diff options
author | Demian <dalonso@ecotaxi.com> | 2015-06-16 18:25:28 -0300 |
---|---|---|
committer | Demian <dalonso@ecotaxi.com> | 2015-06-16 18:42:13 -0300 |
commit | 92ac9aaa10fcf65a005c4e06245ce4a9427d5148 (patch) | |
tree | 57a23077fc9af137baffbb51bcb4ba82cff2f94b /src/org/traccar/model/User.java | |
parent | 80f766554a3dd117b2958fd8c55b8fab2b73f9f9 (diff) | |
download | trackermap-server-92ac9aaa10fcf65a005c4e06245ce4a9427d5148.tar.gz trackermap-server-92ac9aaa10fcf65a005c4e06245ce4a9427d5148.tar.bz2 trackermap-server-92ac9aaa10fcf65a005c4e06245ce4a9427d5148.zip |
Separated the persisted password (hashedPassword) from the password sent from the web request. Improved JSON serialization so it doesnt send as a response the hashed password and salt.
Diffstat (limited to 'src/org/traccar/model/User.java')
-rw-r--r-- | src/org/traccar/model/User.java | 30 |
1 files changed, 21 insertions, 9 deletions
diff --git a/src/org/traccar/model/User.java b/src/org/traccar/model/User.java index fa09861ed..f7c55c0d6 100644 --- a/src/org/traccar/model/User.java +++ b/src/org/traccar/model/User.java @@ -15,6 +15,7 @@ */ package org.traccar.model; +import org.traccar.helper.IgnoreOnSerialization; import org.traccar.helper.PasswordHash; import org.traccar.helper.PasswordHash.HashingResult; @@ -36,14 +37,16 @@ public class User implements Factory { private String email; public String getEmail() { return email; } public void setEmail(String email) { this.email = email; } - - private String password; - public String getPassword() { return password; } - public void setPassword(String password) { - this.password = password; + + private String hashedPassword; + @IgnoreOnSerialization + public String getHashedPassword() { return hashedPassword; } + public void setHashedPassword(String hashedPassword) { + this.hashedPassword = hashedPassword; } - + private String salt; + @IgnoreOnSerialization public String getSalt() { return salt; } public void setSalt(String salt) { this.salt = salt; } private boolean readonly; @@ -65,14 +68,23 @@ public class User implements Factory { private double longitude; private int zoom; - + + private String password; + public String getPassword() { return password; } + public void setPassword(String password) { + this.password = password; + if(this.password != null && !this.password.trim().equals("")) { + this.hashPassword(password); + } + } + public boolean isPasswordValid(String inputPassword) { - return PasswordHash.validatePassword(inputPassword.toCharArray(), PasswordHash.PBKDF2_ITERATIONS, this.salt, this.password); + return PasswordHash.validatePassword(inputPassword.toCharArray(), PasswordHash.PBKDF2_ITERATIONS, this.salt, this.hashedPassword); } public void hashPassword(String password) { HashingResult hashingResult = PasswordHash.createHash(password); - this.password = hashingResult.hash; + this.hashedPassword = hashingResult.hash; this.salt = hashingResult.salt; } } |