|
|
|
|
@ -31,7 +31,7 @@ public class LoginAPI {
|
|
|
|
|
){ |
|
|
|
|
String reqIP = HttpReqRespUtils.getClientIpAddressIfServletRequestExist(); |
|
|
|
|
log.info("Login request from {}, username is {}, password length = {}", reqIP, userName, password.length()); |
|
|
|
|
BCryptPasswordEncoder enc = new BCryptPasswordEncoder(); |
|
|
|
|
BCryptPasswordEncoder enc = new BCryptPasswordEncoder(Constants.BCRYPT_STRENGTH); |
|
|
|
|
boolean result = false; |
|
|
|
|
try( |
|
|
|
|
Connection conn = DatabaseManager.getInstance().getConnection(); |
|
|
|
|
@ -45,7 +45,10 @@ public class LoginAPI {
|
|
|
|
|
if(enc.matches(password, passwordHash)){ |
|
|
|
|
//Login OK
|
|
|
|
|
result = true; |
|
|
|
|
if(enc.upgradeEncoding(passwordHash)){ |
|
|
|
|
String tokens [] = passwordHash.split("\\$"); |
|
|
|
|
if(enc.upgradeEncoding(passwordHash) || |
|
|
|
|
(Integer.parseInt(tokens[2])<Constants.BCRYPT_STRENGTH) |
|
|
|
|
){ |
|
|
|
|
log.info("User {} have old version of hash. Update required.", userName); |
|
|
|
|
new Thread(()->{ |
|
|
|
|
try( |
|
|
|
|
@ -55,6 +58,7 @@ public class LoginAPI {
|
|
|
|
|
psUpd.setString(1, enc.encode(password)); |
|
|
|
|
psUpd.setString(2, userName); |
|
|
|
|
psUpd.executeUpdate(); |
|
|
|
|
connection.commit(); |
|
|
|
|
}catch (SQLException e){ |
|
|
|
|
log.error(e.getMessage(), e); |
|
|
|
|
} |
|
|
|
|
|
