/**
  * Change the current password method
  *
  * @param oldPass the former user password
  * @param newPass the new user password
  * @return true if the password has change, false otherwise
  */
 public boolean setPassword(String oldPass, String newPass) {
   if (authenticate(oldPass)) {
     this.hashPSWD = BCrypt.hashpw(newPass, BCrypt.gensalt(11));
     return true;
   }
   return false;
 }
  @Test(expected = InvalidInputException.class)
  public void checkPasswordFalseTest() {

    String encryptedPW = BCrypt.hashpw("testPW", BCrypt.gensalt());
    userRepository.addUser(new User("testEmail", encryptedPW, "testUser", "testRole"));

    userRepository.checkPassword("testEmail", "testFalse");
  }
  @Test
  public void checkPasswordTrueTest() {

    String encryptedPW = BCrypt.hashpw("testPW", BCrypt.gensalt());
    userRepository.addUser(new User("testEmail", encryptedPW, "testUser", "testRole"));

    userRepository.checkPassword("testEmail", "testPW");
  }
 public static boolean authenticate(String username, String password) {
   if (username.isEmpty() || password.isEmpty()) {
     return false;
   }
   User user = userDao.getUserByUsername(username);
   if (user == null) {
     return false;
   }
   String hashedPassword = BCrypt.hashpw(password, user.getSalt());
   return hashedPassword.equals(user.getHashedPassword());
 }
  /**
   * Build a new end user instance
   *
   * @param id the end user unique identifier
   * @param pswd the end user password
   * @param lastName the end user last name
   * @param firstName the end user first name
   * @param role the end user role in the smart home
   */
  public AppsgateEndUser(String id, String pswd, String lastName, String firstName, String role) {
    super();

    this.instanciationService = Executors.newScheduledThreadPool(1);

    this.id = id;
    this.hashPSWD = BCrypt.hashpw(pswd, BCrypt.gensalt(11));
    this.lastName = lastName;
    this.firstName = firstName;
    this.role = role;
  }
 @Override
 @Transactional(propagation = Propagation.REQUIRED)
 public void resetPassword(User user, String guid) {
   // TODO Auto-generated method stub
   try {
     log.info("in reset password service method");
     String hashed = BCrypt.hashpw(user.getPassword(), BCrypt.gensalt(12));
     user.setPassword(hashed);
     userDao.update(user);
     userDao.removeGuid(guid);
     log.info("In resetPassword to update and delete guid");
   } catch (DataAccessException e) {
     log.error("in resetPassword ", e);
     throw e;
   }
 }
Beispiel #7
0
 public static String hashSecret(String secret) {
   return BCrypt.hashpw(secret, BCrypt.gensalt(BCRYPT_LOG_ROUNDS));
 }
  public static String generatePasswordHash(String userPassword) {

    return BCrypt.hashpw(userPassword, BCrypt.gensalt());
  }
Beispiel #9
0
  public void onStart(Application app) {

    Logger.info("Application started");
    String uploadPath = Configuration.getUploadPath();
    File file = new File(uploadPath);
    if (!file.exists()) {
      try {
        if (!file.mkdir()) {
          System.out.println(file.getAbsolutePath());
        }
        ;
      } catch (Exception e) {
        e.printStackTrace();
        System.out.println(
            "Error while creating directory for server files, please check 'uploadPath' value in application.conf file");
        System.exit(-1);
      }
    } else {
      if (!file.canRead() || !file.canWrite()) {
        System.out.println(
            "Error: Server have no read and write access to "
                + uploadPath
                + ", please check 'uploadPath' value in application.conf file");
        System.exit(-1);
      }
    }

    // Checking existence of main directory
    String usersFilesDir = Configuration.getUploadPath();
    File applicationDir = new File(usersFilesDir + "/users/");
    if (!applicationDir.exists()) {
      Boolean createAppDir = applicationDir.mkdir();
      if (!createAppDir) {
        Logger.warn("Error while creating users directory");
        System.exit(-1);
      } else {
        Logger.info("Users directory created");
      }
    }

    if (Configuration.isApplyNewLimits()) {
      for (Account account : Account.findAll()) {
        account.setNewLimits();
      }
    }

    if (Configuration.isCreateDefaultUsers()) {
      UserService userService = new UserService(app);
      try {
        Integer nDefault = Configuration.getnDefaultUsers();
        String nameDefault = Configuration.getNameDefaultUser();
        for (int i = 1; i <= nDefault; i++) {
          String username = nameDefault + Integer.toString(i);
          String email = username + "@vdjviz.com";
          LocalUser localUser = LocalUser.find.byId(email);
          if (localUser == null) {
            Option<PasswordHasher> bcrypt = Registry.hashers().get("bcrypt");
            SocialUser socialUser =
                new SocialUser(
                    new IdentityId(email, "userpass"),
                    username,
                    username,
                    String.format("%s %s", username, username),
                    Option.apply(email),
                    null,
                    AuthenticationMethod.UserPassword(),
                    null,
                    null,
                    Some.apply(
                        new PasswordInfo(
                            "bcrypt", BCrypt.hashpw(username, BCrypt.gensalt()), null)));
            userService.doSave(socialUser);
          }
        }
      } catch (RuntimeException e) {
        Logger.error("Error while creating default users");
        e.printStackTrace();
      }
    }

    // Deleting empty files
    for (Account account : Account.findAll()) {
      for (UserFile userFile : account.getUserfiles()) {
        File fileDir = new File(userFile.getDirectoryPath());
        if (!fileDir.exists() || !userFile.checkExist()) {
          UserFile.deleteFile(userFile);
          Logger.of("user." + account.getUserName())
              .warn(
                  "Deleted empty file "
                      + userFile.getFileName()
                      + " for user : "******"user." + account.getUserName())
                              .info("File " + userFile.getFileName() + " was deleted");
                        }
                      }
                    }
                  }
                }
              },
              Akka.system().dispatcher());
    }
  }
 public String hashPassword(String password, String salt) {
   return BCrypt.hashpw(password, salt);
 }
 /** default constructor it just initialize the password hash with empty string hash */
 public AppsgateEndUser() {
   this.hashPSWD = BCrypt.hashpw("", BCrypt.gensalt(11));
   this.instanciationService = Executors.newScheduledThreadPool(1);
 }
 @Override
 public String encode(String rawPassword) {
   return BCrypt.hashpw(rawPassword, BCrypt.gensalt(ROUNDS));
 }
Beispiel #13
0
 private String createPassword(String password) {
   return BCrypt.hashpw(password, BCrypt.gensalt());
 }
Beispiel #14
0
 public static String hashPwd(String password) {
   return BCrypt.hashpw(password, BCrypt.gensalt(12));
 }
Beispiel #15
0
 /** Hashes user password. */
 public void hashPass() {
   this.password = BCrypt.hashpw(this.password, BCrypt.gensalt());
 }
  private void performTask(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {

    // Map<String, String[]> parameterInfo = request.getParameterMap();
    String password = request.getParameter("senderpassword");
    String random = request.getParameter("random");

    System.err.println(password);
    System.err.println(random);

    // check if random is available in database
    try {
      Class.forName("com.mysql.jdbc.Driver");
    } catch (ClassNotFoundException e) {
      System.out.println(e);
    }

    try {
      Connection con =
          DriverManager.getConnection(
              "jdbc:mysql://localhost:3306/c9", Properties.username, Properties.password);

      String SQLfind = "SELECT userid from PasswordReset where random = ?";
      PreparedStatement statementFind = con.prepareStatement(SQLfind);
      statementFind.setString(1, random);
      ResultSet rsFind = statementFind.executeQuery();

      if (rsFind.next()) {
        System.err.println("found random");
        System.err.println(Integer.toString(rsFind.getInt("userid")));

        // update password
        String hashed = BCrypt.hashpw(password, BCrypt.gensalt());
        String SQL = "UPDATE Members SET pass=? where id=?";
        PreparedStatement statement = con.prepareStatement(SQL);
        statement.setString(1, hashed);
        statement.setInt(2, rsFind.getInt("userid"));
        statement.execute();

        // delete row in passwordreset table
        SQL = "DELETE FROM PasswordReset where random=?";
        statement = con.prepareStatement(SQL);
        statement.setString(1, random);
        statement.execute();

        // get the userid and set the session
        SQL = "SELECT email, first_name, last_name FROM Members where id=?";
        statement = con.prepareStatement(SQL);
        statement.setInt(1, rsFind.getInt("userid"));
        ResultSet rs = statement.executeQuery();

        if (rs.next()) {
          HttpSession session = request.getSession();
          session.setAttribute("userid", rs.getString("email"));
          session.setAttribute(
              "naam", rs.getString("first_name") + " " + rs.getString("last_name"));
        }

        response.sendRedirect("success.jsp");
        // request.getRequestDispatcher("/success.jsp").forward(request, response);
      } else {
        response.setStatus(500);
      }

    } catch (SQLException se) {
      System.err.println(se);
      response.setStatus(500);
    }
  }
Beispiel #17
0
 /**
  * Hash a password using the OpenBSD bcrypt scheme. This can be used to check if a plain-text
  * password matches the encrypted and stored password value for this user.
  *
  * @param password The plain-text password to be hashed
  * @return a String that is the hashed value of the password.
  */
 private String hashPassword(String password) {
   return Crypto.encryptAES(BCrypt.hashpw(password, salt));
 }
 public String encodePassword(String rawPass, Object _) throws DataAccessException {
     return BCrypt.hashpw(rawPass,BCrypt.gensalt());
 }