/MainServlet.java2
-rw-r--r--src/org/traccar/http/UserServlet.java4
-rw-r--r--src/org/traccar/model/User.java30
7 files changed, 49 insertions, 22 deletions
diff --git a/debug.xml b/debug.xml
index 84587f293..01bb66d60 100644
--- a/debug.xml
+++ b/debug.xml
@@ -43,7 +43,7 @@
id INT PRIMARY KEY AUTO_INCREMENT,
name VARCHAR(1024) NOT NULL,
email VARCHAR(256) NOT NULL UNIQUE,
- password VARCHAR(1024) NOT NULL,
+ hashedPassword VARCHAR(1024) NOT NULL,
salt VARCHAR(1024) DEFAULT '' NOT NULL,
readonly BOOLEAN DEFAULT false NOT NULL,
admin BOOLEAN DEFAULT false NOT NULL,
@@ -141,8 +141,8 @@
</entry>
<entry key='database.insertUser'>
- INSERT INTO user (name, email, password, salt, admin)
- VALUES (:name, :email, :password, :salt, :admin);
+ INSERT INTO user (name, email, hashedPassword, salt, admin)
+ VALUES (:name, :email, :hashedPassword, :salt, :admin);
</entry>
<entry key='database.updateUser'>
@@ -154,7 +154,7 @@
</entry>
<entry key='database.updateUserPassword'>
- UPDATE user SET password = :password, salt = :salt WHERE id = :id;
+ UPDATE user SET hashedPassword = :hashedPassword, salt = :salt WHERE id = :id;
</entry>
<entry key='database.deleteUser'>
diff --git a/src/org/traccar/database/DataManager.java b/src/org/traccar/database/DataManager.java
index 79de15998..1aae7da4e 100644
--- a/src/org/traccar/database/DataManager.java
+++ b/src/org/traccar/database/DataManager.java
@@ -167,7 +167,7 @@ public class DataManager {
admin.setName("admin");
admin.setEmail("admin");
admin.setAdmin(true);
- admin.hashPassword("admin");
+ admin.setPassword("admin");
admin.setId(QueryBuilder.create(dataSource, properties.getProperty("database.insertUser"))
.setObject(admin)
.executeUpdate());
@@ -232,20 +232,18 @@ public class DataManager {
.executeQuery(new User());
}
- public void addUser(User user, String password) throws SQLException {
- user.hashPassword(password);
+ public void addUser(User user) throws SQLException {
user.setId(QueryBuilder.create(dataSource, properties.getProperty("database.insertUser"))
.setObject(user)
.executeUpdate());
Context.getPermissionsManager().refresh();
}
- public void updateUser(User user, String password) throws SQLException {
+ public void updateUser(User user) throws SQLException {
QueryBuilder.create(dataSource, properties.getProperty("database.updateUser"))
.setObject(user)
.executeUpdate();
- if(password != null) {
- user.hashPassword(password);
+ if(user.getHashedPassword() != null) {
QueryBuilder.create(dataSource, properties.getProperty("database.updateUserPassword"))
.setObject(user)
.executeUpdate();
diff --git a/src/org/traccar/helper/IgnoreOnSerialization.java b/src/org/traccar/helper/IgnoreOnSerialization.java
new file mode 100644
index 000000000..22ec7ced8
--- /dev/null
+++ b/src/org/traccar/helper/IgnoreOnSerialization.java
@@ -0,0 +1,12 @@
+package org.traccar.helper;
+
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+import static java.lang.annotation.ElementType.METHOD;
+
+@Retention(RetentionPolicy.RUNTIME)
+@Target(value = {METHOD})
+public @interface IgnoreOnSerialization {
+}
diff --git a/src/org/traccar/http/JsonConverter.java b/src/org/traccar/http/JsonConverter.java
index 6cdba5492..f18470d9d 100644
--- a/src/org/traccar/http/JsonConverter.java
+++ b/src/org/traccar/http/JsonConverter.java
@@ -30,6 +30,8 @@ import javax.json.JsonArrayBuilder;
import javax.json.JsonObject;
import javax.json.JsonObjectBuilder;
import javax.json.JsonValue;
+
+import org.traccar.helper.IgnoreOnSerialization;
import org.traccar.model.Factory;
public class JsonConverter {
@@ -88,6 +90,9 @@ public class JsonConverter {
Method[] methods = object.getClass().getMethods();
for (Method method : methods) {
+ if(method.isAnnotationPresent(IgnoreOnSerialization.class)) {
+ continue;
+ }
if (method.getName().startsWith("get") && method.getParameterTypes().length == 0) {
String name = Introspector.decapitalize(method.getName().substring(3));
try {
diff --git a/src/org/traccar/http/MainServlet.java b/src/org/traccar/http/MainServlet.java
index cf6e81286..18430f0c3 100644
--- a/src/org/traccar/http/MainServlet.java
+++ b/src/org/traccar/http/MainServlet.java
@@ -67,7 +67,7 @@ public class MainServlet extends BaseServlet {
private void register(HttpServletRequest req, HttpServletResponse resp) throws Exception {
User user = JsonConverter.objectFromJson(req.getReader(), new User());
- Context.getDataManager().addUser(user, user.getPassword());
+ Context.getDataManager().addUser(user);
sendResponse(resp.getWriter(), true);
}
diff --git a/src/org/traccar/http/UserServlet.java b/src/org/traccar/http/UserServlet.java
index 197ef0326..f388326b0 100644
--- a/src/org/traccar/http/UserServlet.java
+++ b/src/org/traccar/http/UserServlet.java
@@ -47,14 +47,14 @@ public class UserServlet extends BaseServlet {
private void add(HttpServletRequest req, HttpServletResponse resp) throws Exception {
User user = JsonConverter.objectFromJson(req.getReader(), new User());
Context.getPermissionsManager().checkUser(getUserId(req), user.getId());
- Context.getDataManager().addUser(user, user.getPassword());
+ Context.getDataManager().addUser(user);
sendResponse(resp.getWriter(), JsonConverter.objectToJson(user));
}
private void update(HttpServletRequest req, HttpServletResponse resp) throws Exception {
User user = JsonConverter.objectFromJson(req.getReader(), new User());
Context.getPermissionsManager().checkUser(getUserId(req), user.getId());
- Context.getDataManager().updateUser(user, user.getPassword());
+ Context.getDataManager().updateUser(user);
sendResponse(resp.getWriter(), true);
}
diff --git a/src/org/traccar/model/User.java b/src/org/traccar/model/User.java
index fa09861ed..f7c55c0d6 100644
--- a/src/org/traccar/model/User.java
+++ b/src/org/traccar/model/User.java
@@ -15,6 +15,7 @@
*/
package org.traccar.model;
+import org.traccar.helper.IgnoreOnSerialization;
import org.traccar.helper.PasswordHash;
import org.traccar.helper.PasswordHash.HashingResult;
@@ -36,14 +37,16 @@ public class User implements Factory {
private String email;
public String getEmail() { return email; }
public void setEmail(String email) { this.email = email; }
-
- private String password;
- public String getPassword() { return password; }
- public void setPassword(String password) {
- this.password = password;
+
+ private String hashedPassword;
+ @IgnoreOnSerialization
+ public String getHashedPassword() { return hashedPassword; }
+ public void setHashedPassword(String hashedPassword) {
+ this.hashedPassword = hashedPassword;
}
-
+
private String salt;
+ @IgnoreOnSerialization
public String getSalt() { return salt; }
public void setSalt(String salt) { this.salt = salt; }
private boolean readonly;
@@ -65,14 +68,23 @@ public class User implements Factory {
private double longitude;
private int zoom;
-
+
+ private String password;
+ public String getPassword() { return password; }
+ public void setPassword(String password) {
+ this.password = password;
+ if(this.password != null && !this.password.trim().equals("")) {
+ this.hashPassword(password);
+ }
+ }
+
public boolean isPasswordValid(String inputPassword) {
- return PasswordHash.validatePassword(inputPassword.toCharArray(), PasswordHash.PBKDF2_ITERATIONS, this.salt, this.password);
+ return PasswordHash.validatePassword(inputPassword.toCharArray(), PasswordHash.PBKDF2_ITERATIONS, this.salt, this.hashedPassword);
}
public void hashPassword(String password) {
HashingResult hashingResult = PasswordHash.createHash(password);
- this.password = hashingResult.hash;
+ this.hashedPassword = hashingResult.hash;
this.salt = hashingResult.salt;
}
}