Skip to content
Snippets Groups Projects
Commit 67140b12 authored by Ramtin Forouzandehjoo Samavat's avatar Ramtin Forouzandehjoo Samavat
Browse files

Merge remote-tracking branch 'origin/master'

parents 5652ffe4 1413114f
Branches
No related tags found
No related merge requests found
Pipeline #202934 passed
package dao; package dao;
import data.User; import data.User;
import javassist.bytecode.ByteArray;
import java.nio.charset.StandardCharsets; import java.nio.charset.StandardCharsets;
import java.security.MessageDigest; import java.security.MessageDigest;
...@@ -184,7 +185,10 @@ public class UserDAO { ...@@ -184,7 +185,10 @@ public class UserDAO {
* @return a random salt * @return a random salt
*/ */
public byte[] generateSalt() { public byte[] generateSalt() {
return null; byte[] salt = new byte[16];
SecureRandom secureRandom = new SecureRandom();
secureRandom.nextBytes(salt);
return salt;
} }
/** /**
...@@ -194,8 +198,23 @@ public class UserDAO { ...@@ -194,8 +198,23 @@ public class UserDAO {
* @return hashedPassword, null if unsuccessful * @return hashedPassword, null if unsuccessful
*/ */
public String hashPassword(String password, byte[] salt) { public String hashPassword(String password, byte[] salt) {
try {
MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
messageDigest.update(salt);
byte[] bytes = messageDigest.digest(password.getBytes());
StringBuilder stringBuilder = new StringBuilder();
for(int i = 0; i < bytes.length; i++){
stringBuilder.append(Integer.toString((bytes[i] & 0xff) + 0x100,
16).substring(1));
}
return stringBuilder.toString();
}
catch (Exception e) {
return null; return null;
} }
}
/** /**
* Edits the users username or password * Edits the users username or password
......
...@@ -15,7 +15,7 @@ ...@@ -15,7 +15,7 @@
</div> </div>
<form class="main" id="loginForm" onsubmit="login(event)"> <form class="main" id="loginForm" onsubmit="login(event)">
<input class="loginInput" placeholder="Brukernavn..." id="username" required pattern="([\w]+)"> <input class="loginInput" placeholder="Brukernavn..." id="username" required pattern="([\w]+)">
<input class="loginInput" placeholder="Password..." id="password" required pattern="([\w]+)"> <input class="loginInput" placeholder="Password..." id="password" required pattern="([\w]+)" type="password">
<button class="loginBtn">Logg inn</button> <button class="loginBtn">Logg inn</button>
</form> </form>
</div> </div>
......
...@@ -16,6 +16,7 @@ function login(event){ ...@@ -16,6 +16,7 @@ function login(event){
event.preventDefault(); event.preventDefault();
let user = { let user = {
"username": document.getElementById('username').value, "username": document.getElementById('username').value,
"password": document.getElementById('password').value,
}; };
fetch('../api/user', { fetch('../api/user', {
......
...@@ -183,4 +183,29 @@ public class UserDAOTest { ...@@ -183,4 +183,29 @@ public class UserDAOTest {
assertEquals(expectedUsername,actualUsername); assertEquals(expectedUsername,actualUsername);
assertNotEquals(beforeNewUser,afterNewUser); assertNotEquals(beforeNewUser,afterNewUser);
} }
@Test
public void testGenerateSalt() {
byte[] salt1 = userDAO.generateSalt();
byte[] salt2 = userDAO.generateSalt();
assertNotEquals(salt1, salt2);
}
@Test
public void testHashPassword() {
String password1 = "Marco";
String password2 = "Polo";
byte[] salt1 = userDAO.generateSalt();
byte[] salt2 = userDAO.generateSalt();
String hash1 = userDAO.hashPassword(password1, salt1);
String hash2 = userDAO.hashPassword(password1, salt1);
String hash3 = userDAO.hashPassword(password1, salt2);
String hash4 = userDAO.hashPassword(password2, salt1);
assertEquals(hash1, hash2);
assertNotEquals(hash1, hash3);
assertNotEquals(hash1, hash4);
}
} }
\ No newline at end of file
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment