Merge pull request #30 from informatik-ag-ngl/f/password_in_login_credentials

Store password instead of password hash in LoginCredentials
2020-07-11 07:14:12 +00:00 · 2020-07-11 07:14:12 +00:00 · f12cc25b43
commit f12cc25b43
parent 6f1ecd21f2 267ed6726e
1 changed files with 15 additions and 42 deletions
--- a/src/main/java/envoy/data/LoginCredentials.java
+++ b/src/main/java/envoy/data/LoginCredentials.java
@ -1,13 +1,11 @@
 package envoy.data;
 import java.io.Serializable;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
 import java.util.Formatter;
 /**
- * Contains a {@link User}'s login information.<br>
+ * Contains a {@link User}'s login / registration information as well as the
- * <br>
+ * client version.
 * <p>
 * Project: <strong>envoy-common</strong><br>
 * File: <strong>LoginCredentials.java</strong><br>
 * Created: <strong>29.12.2019</strong><br>
@ -15,58 +13,33 @@ import java.util.Formatter;
 * @author Kai S. K. Engelbart
 * @since Envoy Common v0.2-alpha
 */
-public class LoginCredentials implements Serializable {
+public final class LoginCredentials implements Serializable {
-	private final String	identifier;
+	private final String	identifier, password, clientVersion;
 	private final byte[]	passwordHash;
 	private final boolean	registration;
 	private final String	clientVersion;
-	private static final long serialVersionUID = 1;
+	private static final long serialVersionUID = 2;
 	/**
-	 * Creates an instance of {@link LoginCredentials} for a new {@link User}.
+	 * Initializes login credentials for a handshake.
 	 *
 	 * @param identifier    the identifier of the user
-	 * @param password      the password of the user (will be converted to a hash)
+	 * @param password      the password of the user
 	 * @param registration  signifies that these credentials are used for user
 	 *                      registration instead of user login
 	 * @param clientVersion the version of the client sending these credentials
-	 * @since Envoy Common v0.2-alpha
+	 * @since Envoy Common v0.1-beta
 	 */
-	public LoginCredentials(String identifier, char[] password, boolean registration, String clientVersion) {
+	public LoginCredentials(String identifier, String password, boolean registration, String clientVersion) {
 		this.identifier		= identifier;
-		passwordHash		= getSha256(toByteArray(password));
+		this.password		= password;
 		this.registration	= registration;
 		this.clientVersion	= clientVersion;
 	}
 	private byte[] getSha256(byte[] input) {
 		try {
 			return MessageDigest.getInstance("SHA-256").digest(input);
 		} catch (NoSuchAlgorithmException e) {
 			// This will never happen
 			throw new RuntimeException(e);
 		}
 	}
 	private byte[] toByteArray(char[] chars) {
 		byte[] bytes = new byte[chars.length * 2];
 		for (int i = 0; i < chars.length; ++i) {
 			bytes[i * 2]		= (byte) (chars[i] >> 8);
 			bytes[i * 2 + 1]	= (byte) (chars[i]);
 		}
 		return bytes;
 	}
 	@Override
 	public String toString() {
-		try (Formatter form = new Formatter()) {
+		return String.format("LoginCredentials[identifier=%s,registration=%b,clientVersion=%s]", identifier, registration, clientVersion);
 			form.format("LoginCredentials[identifier=%s,passwordHash=", identifier);
 			for (int i = 0; i < 3; i++)
 				form.format("%02x", passwordHash[i]);
 			return form.format(",registration=%b]", registration).toString();
 		}
 	}
 	/**
@ -76,10 +49,10 @@ public class LoginCredentials implements Serializable {
 	public String getIdentifier() { return identifier; }
 	/**
-	 * @return the password hash of the user performing the login
+	 * @return the password of the user performing the login
-	 * @since Envoy Common v0.2-alpha
+	 * @since Envoy Common v0.1-beta
 	 */
-	public byte[] getPasswordHash() { return passwordHash; }
+	public String getPassword() { return password; }
 	/**
 	 * @return {@code true} if these credentials are used for user registration