Merge pull request #1252 from demianalonso/password-salt

Implemented password hashing with salt
author: Anton Tananaev <anton.tananaev@gmail.com> 2015-06-17 09:54:02 +1200
committer: Anton Tananaev <anton.tananaev@gmail.com> 2015-06-17 09:54:02 +1200
commit: 771e2d7c4ceb34c0b62852130061b04640b8ee71 (patch)
tree: 57a23077fc9af137baffbb51bcb4ba82cff2f94b /src/org/traccar/database
parent: 8ff799f9d16715259131cd535f7f918823f161f9 (diff)
parent: 92ac9aaa10fcf65a005c4e06245ce4a9427d5148 (diff)
download: trackermap-server-771e2d7c4ceb34c0b62852130061b04640b8ee71.tar.gz
trackermap-server-771e2d7c4ceb34c0b62852130061b04640b8ee71.tar.bz2
trackermap-server-771e2d7c4ceb34c0b62852130061b04640b8ee71.zip
1 files changed, 5 insertions, 6 deletions
diff --git a/src/org/traccar/database/DataManager.java b/src/org/traccar/database/DataManager.java
index ef9e2a31a..1aae7da4e 100644
--- a/src/org/traccar/database/DataManager.java
+++ b/src/org/traccar/database/DataManager.java
@@ -166,8 +166,8 @@ public class DataManager {
         User admin = new User();
         admin.setName("admin");
         admin.setEmail("admin");
-        admin.setPassword("admin");
         admin.setAdmin(true);
+        admin.setPassword("admin");
         admin.setId(QueryBuilder.create(dataSource, properties.getProperty("database.insertUser"))
                 .setObject(admin)
                 .executeUpdate());
@@ -221,10 +221,10 @@ public class DataManager {
     }
 
     public User login(String email, String password) throws SQLException {
-        return QueryBuilder.create(dataSource, properties.getProperty("database.loginUser"))
+        User user = QueryBuilder.create(dataSource, properties.getProperty("database.loginUser"))
                 .setString("email", email)
-                .setBytes("password", Hashing.sha256(password))
                 .executeQuerySingle(new User());
+        return user != null && user.isPasswordValid(password) ? user : null;
     }
 
     public Collection<User> getUsers() throws SQLException {
@@ -243,8 +243,7 @@ public class DataManager {
         QueryBuilder.create(dataSource, properties.getProperty("database.updateUser"))
                 .setObject(user)
                 .executeUpdate();
-        
-        if(user.getPassword() != null) {
+        if(user.getHashedPassword() != null) {
             QueryBuilder.create(dataSource, properties.getProperty("database.updateUserPassword"))
                 .setObject(user)
                 .executeUpdate();
@@ -252,7 +251,7 @@ public class DataManager {
         
         Context.getPermissionsManager().refresh();
     }
-    
+
     public void removeUser(User user) throws SQLException {
         QueryBuilder.create(dataSource, properties.getProperty("database.deleteUser"))
                 .setObject(user)
author	Anton Tananaev <anton.tananaev@gmail.com>	2015-06-17 09:54:02 +1200
committer	Anton Tananaev <anton.tananaev@gmail.com>	2015-06-17 09:54:02 +1200
commit	771e2d7c4ceb34c0b62852130061b04640b8ee71 (patch)
tree	57a23077fc9af137baffbb51bcb4ba82cff2f94b /src/org/traccar/database
parent	8ff799f9d16715259131cd535f7f918823f161f9 (diff)
parent	92ac9aaa10fcf65a005c4e06245ce4a9427d5148 (diff)
download	trackermap-server-771e2d7c4ceb34c0b62852130061b04640b8ee71.tar.gz trackermap-server-771e2d7c4ceb34c0b62852130061b04640b8ee71.tar.bz2 trackermap-server-771e2d7c4ceb34c0b62852130061b04640b8ee71.zip