Berufsschule
/
m183-tresor
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

added hashing to registering new user

This commit is contained in:
Lorenz Hohermuth 2025-05-15 20:41:53 +02:00
parent 3408f01598
commit 36363716c1
6 changed files with 199 additions and 134 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
183_12_1_tresorbackend_rupe-master/pom.xml
View File

@ -66,6 +66,28 @@
<artifactId>jasypt-spring-boot-starter</artifactId>
<version>3.0.5</version>
</dependency>
<!-- Bouncy Castle for secure hashing and random salt generation -->
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk18on</artifactId>
<version>1.76</version>
</dependency>
<!-- Spring Security for password encoding (bcrypt) -->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-crypto</artifactId>
<version>6.1.2</version>
</dependency>
<!-- Apache Commons Codec for encoding (like Base64) -->
<dependency>
<groupId>commons-codec</groupId>
<artifactId>commons-codec</artifactId>
<version>1.16.0</version>
</dependency>
</dependencies>
<build>

5
183_12_1_tresorbackend_rupe-master/src/main/java/ch/bbw/pr/tresorbackend/controller/UserController.java
View File

@ -81,12 +81,15 @@ public class UserController {
System.out.println("UserController.createUser, password validation passed");
//transform registerUser to user
String salt = PasswordEncryptionService.generateSalt();
User user = new User(
null,
registerUser.getFirstName(),
registerUser.getLastName(),
registerUser.getEmail(),
passwordService.hashPassword(registerUser.getPassword())
passwordService.hashPassword(registerUser.getPassword(), salt),
salt
);
User savedUser = userService.createUser(user);

3
183_12_1_tresorbackend_rupe-master/src/main/java/ch/bbw/pr/tresorbackend/model/User.java
View File

@ -32,4 +32,7 @@ public class User {
@Column(nullable = false)
private String password;
@Column(nullable = false)
private String salt;
}

24
183_12_1_tresorbackend_rupe-master/src/main/java/ch/bbw/pr/tresorbackend/service/PasswordEncryptionService.java
View File

@ -1,21 +1,37 @@
package ch.bbw.pr.tresorbackend.service;
import lombok.Value;
import org.bouncycastle.util.encoders.Hex;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.stereotype.Service;
import java.security.SecureRandom;
/**
* PasswordEncryptionService
*
* @author Peter Rutschmann
*/
@Service
public class PasswordEncryptionService {
//todo ergänzen!
public PasswordEncryptionService() {
//todo anpassen!
}
public String hashPassword(String password) {
//todo anpassen!
return password;
public static String generateSalt() {
byte[] salt = new byte[5];
new SecureRandom().nextBytes(salt);
return Hex.toHexString(salt);
}
public String hashPassword(String password, String salt) {
BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();
String pepper = new PepperService().getPepper();
return encoder.encode(pepper + password );
}
}
record PasswordBean(String hashedPassword, String Salt) {
}

19
183_12_1_tresorbackend_rupe-master/src/main/java/ch/bbw/pr/tresorbackend/service/PepperService.java Normal file
View File

@ -0,0 +1,19 @@
package ch.bbw.pr.tresorbackend.service;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;
@Component
public class PepperService {
@Value("${pepper}")
private String pepper;
public String getPepper() {
return pepper;
}
public void printPepper() {
System.out.println("Pepper value: " + pepper);
}
}

2
183_12_1_tresorbackend_rupe-master/src/main/resources/application.properties
View File

@ -9,3 +9,5 @@ spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.MySQLDialect
spring.jpa.hibernate.ddl-auto=update
CROSS_ORIGIN=http://localhost:3000
pepper=VfQqM