Merge pull request #30 from informatik-ag-ngl/f/password_in_login_credentials

Store password instead of password hash in LoginCredentials
2020-07-11 07:14:12 +00:00 · 2020-07-11 07:14:12 +00:00 · f12cc25b43
parent 6f1ecd21f2 267ed6726e
commit f12cc25b43
1 changed files with 15 additions and 42 deletions
--- a/src/main/java/envoy/data/LoginCredentials.java
+++ b/src/main/java/envoy/data/LoginCredentials.java
@ -1,13 +1,11 @@
 package envoy.data;

 import java.io.Serializable;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-import java.util.Formatter;

 /**
- * Contains a {@link User}'s login information.<br>
- * <br>
+ * Contains a {@link User}'s login / registration information as well as the
+ * client version.
+ * <p>
 * Project: <strong>envoy-common</strong><br>
 * File: <strong>LoginCredentials.java</strong><br>
 * Created: <strong>29.12.2019</strong><br>
@ -15,58 +13,33 @@ import java.util.Formatter;
 * @author Kai S. K. Engelbart
 * @since Envoy Common v0.2-alpha
 */
-public class LoginCredentials implements Serializable {
+public final class LoginCredentials implements Serializable {

-	private final String	identifier;
-	private final byte[]	passwordHash;
+	private final String	identifier, password, clientVersion;
 	private final boolean	registration;
-	private final String	clientVersion;

-	private static final long serialVersionUID = 1;
+	private static final long serialVersionUID = 2;

 	/**
-	 * Creates an instance of {@link LoginCredentials} for a new {@link User}.
+	 * Initializes login credentials for a handshake.
 	 *
 	 * @param identifier    the identifier of the user
-	 * @param password      the password of the user (will be converted to a hash)
+	 * @param password      the password of the user
 	 * @param registration  signifies that these credentials are used for user
 	 *                      registration instead of user login
 	 * @param clientVersion the version of the client sending these credentials
-	 * @since Envoy Common v0.2-alpha
+	 * @since Envoy Common v0.1-beta
 	 */
-	public LoginCredentials(String identifier, char[] password, boolean registration, String clientVersion) {
+	public LoginCredentials(String identifier, String password, boolean registration, String clientVersion) {
 		this.identifier		= identifier;
-		passwordHash		= getSha256(toByteArray(password));
+		this.password		= password;
 		this.registration	= registration;
 		this.clientVersion	= clientVersion;
 	}

-	private byte[] getSha256(byte[] input) {
-		try {
-			return MessageDigest.getInstance("SHA-256").digest(input);
-		} catch (NoSuchAlgorithmException e) {
-			// This will never happen
-			throw new RuntimeException(e);
-		}
-	}
-
-	private byte[] toByteArray(char[] chars) {
-		byte[] bytes = new byte[chars.length * 2];
-		for (int i = 0; i < chars.length; ++i) {
-			bytes[i * 2]		= (byte) (chars[i] >> 8);
-			bytes[i * 2 + 1]	= (byte) (chars[i]);
-		}
-		return bytes;
-	}
-
 	@Override
 	public String toString() {
-		try (Formatter form = new Formatter()) {
-			form.format("LoginCredentials[identifier=%s,passwordHash=", identifier);
-			for (int i = 0; i < 3; i++)
-				form.format("%02x", passwordHash[i]);
-			return form.format(",registration=%b]", registration).toString();
-		}
+		return String.format("LoginCredentials[identifier=%s,registration=%b,clientVersion=%s]", identifier, registration, clientVersion);
 	}

 	/**
@ -76,10 +49,10 @@ public class LoginCredentials implements Serializable {
 	public String getIdentifier() { return identifier; }

 	/**
-	 * @return the password hash of the user performing the login
-	 * @since Envoy Common v0.2-alpha
+	 * @return the password of the user performing the login
+	 * @since Envoy Common v0.1-beta
 	 */
-	public byte[] getPasswordHash() { return passwordHash; }
+	public String getPassword() { return password; }

 	/**
 	 * @return {@code true} if these credentials are used for user registration