Java Code Examples for org.mindrot.jbcrypt.BCrypt#checkpw()

The following examples show how to use org.mindrot.jbcrypt.BCrypt#checkpw() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: AuthController.java    From tutorials with MIT License 6 votes vote down vote up
@Post("/login")
public void login(HttpServletRequest request) {

    String password = request.getParameter("user.password");
    String email = request.getParameter("user.email");

    if(email.isEmpty() || password.isEmpty()) {
      result.include("error", "Email/Password is Required!");
      result.redirectTo(AuthController.class).loginForm();
    }

    User user = userDao.findByEmail(email);
    if(user != null && BCrypt.checkpw(password, user.getPassword())) {
      userInfo.setUser(user);
      result.include("status", "Login Successful!");
      result.redirectTo(IndexController.class).index();
    } else {
        result.include("error", "Email/Password Does Not Match!");
        result.redirectTo(AuthController.class).loginForm();
    }
}
 
Example 2
Source File: UserService.java    From Web-API with MIT License 6 votes vote down vote up
public Optional<UserPermissionStruct> getUser(String username, String password) {
    if (username == null || password == null || !users.containsKey(username)) {
        return Optional.empty();
    }

    try {
        UserPermissionStruct perm = users.get(username);
        if (!BCrypt.checkpw(password, perm.getPassword())) {
            return Optional.empty();
        }

        return Optional.of(perm);
    } catch (IllegalArgumentException ignored) {
        return Optional.empty();
    }
}
 
Example 3
Source File: Utils.java    From para with Apache License 2.0 5 votes vote down vote up
/**
 * Checks if a hash matches a string.
 *
 * @param plain plain text string
 * @param storedHash hashed string
 * @return true if the hash matches
 */
public static boolean bcryptMatches(String plain, String storedHash) {
	if (StringUtils.isBlank(plain) || StringUtils.isBlank(storedHash)) {
		return false;
	}
	try {
		return BCrypt.checkpw(plain, storedHash);
	} catch (Exception e) {
		return false;
	}
}
 
Example 4
Source File: AppCrypto.java    From actframework with Apache License 2.0 5 votes vote down vote up
/**
 * Verify a password against given hash.
 *
 * Note this method uses {@link act.conf.AppConfigKey#SECRET confiured application secret}
 *
 * @param password the password to be verified.
 * @param hash the hash used to verify the password
 * @return `true` if the password can be verified with the given hash, or `false` otherwise.
 */
public boolean verifyPassword(String password, String hash) {
    if (null == password) {
        return false;
    }
    try {
        return BCrypt.checkpw(password, hash);
    } catch (Exception e) {
        return false;
    }
}
 
Example 5
Source File: PasswordEncoder.java    From jersey-jwt with MIT License 5 votes vote down vote up
/**
 * Checks a password against a stored hash using BCrypt.
 *
 * @param plainTextPassword
 * @param hashedPassword
 * @return
 */
public boolean checkPassword(String plainTextPassword, String hashedPassword) {

    if (null == hashedPassword || !hashedPassword.startsWith("$2a$")) {
        throw new RuntimeException("Hashed password is invalid");
    }

    return BCrypt.checkpw(plainTextPassword, hashedPassword);
}
 
Example 6
Source File: LoginClient.java    From luna with MIT License 5 votes vote down vote up
/**
 * Determines what the login response should be once the player's data is loaded.
 *
 * @param data The loaded data.
 * @param enteredPassword The entered password.
 */
public LoginResponse getLoginResponse(PlayerData data, String enteredPassword) {
    if (data == null) {
        return LoginResponse.NORMAL;
    } else if (!BCrypt.checkpw(enteredPassword, data.password)) {
        return LoginResponse.INVALID_CREDENTIALS;
    } else if (data.isBanned()) {
        return LoginResponse.ACCOUNT_BANNED;
    } else {
        return LoginResponse.NORMAL;
    }
}
 
Example 7
Source File: UpdatableBCrypt.java    From StubbornJava with MIT License 5 votes vote down vote up
public boolean verifyAndUpdateHash(String password, String hash, Function<String, Boolean> updateFunc) {
    if (BCrypt.checkpw(password, hash)) {
        int rounds = getRounds(hash);
        // It might be smart to only allow increasing the rounds.
        // If someone makes a mistake the ability to undo it would be nice though.
        if (rounds != logRounds) {
            log.debug("Updating password from {} rounds to {}", rounds, logRounds);
            String newHash = hash(password);
            return updateFunc.apply(newHash);
        }
        return true;
    }
    return false;
}
 
Example 8
Source File: UpdatableBCrypt.java    From StubbornJava with MIT License 4 votes vote down vote up
public boolean verifyHash(String password, String hash) {
    return BCrypt.checkpw(password, hash);
}
 
Example 9
Source File: PasswordUtil.java    From minitwit with MIT License 4 votes vote down vote up
public static boolean verifyPassword(String pwd, String hash) {
	boolean b = BCrypt.checkpw(pwd, hash);
	
	return b;
}
 
Example 10
Source File: CredentialManager.java    From cineast with MIT License 4 votes vote down vote up
boolean checkPassword(String password){
  if(password == null){
    return false;
  }
  return BCrypt.checkpw(password, this.passwordHash);
}
 
Example 11
Source File: EncryptedBeanUser.java    From drftpd with GNU General Public License v2.0 4 votes vote down vote up
@Override
public boolean checkPassword(String password) {
    String storedPassword = this.getPassword();
    String encryptedPassword;
    boolean result = false;
    password = password.trim();

    switch (getEncryption()) {
        case 1:
            encryptedPassword = Encrypt(password, "MD2");
            if (encryptedPassword != null && encryptedPassword.equals(storedPassword)) result = true;
            break;
        case 2:
            encryptedPassword = Encrypt(password, "MD5");
            if (encryptedPassword != null && encryptedPassword.equals(storedPassword)) result = true;
            break;
        case 3:
            encryptedPassword = Encrypt(password, "SHA-1");
            if (encryptedPassword != null && encryptedPassword.equals(storedPassword)) result = true;
            break;
        case 4:
            encryptedPassword = Encrypt(password, "SHA-256");
            if (encryptedPassword != null && encryptedPassword.equals(storedPassword)) result = true;
            break;
        case 5:
            encryptedPassword = Encrypt(password, "SHA-384");
            if (encryptedPassword != null && encryptedPassword.equals(storedPassword)) result = true;
            break;
        case 6:
            encryptedPassword = Encrypt(password, "SHA-512");
            if (encryptedPassword != null && encryptedPassword.equals(storedPassword)) result = true;
            break;
        case 7:
            if (BCrypt.checkpw(password, storedPassword)) result = true;
            break;
        default:
            if (password.equals(storedPassword)) result = true;
            break;
    }

    if (getEncryption() != _um.getPasscrypt()) {
        logger.debug("Converting Password To Current Encryption");
        setEncryption(0);
        this.setPassword(password);
        super.commit();
    }

    return result;
}
 
Example 12
Source File: PasswordService.java    From waltz with Apache License 2.0 4 votes vote down vote up
public boolean verifyPassword(String givenPassword, String hashedPassword) {
    return BCrypt.checkpw(givenPassword, hashedPassword);
}
 
Example 13
Source File: BCryptMatcher.java    From gocd-filebased-authentication-plugin with Apache License 2.0 4 votes vote down vote up
@Override
public boolean matches(String plainText, String hashed) {
    final String processedHash = hashed.replaceFirst("^\\$2y\\$", "\\$2a\\$").replaceFirst("^\\$2b\\$", "\\$2a\\$");
    return BCrypt.checkpw(plainText, processedHash);
}
 
Example 14
Source File: Player.java    From TakServer with GNU General Public License v2.0 4 votes vote down vote up
public boolean authenticate(String candidate) {
    return BCrypt.checkpw(candidate, password);
}
 
Example 15
Source File: BCryptPasswordHashProvider.java    From keycloak-bcrypt with Apache License 2.0 4 votes vote down vote up
@Override
public boolean verify(String rawPassword, PasswordCredentialModel credential) {
    return BCrypt.checkpw(rawPassword, credential.getPasswordSecretData().getValue());
}
 
Example 16
Source File: StringEncoding.java    From hugegraph with Apache License 2.0 4 votes vote down vote up
public static boolean checkPassword(String candidatePassword,
                                    String dbPassword) {
    return BCrypt.checkpw(candidatePassword, dbPassword);
}
 
Example 17
Source File: CodecUtils.java    From mangooio with Apache License 2.0 3 votes vote down vote up
/**
 * Checks a given data against a JBCrypted hash
 * 
 * @param data The cleartext data
 * @param hash The JBCrypt hashed value
 * @return True if it is a match, false otherwise
 */
public static boolean checkJBCrypt(String data, String hash) {
    Objects.requireNonNull(data, Required.DATA.toString());
    Objects.requireNonNull(hash, Required.HASH.toString());
    
    return BCrypt.checkpw(data, hash);
}
 
Example 18
Source File: AuthUtils.java    From rufus with MIT License 2 votes vote down vote up
/**
 * Verifies a stored hashed {@link User} password against a potential plaintext equivalent.
 *
 * @param password
 * @param hash
 * @return
 */
public static boolean isPassword(String password, String hash) {
    return hash != null && BCrypt.checkpw(password, hash);
}
 
Example 19
Source File: PasswordService.java    From Alpine with Apache License 2.0 2 votes vote down vote up
/**
 * Checks the validity of the asserted password against a ManagedUsers actual hashed password.
 *
 * @param assertedPassword the clear text password to check
 * @param user The ManagedUser to check the password of
 * @return true if assertedPassword matches the expected password of the ManangedUser, false if not
 * @since 1.0.0
 */
public static boolean matches(final char[] assertedPassword, final ManagedUser user) {
    final char[] prehash = createSha512Hash(assertedPassword);
    // Todo: remove String when Jbcrypt supports char[]
    return BCrypt.checkpw(new String(prehash), user.getPassword());
}
 
Example 20
Source File: HashedValue.java    From dropwizard-experiment with MIT License 2 votes vote down vote up
/**
 * Returns whether this is equal to the specified plaintext value.
 * @param plaintext The plaintext.
 */
public boolean equalsPlaintext(String plaintext) {
    return BCrypt.checkpw(plaintext, hashedValue);
}