/**
* Change the current password method
*
* @param oldPass the former user password
* @param newPass the new user password
* @return true if the password has change, false otherwise
*/
public boolean setPassword(String oldPass, String newPass) {
if (authenticate(oldPass)) {
this.hashPSWD = BCrypt.hashpw(newPass, BCrypt.gensalt(11));
return true;
}
return false;
}
@Test(expected = InvalidInputException.class)
public void checkPasswordFalseTest() {
String encryptedPW = BCrypt.hashpw("testPW", BCrypt.gensalt());
userRepository.addUser(new User("testEmail", encryptedPW, "testUser", "testRole"));
userRepository.checkPassword("testEmail", "testFalse");
}
@Test
public void checkPasswordTrueTest() {
String encryptedPW = BCrypt.hashpw("testPW", BCrypt.gensalt());
userRepository.addUser(new User("testEmail", encryptedPW, "testUser", "testRole"));
userRepository.checkPassword("testEmail", "testPW");
}
public static boolean authenticate(String username, String password) {
if (username.isEmpty() || password.isEmpty()) {
return false;
}
User user = userDao.getUserByUsername(username);
if (user == null) {
return false;
}
String hashedPassword = BCrypt.hashpw(password, user.getSalt());
return hashedPassword.equals(user.getHashedPassword());
}
/**
* Build a new end user instance
*
* @param id the end user unique identifier
* @param pswd the end user password
* @param lastName the end user last name
* @param firstName the end user first name
* @param role the end user role in the smart home
*/
public AppsgateEndUser(String id, String pswd, String lastName, String firstName, String role) {
super();
this.instanciationService = Executors.newScheduledThreadPool(1);
this.id = id;
this.hashPSWD = BCrypt.hashpw(pswd, BCrypt.gensalt(11));
this.lastName = lastName;
this.firstName = firstName;
this.role = role;
}
@Override
@Transactional(propagation = Propagation.REQUIRED)
public void resetPassword(User user, String guid) {
// TODO Auto-generated method stub
try {
log.info("in reset password service method");
String hashed = BCrypt.hashpw(user.getPassword(), BCrypt.gensalt(12));
user.setPassword(hashed);
userDao.update(user);
userDao.removeGuid(guid);
log.info("In resetPassword to update and delete guid");
} catch (DataAccessException e) {
log.error("in resetPassword ", e);
throw e;
}
}
public static String hashSecret(String secret) {
return BCrypt.hashpw(secret, BCrypt.gensalt(BCRYPT_LOG_ROUNDS));
}
public static String generatePasswordHash(String userPassword) {
return BCrypt.hashpw(userPassword, BCrypt.gensalt());
}
public void onStart(Application app) {
Logger.info("Application started");
String uploadPath = Configuration.getUploadPath();
File file = new File(uploadPath);
if (!file.exists()) {
try {
if (!file.mkdir()) {
System.out.println(file.getAbsolutePath());
}
;
} catch (Exception e) {
e.printStackTrace();
System.out.println(
"Error while creating directory for server files, please check 'uploadPath' value in application.conf file");
System.exit(-1);
}
} else {
if (!file.canRead() || !file.canWrite()) {
System.out.println(
"Error: Server have no read and write access to "
+ uploadPath
+ ", please check 'uploadPath' value in application.conf file");
System.exit(-1);
}
}
// Checking existence of main directory
String usersFilesDir = Configuration.getUploadPath();
File applicationDir = new File(usersFilesDir + "/users/");
if (!applicationDir.exists()) {
Boolean createAppDir = applicationDir.mkdir();
if (!createAppDir) {
Logger.warn("Error while creating users directory");
System.exit(-1);
} else {
Logger.info("Users directory created");
}
}
if (Configuration.isApplyNewLimits()) {
for (Account account : Account.findAll()) {
account.setNewLimits();
}
}
if (Configuration.isCreateDefaultUsers()) {
UserService userService = new UserService(app);
try {
Integer nDefault = Configuration.getnDefaultUsers();
String nameDefault = Configuration.getNameDefaultUser();
for (int i = 1; i <= nDefault; i++) {
String username = nameDefault + Integer.toString(i);
String email = username + "@vdjviz.com";
LocalUser localUser = LocalUser.find.byId(email);
if (localUser == null) {
Option<PasswordHasher> bcrypt = Registry.hashers().get("bcrypt");
SocialUser socialUser =
new SocialUser(
new IdentityId(email, "userpass"),
username,
username,
String.format("%s %s", username, username),
Option.apply(email),
null,
AuthenticationMethod.UserPassword(),
null,
null,
Some.apply(
new PasswordInfo(
"bcrypt", BCrypt.hashpw(username, BCrypt.gensalt()), null)));
userService.doSave(socialUser);
}
}
} catch (RuntimeException e) {
Logger.error("Error while creating default users");
e.printStackTrace();
}
}
// Deleting empty files
for (Account account : Account.findAll()) {
for (UserFile userFile : account.getUserfiles()) {
File fileDir = new File(userFile.getDirectoryPath());
if (!fileDir.exists() || !userFile.checkExist()) {
UserFile.deleteFile(userFile);
Logger.of("user." + account.getUserName())
.warn(
"Deleted empty file "
+ userFile.getFileName()
+ " for user : "******"user." + account.getUserName())
.info("File " + userFile.getFileName() + " was deleted");
}
}
}
}
}
},
Akka.system().dispatcher());
}
}
public String hashPassword(String password, String salt) {
return BCrypt.hashpw(password, salt);
}
/** default constructor it just initialize the password hash with empty string hash */
public AppsgateEndUser() {
this.hashPSWD = BCrypt.hashpw("", BCrypt.gensalt(11));
this.instanciationService = Executors.newScheduledThreadPool(1);
}
@Override
public String encode(String rawPassword) {
return BCrypt.hashpw(rawPassword, BCrypt.gensalt(ROUNDS));
}
private String createPassword(String password) {
return BCrypt.hashpw(password, BCrypt.gensalt());
}
public static String hashPwd(String password) {
return BCrypt.hashpw(password, BCrypt.gensalt(12));
}
/** Hashes user password. */
public void hashPass() {
this.password = BCrypt.hashpw(this.password, BCrypt.gensalt());
}
private void performTask(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
// Map<String, String[]> parameterInfo = request.getParameterMap();
String password = request.getParameter("senderpassword");
String random = request.getParameter("random");
System.err.println(password);
System.err.println(random);
// check if random is available in database
try {
Class.forName("com.mysql.jdbc.Driver");
} catch (ClassNotFoundException e) {
System.out.println(e);
}
try {
Connection con =
DriverManager.getConnection(
"jdbc:mysql://localhost:3306/c9", Properties.username, Properties.password);
String SQLfind = "SELECT userid from PasswordReset where random = ?";
PreparedStatement statementFind = con.prepareStatement(SQLfind);
statementFind.setString(1, random);
ResultSet rsFind = statementFind.executeQuery();
if (rsFind.next()) {
System.err.println("found random");
System.err.println(Integer.toString(rsFind.getInt("userid")));
// update password
String hashed = BCrypt.hashpw(password, BCrypt.gensalt());
String SQL = "UPDATE Members SET pass=? where id=?";
PreparedStatement statement = con.prepareStatement(SQL);
statement.setString(1, hashed);
statement.setInt(2, rsFind.getInt("userid"));
statement.execute();
// delete row in passwordreset table
SQL = "DELETE FROM PasswordReset where random=?";
statement = con.prepareStatement(SQL);
statement.setString(1, random);
statement.execute();
// get the userid and set the session
SQL = "SELECT email, first_name, last_name FROM Members where id=?";
statement = con.prepareStatement(SQL);
statement.setInt(1, rsFind.getInt("userid"));
ResultSet rs = statement.executeQuery();
if (rs.next()) {
HttpSession session = request.getSession();
session.setAttribute("userid", rs.getString("email"));
session.setAttribute(
"naam", rs.getString("first_name") + " " + rs.getString("last_name"));
}
response.sendRedirect("success.jsp");
// request.getRequestDispatcher("/success.jsp").forward(request, response);
} else {
response.setStatus(500);
}
} catch (SQLException se) {
System.err.println(se);
response.setStatus(500);
}
}
/**
* Hash a password using the OpenBSD bcrypt scheme. This can be used to check if a plain-text
* password matches the encrypted and stored password value for this user.
*
* @param password The plain-text password to be hashed
* @return a String that is the hashed value of the password.
*/
private String hashPassword(String password) {
return Crypto.encryptAES(BCrypt.hashpw(password, salt));
}
public String encodePassword(String rawPass, Object _) throws DataAccessException {
return BCrypt.hashpw(rawPass,BCrypt.gensalt());
}
