bubblev
/
cobbzilla-wizard
6
0
Forka 0
Codice Problemi 0 Pull Requests 0 Rilasci 1 Wiki Attività
Sfoglia il codice sorgente

log, don't throw exceptions from HashedPassword.isCorrectPassword

tags/2.0.1
Jonathan Cobb 4 anni fa
parent
60acd20840
commit
19f9c0d74c
1 ha cambiato i file con 8 aggiunte e 2 eliminazioni
Visualizzazione unificata
Opzioni Diff
Mostra statistiche Scarica il file Patch Scarica il file Diff
  1. +8
    -2
      wizard-common/src/main/java/org/cobbzilla/wizard/model/HashedPassword.java

+ 8
- 2
wizard-common/src/main/java/org/cobbzilla/wizard/model/HashedPassword.java Vedi File

@@ -4,6 +4,7 @@ import com.fasterxml.jackson.annotation.JsonIgnore;
import lombok.Getter; import lombok.Getter;
import lombok.NoArgsConstructor; import lombok.NoArgsConstructor;
import lombok.Setter; import lombok.Setter;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang3.RandomStringUtils; import org.apache.commons.lang3.RandomStringUtils;
import org.cobbzilla.util.security.bcrypt.BCrypt; import org.cobbzilla.util.security.bcrypt.BCrypt;
import org.cobbzilla.util.security.bcrypt.BCryptUtil; import org.cobbzilla.util.security.bcrypt.BCryptUtil;
@@ -20,7 +21,7 @@ import static org.cobbzilla.util.daemon.ZillaRuntime.*;
import static org.cobbzilla.util.string.StringUtil.truncate; import static org.cobbzilla.util.string.StringUtil.truncate;
import static org.cobbzilla.wizard.model.BasicConstraintConstants.*; import static org.cobbzilla.wizard.model.BasicConstraintConstants.*;


@Embeddable @NoArgsConstructor
@Embeddable @NoArgsConstructor @Slf4j
public class HashedPassword implements Serializable { public class HashedPassword implements Serializable {


public static final HashedPassword DISABLED = new HashedPassword(true, "disabled"); public static final HashedPassword DISABLED = new HashedPassword(true, "disabled");
@@ -58,7 +59,12 @@ public class HashedPassword implements Serializable {


@Transient @Transient
public boolean isCorrectPassword (String password) { public boolean isCorrectPassword (String password) {
return password != null && BCrypt.checkpw(password, hashedPassword);
try {
return password != null && BCrypt.checkpw(password, hashedPassword);
} catch (Exception e) {
log.warn("isCorrectPassword: "+shortError(e));
return false;
}
} }


public void setPassword(String password) { this.hashedPassword = BCryptUtil.hash(password); } public void setPassword(String password) { this.hashedPassword = BCryptUtil.hash(password); }


Scrivi Anteprima
Caricamento…
Annulla
Salva