From e2df061ec7d8e4ff21c9a033985d9ca56118556e Mon Sep 17 00:00:00 2001 From: Anton Tananaev Date: Wed, 1 Jul 2015 12:07:09 +1200 Subject: Minor changes to password management --- src/org/traccar/database/DataManager.java | 2 +- src/org/traccar/helper/IgnoreOnSerialization.java | 12 ------- src/org/traccar/http/JsonConverter.java | 3 +- src/org/traccar/http/JsonIgnore.java | 12 +++++++ src/org/traccar/model/User.java | 39 +++++++++++------------ 5 files changed, 32 insertions(+), 36 deletions(-) delete mode 100644 src/org/traccar/helper/IgnoreOnSerialization.java create mode 100644 src/org/traccar/http/JsonIgnore.java (limited to 'src/org/traccar') diff --git a/src/org/traccar/database/DataManager.java b/src/org/traccar/database/DataManager.java index d4351d316..dfa2ddf58 100644 --- a/src/org/traccar/database/DataManager.java +++ b/src/org/traccar/database/DataManager.java @@ -237,7 +237,7 @@ public class DataManager { QueryBuilder.create(dataSource, getQuery("database.updateUser")) .setObject(user) .executeUpdate(); - if(user.getHashedPassword() != null) { + if (user.getHashedPassword() != null) { QueryBuilder.create(dataSource, getQuery("database.updateUserPassword")) .setObject(user) .executeUpdate(); diff --git a/src/org/traccar/helper/IgnoreOnSerialization.java b/src/org/traccar/helper/IgnoreOnSerialization.java deleted file mode 100644 index 22ec7ced8..000000000 --- a/src/org/traccar/helper/IgnoreOnSerialization.java +++ /dev/null @@ -1,12 +0,0 @@ -package org.traccar.helper; - -import java.lang.annotation.Retention; -import java.lang.annotation.RetentionPolicy; -import java.lang.annotation.Target; - -import static java.lang.annotation.ElementType.METHOD; - -@Retention(RetentionPolicy.RUNTIME) -@Target(value = {METHOD}) -public @interface IgnoreOnSerialization { -} diff --git a/src/org/traccar/http/JsonConverter.java b/src/org/traccar/http/JsonConverter.java index eb672da8d..d658ef7d6 100644 --- a/src/org/traccar/http/JsonConverter.java +++ b/src/org/traccar/http/JsonConverter.java @@ -31,7 +31,6 @@ import javax.json.JsonObject; import javax.json.JsonObjectBuilder; import javax.json.JsonValue; -import org.traccar.helper.IgnoreOnSerialization; import org.traccar.model.Factory; public class JsonConverter { @@ -106,7 +105,7 @@ public class JsonConverter { Method[] methods = object.getClass().getMethods(); for (Method method : methods) { - if(method.isAnnotationPresent(IgnoreOnSerialization.class)) { + if(method.isAnnotationPresent(JsonIgnore.class)) { continue; } if (method.getName().startsWith("get") && method.getParameterTypes().length == 0) { diff --git a/src/org/traccar/http/JsonIgnore.java b/src/org/traccar/http/JsonIgnore.java new file mode 100644 index 000000000..ad7791e0d --- /dev/null +++ b/src/org/traccar/http/JsonIgnore.java @@ -0,0 +1,12 @@ +package org.traccar.http; + +import java.lang.annotation.Retention; +import java.lang.annotation.RetentionPolicy; +import java.lang.annotation.Target; + +import static java.lang.annotation.ElementType.METHOD; + +@Retention(RetentionPolicy.RUNTIME) +@Target(value = {METHOD}) +public @interface JsonIgnore { +} diff --git a/src/org/traccar/model/User.java b/src/org/traccar/model/User.java index bcb03804c..dccb4851e 100644 --- a/src/org/traccar/model/User.java +++ b/src/org/traccar/model/User.java @@ -1,5 +1,5 @@ /* - * Copyright 2013 Anton Tananaev (anton.tananaev@gmail.com) + * Copyright 2013 - 2015 Anton Tananaev (anton.tananaev@gmail.com) * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -16,7 +16,7 @@ package org.traccar.model; import org.traccar.helper.Hashing; -import org.traccar.helper.IgnoreOnSerialization; +import org.traccar.http.JsonIgnore; public class User implements Factory { @@ -37,15 +37,6 @@ public class User implements Factory { public String getEmail() { return email; } public void setEmail(String email) { this.email = email; } - private String hashedPassword; - @IgnoreOnSerialization - public String getHashedPassword() { return hashedPassword; } - public void setHashedPassword(String hashedPassword) { this.hashedPassword = hashedPassword; } - - private String salt; - @IgnoreOnSerialization - public String getSalt() { return salt; } - public void setSalt(String salt) { this.salt = salt; } private boolean readonly; private boolean admin; @@ -70,19 +61,25 @@ public class User implements Factory { public String getPassword() { return password; } public void setPassword(String password) { this.password = password; - if(this.password != null && !this.password.trim().equals("")) { - this.hashPassword(password); + if (password != null && !password.isEmpty()) { + Hashing.HashingResult hashingResult = Hashing.createHash(password); + hashedPassword = hashingResult.hash; + salt = hashingResult.salt; } } - public boolean isPasswordValid(String inputPassword) { - return Hashing.validatePassword(inputPassword, this.hashedPassword, this.salt); - } - - public void hashPassword(String password) { - Hashing.HashingResult hashingResult = Hashing.createHash(password); - this.hashedPassword = hashingResult.hash; - this.salt = hashingResult.salt; + private String hashedPassword; + @JsonIgnore + public String getHashedPassword() { return hashedPassword; } + public void setHashedPassword(String hashedPassword) { this.hashedPassword = hashedPassword; } + + private String salt; + @JsonIgnore + public String getSalt() { return salt; } + public void setSalt(String salt) { this.salt = salt; } + + public boolean isPasswordValid(String password) { + return Hashing.validatePassword(password, hashedPassword, salt); } } -- cgit v1.2.3