added hashing to registering new user
This commit is contained in:
parent
3408f01598
commit
36363716c1
|
|
@ -66,6 +66,28 @@
|
||||||
<artifactId>jasypt-spring-boot-starter</artifactId>
|
<artifactId>jasypt-spring-boot-starter</artifactId>
|
||||||
<version>3.0.5</version>
|
<version>3.0.5</version>
|
||||||
</dependency>
|
</dependency>
|
||||||
|
|
||||||
|
<!-- Bouncy Castle for secure hashing and random salt generation -->
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.bouncycastle</groupId>
|
||||||
|
<artifactId>bcprov-jdk18on</artifactId>
|
||||||
|
<version>1.76</version>
|
||||||
|
</dependency>
|
||||||
|
|
||||||
|
<!-- Spring Security for password encoding (bcrypt) -->
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.springframework.security</groupId>
|
||||||
|
<artifactId>spring-security-crypto</artifactId>
|
||||||
|
<version>6.1.2</version>
|
||||||
|
</dependency>
|
||||||
|
|
||||||
|
<!-- Apache Commons Codec for encoding (like Base64) -->
|
||||||
|
<dependency>
|
||||||
|
<groupId>commons-codec</groupId>
|
||||||
|
<artifactId>commons-codec</artifactId>
|
||||||
|
<version>1.16.0</version>
|
||||||
|
</dependency>
|
||||||
|
|
||||||
</dependencies>
|
</dependencies>
|
||||||
|
|
||||||
<build>
|
<build>
|
||||||
|
|
|
||||||
|
|
@ -81,12 +81,15 @@ public class UserController {
|
||||||
System.out.println("UserController.createUser, password validation passed");
|
System.out.println("UserController.createUser, password validation passed");
|
||||||
|
|
||||||
//transform registerUser to user
|
//transform registerUser to user
|
||||||
|
String salt = PasswordEncryptionService.generateSalt();
|
||||||
|
|
||||||
User user = new User(
|
User user = new User(
|
||||||
null,
|
null,
|
||||||
registerUser.getFirstName(),
|
registerUser.getFirstName(),
|
||||||
registerUser.getLastName(),
|
registerUser.getLastName(),
|
||||||
registerUser.getEmail(),
|
registerUser.getEmail(),
|
||||||
passwordService.hashPassword(registerUser.getPassword())
|
passwordService.hashPassword(registerUser.getPassword(), salt),
|
||||||
|
salt
|
||||||
);
|
);
|
||||||
|
|
||||||
User savedUser = userService.createUser(user);
|
User savedUser = userService.createUser(user);
|
||||||
|
|
|
||||||
|
|
@ -32,4 +32,7 @@ public class User {
|
||||||
|
|
||||||
@Column(nullable = false)
|
@Column(nullable = false)
|
||||||
private String password;
|
private String password;
|
||||||
|
|
||||||
|
@Column(nullable = false)
|
||||||
|
private String salt;
|
||||||
}
|
}
|
||||||
|
|
@ -1,21 +1,37 @@
|
||||||
package ch.bbw.pr.tresorbackend.service;
|
package ch.bbw.pr.tresorbackend.service;
|
||||||
|
|
||||||
|
import lombok.Value;
|
||||||
|
import org.bouncycastle.util.encoders.Hex;
|
||||||
|
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
|
||||||
import org.springframework.stereotype.Service;
|
import org.springframework.stereotype.Service;
|
||||||
|
|
||||||
|
import java.security.SecureRandom;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* PasswordEncryptionService
|
* PasswordEncryptionService
|
||||||
|
*
|
||||||
* @author Peter Rutschmann
|
* @author Peter Rutschmann
|
||||||
*/
|
*/
|
||||||
@Service
|
@Service
|
||||||
public class PasswordEncryptionService {
|
public class PasswordEncryptionService {
|
||||||
//todo ergänzen!
|
|
||||||
|
|
||||||
public PasswordEncryptionService() {
|
public PasswordEncryptionService() {
|
||||||
//todo anpassen!
|
//todo anpassen!
|
||||||
}
|
}
|
||||||
|
|
||||||
public String hashPassword(String password) {
|
public static String generateSalt() {
|
||||||
//todo anpassen!
|
byte[] salt = new byte[5];
|
||||||
return password;
|
new SecureRandom().nextBytes(salt);
|
||||||
|
return Hex.toHexString(salt);
|
||||||
|
}
|
||||||
|
|
||||||
|
public String hashPassword(String password, String salt) {
|
||||||
|
BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();
|
||||||
|
String pepper = new PepperService().getPepper();
|
||||||
|
|
||||||
|
return encoder.encode(pepper + password );
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
record PasswordBean(String hashedPassword, String Salt) {
|
||||||
|
}
|
||||||
|
|
@ -0,0 +1,19 @@
|
||||||
|
package ch.bbw.pr.tresorbackend.service;
|
||||||
|
|
||||||
|
import org.springframework.beans.factory.annotation.Value;
|
||||||
|
import org.springframework.stereotype.Component;
|
||||||
|
|
||||||
|
@Component
|
||||||
|
public class PepperService {
|
||||||
|
|
||||||
|
@Value("${pepper}")
|
||||||
|
private String pepper;
|
||||||
|
|
||||||
|
public String getPepper() {
|
||||||
|
return pepper;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void printPepper() {
|
||||||
|
System.out.println("Pepper value: " + pepper);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
@ -9,3 +9,5 @@ spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.MySQLDialect
|
||||||
spring.jpa.hibernate.ddl-auto=update
|
spring.jpa.hibernate.ddl-auto=update
|
||||||
|
|
||||||
CROSS_ORIGIN=http://localhost:3000
|
CROSS_ORIGIN=http://localhost:3000
|
||||||
|
|
||||||
|
pepper=VfQqM
|
||||||
Loading…
Reference in New Issue