From 47ff9a06335dfa35bde98270381db23deb7118ae Mon Sep 17 00:00:00 2001 From: LO Kam Tao Leo Date: Sun, 24 Jul 2022 09:08:53 +0100 Subject: [PATCH] Will also check is the strength enough --- src/main/java/org/leolo/nrapi/Constants.java | 2 ++ src/main/java/org/leolo/nrapi/web/LoginAPI.java | 8 ++++++-- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/src/main/java/org/leolo/nrapi/Constants.java b/src/main/java/org/leolo/nrapi/Constants.java index bc57423..7c15b46 100644 --- a/src/main/java/org/leolo/nrapi/Constants.java +++ b/src/main/java/org/leolo/nrapi/Constants.java @@ -4,4 +4,6 @@ public class Constants { public static final String REQ_ATTR_USER_ID = "auth-result-user-id"; public static final String SESSION_ATTR_USER_ID = "auth-result-user-id"; + + public static final int BCRYPT_STRENGTH = 12; } diff --git a/src/main/java/org/leolo/nrapi/web/LoginAPI.java b/src/main/java/org/leolo/nrapi/web/LoginAPI.java index 8ee7a68..9f45b60 100644 --- a/src/main/java/org/leolo/nrapi/web/LoginAPI.java +++ b/src/main/java/org/leolo/nrapi/web/LoginAPI.java @@ -31,7 +31,7 @@ public class LoginAPI { ){ String reqIP = HttpReqRespUtils.getClientIpAddressIfServletRequestExist(); log.info("Login request from {}, username is {}, password length = {}", reqIP, userName, password.length()); - BCryptPasswordEncoder enc = new BCryptPasswordEncoder(); + BCryptPasswordEncoder enc = new BCryptPasswordEncoder(Constants.BCRYPT_STRENGTH); boolean result = false; try( Connection conn = DatabaseManager.getInstance().getConnection(); @@ -45,7 +45,10 @@ public class LoginAPI { if(enc.matches(password, passwordHash)){ //Login OK result = true; - if(enc.upgradeEncoding(passwordHash)){ + String tokens [] = passwordHash.split("\\$"); + if(enc.upgradeEncoding(passwordHash) || + (Integer.parseInt(tokens[2]){ try( @@ -55,6 +58,7 @@ public class LoginAPI { psUpd.setString(1, enc.encode(password)); psUpd.setString(2, userName); psUpd.executeUpdate(); + connection.commit(); }catch (SQLException e){ log.error(e.getMessage(), e); }