StephanRichter/Widerhall
1
0
Fork 0
Code Issues Pull Requests Actions Projects Releases Activity

implemented resetting passwords

Browse Source 
Signed-off-by: Stephan Richter <s.richter@srsoftware.de>
This commit is contained in:
Stephan Richter
2024-05-19 11:15:24 +00:00
parent 4dcde76a08
commit 3c864a12ed
13 changed files with 393 additions and 160 deletions
Download Patch File Download Diff File Expand all files Collapse all files

47
src/main/java/de/srsoftware/widerhall/data/User.java
View File

@@ -6,6 +6,7 @@ import java.security.InvalidKeyException;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.time.LocalDate;
import java.time.LocalDateTime;
import java.util.*;
import static de.srsoftware.widerhall.Constants.*;
@@ -20,10 +21,11 @@ public class User {
public static final int PERMISSION_ADMIN = 1;
public static final int PERMISSION_CREATE_LISTS = 2;
public static final String HASHED_PASS = "hashedPassword";
public static final String RESET_TOKEN = "resetToken";
public static final String SALT = "salt";
private static final HashMap<String,User> users = new HashMap<>();
private String email, salt, hashedPass, name;
private String email, salt, hashedPass, name, token;
private int permissions;
/**
@@ -34,11 +36,12 @@ public class User {
* @param hashedPass
* @param permissions
*/
public User(String email, String name, String salt, String hashedPass, int permissions) {
public User(String email, String name, String salt, String hashedPass, String token, int permissions) {
this.email = email.toLowerCase();
this.name = name;
this.salt = salt;
this.hashedPass = hashedPass;
this.token = token;
this.permissions = permissions;
}
@@ -81,6 +84,21 @@ public class User {
.run();
}
public static void addTokenColumn() throws SQLException {
String sql = "ALTER TABLE %s ADD COLUMN %s %s;".formatted(TABLE_NAME,RESET_TOKEN,VARCHAR);
Database.open().query(sql).compile().run();
}
public static User byToken(String token) throws SQLException {
if (token == null || token.isBlank()) return null;
var rs = Database.open().select(TABLE_NAME).where(RESET_TOKEN,token).compile().exec();
try {
if (rs.next()) return User.from(rs);
return null;
} finally {
rs.close();
}
}
/**
* Create a new user object by hashing it's password and storing user data, salt and hashed password to the db.
@@ -96,10 +114,10 @@ public class User {
String salt = null;
String hashedPass = null;
if (password != null) {
salt = Util.sha256(email + name + LocalDate.now());
salt = Util.sha256(email + LocalDateTime.now() + name);
hashedPass = Util.sha256(password + salt);
}
return new User(email,name,salt,hashedPass,0).save();
return new User(email,name,salt,hashedPass,null,0).save();
}
/**
@@ -115,7 +133,6 @@ public class User {
.append(PERMISSIONS).append(" ").append(INT).append(", ")
.append(SALT).append(" ").append(VARCHAR).append(", ")
.append(HASHED_PASS).append(" ").append(VARCHAR)
.append(");");
Database.open().query(sql).compile().run();
}
@@ -195,10 +212,16 @@ public class User {
rs.getString(NAME),
rs.getString(SALT),
rs.getString(HASHED_PASS),
rs.getString(RESET_TOKEN),
rs.getInt(PERMISSIONS)));
return user;
}
public String generateToken() throws SQLException {
token = Util.randomString(64);
Database.open().update(TABLE_NAME).set(RESET_TOKEN,token).where(EMAIL,this.email).compile().run();
return token;
}
/**
* Loads the user identified by it's email, but only if the provided password matches.
@@ -284,4 +307,18 @@ public class User {
req.compile().run();
return this;
}
public void setPassword(String newPassword) throws SQLException {
if (newPassword != null) {
String newSalt = Util.sha256(email + LocalDateTime.now() + name);
String newHashedPass = Util.sha256(newPassword + newSalt);
Database.open().update(TABLE_NAME).set(HASHED_PASS,newHashedPass).set(SALT,newSalt).where(EMAIL,email).compile().run();
hashedPass = newHashedPass;
salt = newSalt;
}
}
public String token() {
return token;
}
}