Add strong salted password hashing using PBKDF2
This commit is contained in:
@ -5,7 +5,9 @@ import static envoy.data.User.UserStatus.ONLINE;
|
||||
import static envoy.event.HandshakeRejection.*;
|
||||
|
||||
import java.time.LocalDateTime;
|
||||
import java.util.*;
|
||||
import java.util.Collections;
|
||||
import java.util.HashSet;
|
||||
import java.util.List;
|
||||
import java.util.logging.Logger;
|
||||
|
||||
import javax.persistence.NoResultException;
|
||||
@ -19,7 +21,8 @@ import envoy.server.data.PersistenceManager;
|
||||
import envoy.server.data.User;
|
||||
import envoy.server.net.ConnectionManager;
|
||||
import envoy.server.net.ObjectWriteProxy;
|
||||
import envoy.server.util.VersionUtils;
|
||||
import envoy.server.util.PasswordUtil;
|
||||
import envoy.server.util.VersionUtil;
|
||||
import envoy.util.Bounds;
|
||||
import envoy.util.EnvoyLog;
|
||||
|
||||
@ -47,7 +50,7 @@ public final class LoginCredentialProcessor implements ObjectProcessor<LoginCred
|
||||
// Cache this write proxy for user-independant notifications
|
||||
UserStatusChangeProcessor.setWriteProxy(writeProxy);
|
||||
|
||||
if (!VersionUtils.verifyCompatibility(credentials.getClientVersion())) {
|
||||
if (!VersionUtil.verifyCompatibility(credentials.getClientVersion())) {
|
||||
logger.info("The client has the wrong version.");
|
||||
writeProxy.write(socketID, new HandshakeRejection(WRONG_VERSION));
|
||||
return;
|
||||
@ -66,7 +69,7 @@ public final class LoginCredentialProcessor implements ObjectProcessor<LoginCred
|
||||
return;
|
||||
}
|
||||
// Evaluating the correctness of the password hash
|
||||
if (!Arrays.equals(credentials.getPasswordHash(), user.getPasswordHash())) {
|
||||
if (!PasswordUtil.validate(credentials.getPassword(), user.getPasswordHash())) {
|
||||
logger.info(user + " has entered the wrong password.");
|
||||
writeProxy.write(socketID, new HandshakeRejection(WRONG_PASSWORD_OR_USER));
|
||||
return;
|
||||
@ -97,7 +100,7 @@ public final class LoginCredentialProcessor implements ObjectProcessor<LoginCred
|
||||
user.setName(credentials.getIdentifier());
|
||||
user.setLastSeen(LocalDateTime.now());
|
||||
user.setStatus(ONLINE);
|
||||
user.setPasswordHash(credentials.getPasswordHash());
|
||||
user.setPasswordHash(PasswordUtil.hash(credentials.getPassword()));
|
||||
user.setContacts(new HashSet<>());
|
||||
persistenceManager.addContact(user);
|
||||
logger.info("Registered new " + user);
|
||||
|
Reference in New Issue
Block a user