org.mindrot.jbcrypt.BCrypt Java Examples

The following examples show how to use org.mindrot.jbcrypt.BCrypt. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: TestEndpoint.java    From divide with Apache License 2.0 6 votes vote down vote up
@Produces(MediaType.APPLICATION_JSON)
    @GET
    @Path("/setup")
    public Response setup() throws Exception{
//        logger.info("setup");
//        Credentials user = TestUtils.getTestUser();
//        user = new ServerCredentials(user);
//        user.setPassword(BCrypt.hashpw(user.getPassword(), BCrypt.gensalt(10)));

        ServerCredentials toSave = new ServerCredentials(TestUtils.getTestUser());

//        String en = toSave.getPassword();
//        toSave.decryptPassword(keyManager.getPrivateKey()); //decrypt the password
//        String de = toSave.getPassword();
        String ha = BCrypt.hashpw(toSave.getPassword(), BCrypt.gensalt(10));
        toSave.setPassword(ha); //hash the password for storage
        toSave.setAuthToken(AuthTokenUtils.getNewToken(securityManager.getSymmetricKey(), toSave));
        toSave.setRecoveryToken(AuthTokenUtils.getNewToken(securityManager.getSymmetricKey(), toSave));
        toSave.setOwnerId(dao.count(Credentials.class.getName()) + 1);

        dao.save(toSave);
        return Response.ok().entity(toSave).build();
    }
 
Example #2
Source File: UsersServiceImplTest.java    From realworld-api-quarkus with MIT License 6 votes vote down vote up
@Test
public void givenValidNewUserData_thenReturnAnCreatedUserWithFilledTokenField() {

  String username = "user";
  String email = "user@email.com";
  String password = "user123";

  User createdUser = new User();
  createdUser.setId(1L);
  createdUser.setUsername(username);
  createdUser.setEmail(email);
  createdUser.setPassword(BCrypt.hashpw(password, BCrypt.gensalt()));
  createdUser.setToken(UUID.randomUUID().toString());

  when(userRepository.create(any(User.class))).thenReturn(createdUser);
  when(tokenProvider.createUserToken(createdUser.getId().toString())).thenReturn("token");

  User resultUser = usersService.create(username, email, password);

  Assertions.assertNotNull(resultUser.getUsername());
  Assertions.assertNotNull(resultUser.getEmail());
  Assertions.assertNotNull(resultUser.getPassword());
  Assertions.assertNotNull(resultUser.getToken());
}
 
Example #3
Source File: UserService.java    From Web-API with MIT License 6 votes vote down vote up
public Optional<UserPermissionStruct> getUser(String username, String password) {
    if (username == null || password == null || !users.containsKey(username)) {
        return Optional.empty();
    }

    try {
        UserPermissionStruct perm = users.get(username);
        if (!BCrypt.checkpw(password, perm.getPassword())) {
            return Optional.empty();
        }

        return Optional.of(perm);
    } catch (IllegalArgumentException ignored) {
        return Optional.empty();
    }
}
 
Example #4
Source File: AuthController.java    From tutorials with MIT License 6 votes vote down vote up
@Post("/login")
public void login(HttpServletRequest request) {

    String password = request.getParameter("user.password");
    String email = request.getParameter("user.email");

    if(email.isEmpty() || password.isEmpty()) {
      result.include("error", "Email/Password is Required!");
      result.redirectTo(AuthController.class).loginForm();
    }

    User user = userDao.findByEmail(email);
    if(user != null && BCrypt.checkpw(password, user.getPassword())) {
      userInfo.setUser(user);
      result.include("status", "Login Successful!");
      result.redirectTo(IndexController.class).index();
    } else {
        result.include("error", "Email/Password Does Not Match!");
        result.redirectTo(AuthController.class).loginForm();
    }
}
 
Example #5
Source File: SimpleAuthenticator.java    From tinkerpop with Apache License 2.0 6 votes vote down vote up
public AuthenticatedUser authenticate(final Map<String, String> credentials) throws AuthenticationException {
    final Vertex user;
    if (!credentials.containsKey(PROPERTY_USERNAME)) throw new IllegalArgumentException(String.format("Credentials must contain a %s", PROPERTY_USERNAME));
    if (!credentials.containsKey(PROPERTY_PASSWORD)) throw new IllegalArgumentException(String.format("Credentials must contain a %s", PROPERTY_PASSWORD));

    final String username = credentials.get(PROPERTY_USERNAME);
    final String password = credentials.get(PROPERTY_PASSWORD);
    final CredentialTraversal<Vertex,Vertex> t = credentialStore.users(username);
    if (!t.hasNext())
        throw new AuthenticationException("Username and/or password are incorrect");

    user = t.next();
    if (t.hasNext()) {
        logger.warn("There is more than one user with the username [{}] - usernames must be unique", username);
        throw new AuthenticationException("Username and/or password are incorrect");
    }

    final String hash = user.value(PROPERTY_PASSWORD);
    if (!BCrypt.checkpw(password, hash))
        throw new AuthenticationException("Username and/or password are incorrect");

    return new AuthenticatedUser(username);
}
 
Example #6
Source File: AuthServerLogic.java    From divide with Apache License 2.0 6 votes vote down vote up
public Credentials userSignUp(Credentials credentials) throws DAOException{
    if (getUserByEmail(dao,credentials.getEmailAddress())!=null){
        throw new DAOException(HttpStatus.SC_CONFLICT,"User Already Exists");
    }
    ServerCredentials toSave = new ServerCredentials(credentials);

    toSave.decryptPassword(keyManager.getPrivateKey()); //decrypt the password
    String de = toSave.getPassword();
    String ha = BCrypt.hashpw(de, BCrypt.gensalt(10));

    toSave.setOwnerId(dao.count(Credentials.class.getName()) + 1);
    toSave.setPassword(ha); //hash the password for storage
    toSave.setAuthToken(AuthTokenUtils.getNewToken(keyManager.getSymmetricKey(), toSave));
    toSave.setRecoveryToken(AuthTokenUtils.getNewToken(keyManager.getSymmetricKey(), toSave));

    dao.save(toSave);

    return toSave;
}
 
Example #7
Source File: AppCrypto.java    From actframework with Apache License 2.0 5 votes vote down vote up
/**
 * Verify a password against given hash.
 *
 * Note this method uses {@link act.conf.AppConfigKey#SECRET confiured application secret}
 *
 * @param password the password to be verified.
 * @param hash the hash used to verify the password
 * @return `true` if the password can be verified with the given hash, or `false` otherwise.
 */
public boolean verifyPassword(String password, String hash) {
    if (null == password) {
        return false;
    }
    try {
        return BCrypt.checkpw(password, hash);
    } catch (Exception e) {
        return false;
    }
}
 
Example #8
Source File: CredentialTraversalDsl.java    From tinkerpop with Apache License 2.0 5 votes vote down vote up
/**
 * Creates or updates a user.
 */
public default GraphTraversal<S, Vertex> user(final String username, final String password) {
    return has(VERTEX_LABEL_USER, PROPERTY_USERNAME, username).
           fold().
           coalesce(__.unfold(),
                    __.addV(VERTEX_LABEL_USER).property(PROPERTY_USERNAME, username)).
           property(PROPERTY_PASSWORD, BCrypt.hashpw(password, BCrypt.gensalt(CredentialTraversalDsl.BCRYPT_ROUNDS)));
}
 
Example #9
Source File: AppCrypto.java    From actframework with Apache License 2.0 5 votes vote down vote up
/**
 * Verify a password against given hash.
 *
 * Note this method uses {@link act.conf.AppConfigKey#SECRET confiured application secret}
 *
 * @param password the password to be verified.
 * @param hash the hash used to verify the password
 * @return `true` if the password can be verified with the given hash, or `false` otherwise.
 */
public boolean verifyPassword(char[] password, String hash) {
    if (null == password) {
        return false;
    }
    try {
        return BCrypt.checkpw(password, hash);
    } catch (Exception e) {
        return false;
    }
}
 
Example #10
Source File: UserUpdate.java    From elepy with Apache License 2.0 5 votes vote down vote up
@Override
public User handleUpdate(HttpContext context, ModelContext<User> modelContext, ObjectMapper objectMapper) throws Exception {
    Crud<User> crud = modelContext.getCrud();
    User loggedInUser = context.loggedInUserOrThrow();

    User userToUpdateBefore = crud.getById(context.recordId()).orElseThrow(() -> new ElepyException("No user found with this ID", 404));

    User userToUpdateAfter = updatedObjectFromRequest(userToUpdateBefore, context.request(), objectMapper, modelContext.getSchema());

    // You can only execute this if the updating user is yourself, or you can administrate users
    if (!userToUpdateAfter.equals(loggedInUser)) {
        context.requirePermissions("users.update");
    }
    checkPermissionIntegrity(loggedInUser, userToUpdateAfter, userToUpdateBefore);

    validateUpdate(context, modelContext, userToUpdateBefore, userToUpdateAfter);

    //If password is empty, use the old password
    if (userToUpdateAfter.getPassword().isEmpty()) {
        userToUpdateAfter.setPassword(userToUpdateBefore.getPassword());
    }

    //Encrypt password if changed
    if (!userToUpdateAfter.getPassword().equals(userToUpdateBefore.getPassword())) {
        userToUpdateAfter.setPassword(BCrypt.hashpw(userToUpdateAfter.getPassword(), BCrypt.gensalt()));
    }

    // Finalize update and respond
    crud.update(userToUpdateAfter);

    context.status(200);
    context.result(Message.of("The user has been updated", 200));
    return userToUpdateAfter;
}
 
Example #11
Source File: UserCenter.java    From elepy with Apache License 2.0 5 votes vote down vote up
public Optional<User> login(String usernameOrEmail, String password) {
    Optional<User> user = getUserByUsername(usernameOrEmail);

    if (user.isPresent() && BCrypt.checkpw(password, user.get().getPassword())) {
        return user;
    }

    return Optional.empty();
}
 
Example #12
Source File: BasicFunctionalityTest.java    From elepy with Apache License 2.0 5 votes vote down vote up
@Test
void can_Login_and_UpdateOwnPassword_AsSuperUser() throws JsonProcessingException, UnirestException {
    createInitialUsersViaHttp();

    final HttpResponse<String> authorizedFind = Unirest
            .patch(elepy + "/users" + "/admin@admin.com")
            .queryString("password", "newPassword")
            .basicAuth("admin@admin.com", "admin@admin.com")
            .asString();

    final var admin = userCrud.getById("admin@admin.com").orElseThrow();
    assertThat(authorizedFind.getStatus()).isEqualTo(200);
    assertThat(BCrypt.checkpw("newPassword", admin.getPassword()))
            .isTrue();
}
 
Example #13
Source File: Utils.java    From para with Apache License 2.0 5 votes vote down vote up
/**
 * Checks if a hash matches a string.
 *
 * @param plain plain text string
 * @param storedHash hashed string
 * @return true if the hash matches
 */
public static boolean bcryptMatches(String plain, String storedHash) {
	if (StringUtils.isBlank(plain) || StringUtils.isBlank(storedHash)) {
		return false;
	}
	try {
		return BCrypt.checkpw(plain, storedHash);
	} catch (Exception e) {
		return false;
	}
}
 
Example #14
Source File: UserUtils.java    From realworld-api-quarkus with MIT License 5 votes vote down vote up
public static User create(String username, String email, String userPassword) {
  User user = new User();
  user.setUsername(username);
  user.setEmail(email);
  user.setPassword(BCrypt.hashpw(userPassword, BCrypt.gensalt()));
  return user;
}
 
Example #15
Source File: PlayerPersistence.java    From luna with MIT License 5 votes vote down vote up
/**
 * Synchronously saves persistent data.
 *
 * @param username The username of the player to save.
 * @param data The data to save.
 */
public void save(String username, PlayerData data) throws Exception {
    if (data.needsHash) {
        data.password = BCrypt.hashpw(data.plainTextPassword, BCrypt.gensalt());
    }
    serializer.save(username, data);
}
 
Example #16
Source File: CredentialTraversalSourceDsl.java    From tinkerpop with Apache License 2.0 5 votes vote down vote up
/**
 * Creates or updates a user.
 */
public GraphTraversal<Vertex, Vertex> user(final String username, final String password) {
    return this.clone().V().
            has(VERTEX_LABEL_USER, PROPERTY_USERNAME, username).
            fold().
            coalesce(__.unfold(),
                     __.addV(VERTEX_LABEL_USER).property(PROPERTY_USERNAME, username)).
            property(PROPERTY_PASSWORD, BCrypt.hashpw(password, BCrypt.gensalt(CredentialTraversalDsl.BCRYPT_ROUNDS)));
}
 
Example #17
Source File: LoginClient.java    From luna with MIT License 5 votes vote down vote up
/**
 * Determines what the login response should be once the player's data is loaded.
 *
 * @param data The loaded data.
 * @param enteredPassword The entered password.
 */
public LoginResponse getLoginResponse(PlayerData data, String enteredPassword) {
    if (data == null) {
        return LoginResponse.NORMAL;
    } else if (!BCrypt.checkpw(enteredPassword, data.password)) {
        return LoginResponse.INVALID_CREDENTIALS;
    } else if (data.isBanned()) {
        return LoginResponse.ACCOUNT_BANNED;
    } else {
        return LoginResponse.NORMAL;
    }
}
 
Example #18
Source File: UserController.java    From javalin-website-example with Apache License 2.0 5 votes vote down vote up
public static boolean authenticate(String username, String password) {
    if (username == null || password == null) {
        return false;
    }
    User user = userDao.getUserByUsername(username);
    if (user == null) {
        return false;
    }
    String hashedPassword = BCrypt.hashpw(password, user.salt);
    return hashedPassword.equals(user.hashedPassword);
}
 
Example #19
Source File: UserController.java    From javalin-website-example with Apache License 2.0 5 votes vote down vote up
public static void setPassword(String username, String oldPassword, String newPassword) {
    if (authenticate(username, oldPassword)) {
        String newSalt = BCrypt.gensalt();
        String newHashedPassword = BCrypt.hashpw(newSalt, newPassword);
        // Update the user salt and password
    }
}
 
Example #20
Source File: PasswordEncoder.java    From jersey-jwt with MIT License 5 votes vote down vote up
/**
 * Checks a password against a stored hash using BCrypt.
 *
 * @param plainTextPassword
 * @param hashedPassword
 * @return
 */
public boolean checkPassword(String plainTextPassword, String hashedPassword) {

    if (null == hashedPassword || !hashedPassword.startsWith("$2a$")) {
        throw new RuntimeException("Hashed password is invalid");
    }

    return BCrypt.checkpw(plainTextPassword, hashedPassword);
}
 
Example #21
Source File: DataGenerator.java    From TeaStore with Apache License 2.0 5 votes vote down vote up
private void generateUsers(int users) {
	IntStream.range(0, users).parallel().forEach(i -> {
		User user = new User();
		user.setUserName("user" + i);
		user.setEmail("user" + i + "@teastore.com");
		user.setRealName(FIRSTNAMES[random.nextInt(FIRSTNAMES.length)]
				+ " " + LASTNAMES[random.nextInt(LASTNAMES.length)]);
		user.setPassword(BCrypt.hashpw(PASSWORD, BCrypt.gensalt(6)));
		UserRepository.REPOSITORY.createEntity(user);
	});
}
 
Example #22
Source File: CartTest.java    From TeaStore with Apache License 2.0 5 votes vote down vote up
private void mockUser1() {
  User u = new User();
  u.setEmail("asdas@asda.de");
  u.setRealName("asdas asdasd");
  u.setUserName("user1");
  u.setPassword(BCrypt.hashpw("password", BCrypt.gensalt()));
  u.setId(1231245125);
  mockValidGetRestCall(u, "/tools.descartes.teastore.persistence/rest/users/name/user1");
}
 
Example #23
Source File: LoginLogoutTest.java    From TeaStore with Apache License 2.0 5 votes vote down vote up
private void mockUser1() {
  User u = new User();
  u.setEmail("asdas@asda.de");
  u.setRealName("asdas asdasd");
  u.setUserName("user1");
  u.setPassword(BCrypt.hashpw("password", BCrypt.gensalt()));
  u.setId(1231245125);
  mockValidGetRestCall(u, "/tools.descartes.teastore.persistence/rest/users/name/user1");
}
 
Example #24
Source File: AuthController.java    From tutorials with MIT License 5 votes vote down vote up
@Post("/register")
public void register(User user, HttpServletRequest request) {

    validator.validate(user);

    if(validator.hasErrors()) {
        result.include("errors", validator.getErrors());
    }

    validator.onErrorRedirectTo(this).registrationForm();

    if(!user.getPassword()
         .equals(request.getParameter("password_confirmation"))) {
        result.include("error", "Passwords Do Not Match");
        result.redirectTo(this).registrationForm();
    }

    user.setPassword(
      BCrypt.hashpw(user.getPassword(), BCrypt.gensalt()));

    Object resp = userDao.add(user);

    if(resp != null) {
        result.include("status", "Registration Successful! Now Login");
        result.redirectTo(this).loginForm();
    } else {
        result.include("error", "There was an error during registration");
        result.redirectTo(this).registrationForm();
    }
}
 
Example #25
Source File: UpdatableBCrypt.java    From StubbornJava with MIT License 5 votes vote down vote up
public boolean verifyAndUpdateHash(String password, String hash, Function<String, Boolean> updateFunc) {
    if (BCrypt.checkpw(password, hash)) {
        int rounds = getRounds(hash);
        // It might be smart to only allow increasing the rounds.
        // If someone makes a mistake the ability to undo it would be nice though.
        if (rounds != logRounds) {
            log.debug("Updating password from {} rounds to {}", rounds, logRounds);
            String newHash = hash(password);
            return updateFunc.apply(newHash);
        }
        return true;
    }
    return false;
}
 
Example #26
Source File: UserDAOTest.java    From keywhiz with Apache License 2.0 5 votes vote down vote up
@Before public void setUp() {
  userDAO = new UserDAO(jooqContext);

  hashedPassword = BCrypt.hashpw("password", BCrypt.gensalt());

  jooqContext.insertInto(USERS, USERS.USERNAME, USERS.PASSWORD_HASH, USERS.CREATED_AT,
      USERS.UPDATED_AT)
      .values("user", hashedPassword, OffsetDateTime.now().toEpochSecond(),
          OffsetDateTime.now().toEpochSecond())
      .execute();
}
 
Example #27
Source File: BcryptAuthenticator.java    From keywhiz with Apache License 2.0 5 votes vote down vote up
/**
 * Constant-time password check
 * @param password a password to be checked
 * @param hash a hash which may match the output of hashPassword for this password
 * @return whether the password matches the hash
 */
private static boolean checkPassword(String password, Optional<String> hash) {
  // We want to check the password in constant time, to avoid leaking information about whether
  // a user is present in the database. In order to do this we pass a fake bcrypt hash into the
  // checkpw function so we do the work of checking a hash even if there was no user present
  // in the database. We return true iff there was a user/hash present *and* hash was valid.
  String fakeHash = hashPassword("");
  boolean valid = BCrypt.checkpw(password, hash.orElse(fakeHash));
  return hash.isPresent() && valid;
}
 
Example #28
Source File: UpdatableBCrypt.java    From StubbornJava with MIT License 5 votes vote down vote up
public boolean verifyAndUpdateHash(String password, String hash, Function<String, Boolean> updateFunc) {
    if (BCrypt.checkpw(password, hash)) {
        int rounds = getRounds(hash);
        // It might be smart to only allow increasing the rounds.
        // If someone makes a mistake the ability to undo it would be nice though.
        if (rounds != logRounds) {
            log.debug("Updating password from {} rounds to {}", rounds, logRounds);
            String newHash = hash(password);
            return updateFunc.apply(newHash);
        }
        return true;
    }
    return false;
}
 
Example #29
Source File: BCryptEncryptionModule.java    From cuba with Apache License 2.0 5 votes vote down vote up
@Override
public boolean checkPassword(User user, String rawPassword) {
    if (user.getPassword() == null) {
        return false;
    }
    return BCrypt.checkpw(rawPassword, user.getPassword());
}
 
Example #30
Source File: BCryptProvider.java    From gocd-filebased-authentication-plugin with Apache License 2.0 5 votes vote down vote up
@Override
public String hash(CliArguments arguments) {
    final String salt = BCrypt.gensalt(arguments.cost());

    final String hashedPasswd = BCrypt.hashpw(arguments.password(), salt);

    return format("{0}={1}", arguments.username(), hashedPasswd);
}