From 92ac9aaa10fcf65a005c4e06245ce4a9427d5148 Mon Sep 17 00:00:00 2001 From: Demian Date: Tue, 16 Jun 2015 18:25:28 -0300 Subject: Separated the persisted password (hashedPassword) from the password sent from the web request. Improved JSON serialization so it doesnt send as a response the hashed password and salt. --- src/org/traccar/database/DataManager.java | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) (limited to 'src/org/traccar/database') diff --git a/src/org/traccar/database/DataManager.java b/src/org/traccar/database/DataManager.java index 79de15998..1aae7da4e 100644 --- a/src/org/traccar/database/DataManager.java +++ b/src/org/traccar/database/DataManager.java @@ -167,7 +167,7 @@ public class DataManager { admin.setName("admin"); admin.setEmail("admin"); admin.setAdmin(true); - admin.hashPassword("admin"); + admin.setPassword("admin"); admin.setId(QueryBuilder.create(dataSource, properties.getProperty("database.insertUser")) .setObject(admin) .executeUpdate()); @@ -232,20 +232,18 @@ public class DataManager { .executeQuery(new User()); } - public void addUser(User user, String password) throws SQLException { - user.hashPassword(password); + public void addUser(User user) throws SQLException { user.setId(QueryBuilder.create(dataSource, properties.getProperty("database.insertUser")) .setObject(user) .executeUpdate()); Context.getPermissionsManager().refresh(); } - public void updateUser(User user, String password) throws SQLException { + public void updateUser(User user) throws SQLException { QueryBuilder.create(dataSource, properties.getProperty("database.updateUser")) .setObject(user) .executeUpdate(); - if(password != null) { - user.hashPassword(password); + if(user.getHashedPassword() != null) { QueryBuilder.create(dataSource, properties.getProperty("database.updateUserPassword")) .setObject(user) .executeUpdate(); -- cgit v1.2.3