Store password instead of password hash in LoginCredentials
This commit is contained in:
parent
6f1ecd21f2
commit
267ed6726e
@ -1,13 +1,11 @@
|
||||
package envoy.data;
|
||||
|
||||
import java.io.Serializable;
|
||||
import java.security.MessageDigest;
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
import java.util.Formatter;
|
||||
|
||||
/**
|
||||
* Contains a {@link User}'s login information.<br>
|
||||
* <br>
|
||||
* Contains a {@link User}'s login / registration information as well as the
|
||||
* client version.
|
||||
* <p>
|
||||
* Project: <strong>envoy-common</strong><br>
|
||||
* File: <strong>LoginCredentials.java</strong><br>
|
||||
* Created: <strong>29.12.2019</strong><br>
|
||||
@ -15,58 +13,33 @@ import java.util.Formatter;
|
||||
* @author Kai S. K. Engelbart
|
||||
* @since Envoy Common v0.2-alpha
|
||||
*/
|
||||
public class LoginCredentials implements Serializable {
|
||||
public final class LoginCredentials implements Serializable {
|
||||
|
||||
private final String identifier;
|
||||
private final byte[] passwordHash;
|
||||
private final String identifier, password, clientVersion;
|
||||
private final boolean registration;
|
||||
private final String clientVersion;
|
||||
|
||||
private static final long serialVersionUID = 1;
|
||||
private static final long serialVersionUID = 2;
|
||||
|
||||
/**
|
||||
* Creates an instance of {@link LoginCredentials} for a new {@link User}.
|
||||
* Initializes login credentials for a handshake.
|
||||
*
|
||||
* @param identifier the identifier of the user
|
||||
* @param password the password of the user (will be converted to a hash)
|
||||
* @param password the password of the user
|
||||
* @param registration signifies that these credentials are used for user
|
||||
* registration instead of user login
|
||||
* @param clientVersion the version of the client sending these credentials
|
||||
* @since Envoy Common v0.2-alpha
|
||||
* @since Envoy Common v0.1-beta
|
||||
*/
|
||||
public LoginCredentials(String identifier, char[] password, boolean registration, String clientVersion) {
|
||||
public LoginCredentials(String identifier, String password, boolean registration, String clientVersion) {
|
||||
this.identifier = identifier;
|
||||
passwordHash = getSha256(toByteArray(password));
|
||||
this.password = password;
|
||||
this.registration = registration;
|
||||
this.clientVersion = clientVersion;
|
||||
}
|
||||
|
||||
private byte[] getSha256(byte[] input) {
|
||||
try {
|
||||
return MessageDigest.getInstance("SHA-256").digest(input);
|
||||
} catch (NoSuchAlgorithmException e) {
|
||||
// This will never happen
|
||||
throw new RuntimeException(e);
|
||||
}
|
||||
}
|
||||
|
||||
private byte[] toByteArray(char[] chars) {
|
||||
byte[] bytes = new byte[chars.length * 2];
|
||||
for (int i = 0; i < chars.length; ++i) {
|
||||
bytes[i * 2] = (byte) (chars[i] >> 8);
|
||||
bytes[i * 2 + 1] = (byte) (chars[i]);
|
||||
}
|
||||
return bytes;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String toString() {
|
||||
try (Formatter form = new Formatter()) {
|
||||
form.format("LoginCredentials[identifier=%s,passwordHash=", identifier);
|
||||
for (int i = 0; i < 3; i++)
|
||||
form.format("%02x", passwordHash[i]);
|
||||
return form.format(",registration=%b]", registration).toString();
|
||||
}
|
||||
return String.format("LoginCredentials[identifier=%s,registration=%b,clientVersion=%s]", identifier, registration, clientVersion);
|
||||
}
|
||||
|
||||
/**
|
||||
@ -76,10 +49,10 @@ public class LoginCredentials implements Serializable {
|
||||
public String getIdentifier() { return identifier; }
|
||||
|
||||
/**
|
||||
* @return the password hash of the user performing the login
|
||||
* @since Envoy Common v0.2-alpha
|
||||
* @return the password of the user performing the login
|
||||
* @since Envoy Common v0.1-beta
|
||||
*/
|
||||
public byte[] getPasswordHash() { return passwordHash; }
|
||||
public String getPassword() { return password; }
|
||||
|
||||
/**
|
||||
* @return {@code true} if these credentials are used for user registration
|
||||
|
Reference in New Issue
Block a user