diff --git a/src/main/java/org/leolo/nrapi/Constants.java b/src/main/java/org/leolo/nrapi/Constants.java index bc57423..7c15b46 100644 --- a/src/main/java/org/leolo/nrapi/Constants.java +++ b/src/main/java/org/leolo/nrapi/Constants.java @@ -4,4 +4,6 @@ public class Constants { public static final String REQ_ATTR_USER_ID = "auth-result-user-id"; public static final String SESSION_ATTR_USER_ID = "auth-result-user-id"; + + public static final int BCRYPT_STRENGTH = 12; } diff --git a/src/main/java/org/leolo/nrapi/web/LoginAPI.java b/src/main/java/org/leolo/nrapi/web/LoginAPI.java index 8ee7a68..9f45b60 100644 --- a/src/main/java/org/leolo/nrapi/web/LoginAPI.java +++ b/src/main/java/org/leolo/nrapi/web/LoginAPI.java @@ -31,7 +31,7 @@ public class LoginAPI { ){ String reqIP = HttpReqRespUtils.getClientIpAddressIfServletRequestExist(); log.info("Login request from {}, username is {}, password length = {}", reqIP, userName, password.length()); - BCryptPasswordEncoder enc = new BCryptPasswordEncoder(); + BCryptPasswordEncoder enc = new BCryptPasswordEncoder(Constants.BCRYPT_STRENGTH); boolean result = false; try( Connection conn = DatabaseManager.getInstance().getConnection(); @@ -45,7 +45,10 @@ public class LoginAPI { if(enc.matches(password, passwordHash)){ //Login OK result = true; - if(enc.upgradeEncoding(passwordHash)){ + String tokens [] = passwordHash.split("\\$"); + if(enc.upgradeEncoding(passwordHash) || + (Integer.parseInt(tokens[2]){ try( @@ -55,6 +58,7 @@ public class LoginAPI { psUpd.setString(1, enc.encode(password)); psUpd.setString(2, userName); psUpd.executeUpdate(); + connection.commit(); }catch (SQLException e){ log.error(e.getMessage(), e); }