Commit 822d7134 authored by vehjelmtvedt's avatar vehjelmtvedt
Browse files

scrypt password in create method instead and implement login

parent 556fb407
No preview for this file type
......@@ -17,20 +17,16 @@ public final class Account {
*/
public final Stored<User> user;
public final List<Pair<String,Stored<Channel>>> channels;
public final String password;
public final String hashedPassword;
// Scrypt parameters
private final int CPUCost = 16384;
private final int memCost = 8;
private final int parallelization = 1;
public Account(final Stored<User> user,
final List<Pair<String,Stored<Channel>>> channels,
final String password) {
final String hashedPassword) {
this.user = user;
this.channels = channels;
// Hash password with Scrypt
this.password = SCryptUtil.scrypt(password, CPUCost, memCost, parallelization);
this.hashedPassword = hashedPassword;
}
/**
......@@ -41,7 +37,7 @@ public final class Account {
**/
public static Account create(final Stored<User> user,
final String password) {
return new Account(user,List.empty(), password);
return new Account(user,List.empty(), SCryptUtil.scrypt(password, 16384, 8, 1));
}
/**
......@@ -68,7 +64,8 @@ public final class Account {
* @return true if password matches.
*/
public boolean checkPassword(String password) {
return this.password.equals(password);
// Use scrypt to check if hashes match
return SCryptUtil.check(password, this.password);
}
......
......@@ -49,7 +49,7 @@ public final class AccountStorage
statement.setObject(1, stored.identity);
statement.setObject(2, stored.version);
statement.setObject(3, account.user.identity);
statement.setString(4, account.password);
statement.setString(4, account.hashedPassword);
statement.executeUpdate();
......
......@@ -90,7 +90,8 @@ public class InChat {
final Stored<Session> session =
sessionStore.save(new Session(account, Instant.now().plusSeconds(60*60*24)));
// Check that password is not incorrect and not too long.
if (!(!account.value.password.equals(password) && !(password.length() > 1000))) {
// Use check method in Account
if (account.value.checkPassword(password)) {
result.accept(session);
}
});
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment