scrypt password in create method instead and implement login

822d7134 · vehjelmtvedt · 556fb407 · 822d7134 · 822d7134 · 822d7134
Commit 822d7134 authored Nov 10, 2021 by vehjelmtvedt
--- a/production.db
+++ b/production.db
--- a/src/main/java/inf226/inchat/Account.java
+++ b/src/main/java/inf226/inchat/Account.java
@@ -17,20 +17,16 @@ public final class Account {
     */
    public final Stored<User> user;
    public final List<Pair<String,Stored<Channel>>> channels;
-    public final String password;
+    public final String hashedPassword;

-    // Scrypt parameters
-    private final int CPUCost = 16384;
-    private final int memCost = 8;
-    private final int parallelization = 1;
    
    public Account(final Stored<User> user,
                   final List<Pair<String,Stored<Channel>>> channels,
-                   final String password) {
+                   final String hashedPassword) {
        this.user = user;
        this.channels = channels;
        // Hash password with Scrypt
-        this.password = SCryptUtil.scrypt(password, CPUCost, memCost, parallelization);
+        this.hashedPassword = hashedPassword;
    }
    
    /**
@@ -41,7 +37,7 @@ public final class Account {
     **/
    public static Account create(final Stored<User> user,
                                 final String password) {
-        return new Account(user,List.empty(), password);
+        return new Account(user,List.empty(), SCryptUtil.scrypt(password, 16384, 8, 1));
    }
    
    /**
@@ -68,7 +64,8 @@ public final class Account {
     * @return true if password matches.
     */
    public boolean checkPassword(String password) {
-        return this.password.equals(password);
+        // Use scrypt to check if hashes match
+        return SCryptUtil.check(password, this.password);
    }
    
    

--- a/src/main/java/inf226/inchat/AccountStorage.java
+++ b/src/main/java/inf226/inchat/AccountStorage.java
@@ -49,7 +49,7 @@ public final class AccountStorage
        statement.setObject(1, stored.identity);
        statement.setObject(2, stored.version);
        statement.setObject(3, account.user.identity);
-        statement.setString(4, account.password);
+        statement.setString(4, account.hashedPassword);

        statement.executeUpdate();
        

--- a/src/main/java/inf226/inchat/InChat.java
+++ b/src/main/java/inf226/inchat/InChat.java
@@ -90,7 +90,8 @@ public class InChat {
            final Stored<Session> session =
                sessionStore.save(new Session(account, Instant.now().plusSeconds(60*60*24)));
            // Check that password is not incorrect and not too long.
-            if (!(!account.value.password.equals(password) && !(password.length() > 1000))) {
+            // Use check method in Account
+            if (account.value.checkPassword(password)) {
                result.accept(session);
            }
        });