From 19f9c0d74c1becc6a2a3c0a6a102a35dedc9bc0a Mon Sep 17 00:00:00 2001 From: Jonathan Cobb Date: Tue, 21 Jan 2020 17:14:14 -0500 Subject: [PATCH] log, don't throw exceptions from HashedPassword.isCorrectPassword --- .../org/cobbzilla/wizard/model/HashedPassword.java | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/wizard-common/src/main/java/org/cobbzilla/wizard/model/HashedPassword.java b/wizard-common/src/main/java/org/cobbzilla/wizard/model/HashedPassword.java index 27981e0..a280302 100644 --- a/wizard-common/src/main/java/org/cobbzilla/wizard/model/HashedPassword.java +++ b/wizard-common/src/main/java/org/cobbzilla/wizard/model/HashedPassword.java @@ -4,6 +4,7 @@ import com.fasterxml.jackson.annotation.JsonIgnore; import lombok.Getter; import lombok.NoArgsConstructor; import lombok.Setter; +import lombok.extern.slf4j.Slf4j; import org.apache.commons.lang3.RandomStringUtils; import org.cobbzilla.util.security.bcrypt.BCrypt; import org.cobbzilla.util.security.bcrypt.BCryptUtil; @@ -20,7 +21,7 @@ import static org.cobbzilla.util.daemon.ZillaRuntime.*; import static org.cobbzilla.util.string.StringUtil.truncate; import static org.cobbzilla.wizard.model.BasicConstraintConstants.*; -@Embeddable @NoArgsConstructor +@Embeddable @NoArgsConstructor @Slf4j public class HashedPassword implements Serializable { public static final HashedPassword DISABLED = new HashedPassword(true, "disabled"); @@ -58,7 +59,12 @@ public class HashedPassword implements Serializable { @Transient public boolean isCorrectPassword (String password) { - return password != null && BCrypt.checkpw(password, hashedPassword); + try { + return password != null && BCrypt.checkpw(password, hashedPassword); + } catch (Exception e) { + log.warn("isCorrectPassword: "+shortError(e)); + return false; + } } public void setPassword(String password) { this.hashedPassword = BCryptUtil.hash(password); }