]> git.mxchange.org Git - juser-core.git/commitdiff
Added UserUtils.ifPasswordMatches() for easy password comparison (including strong...
authorRoland Haeder <roland@mxchange.org>
Tue, 13 Oct 2015 07:38:52 +0000 (09:38 +0200)
committerRoland Haeder <roland@mxchange.org>
Tue, 13 Oct 2015 07:38:52 +0000 (09:38 +0200)
Signed-off-by:Roland Häder <roland@mxchange.org>

src/org/mxchange/jusercore/model/user/UserUtils.java

index 8449b9ba2355e5de86877fd561b68e68a869c5c0..c2b484a85849ca1608645bc8b8f4e029091a6150 100644 (file)
@@ -18,6 +18,7 @@ package org.mxchange.jusercore.model.user;
 
 import org.apache.commons.codec.digest.Crypt;
 import org.mxchange.jcore.BaseFrameworkSystem;
+import org.mxchange.jusercore.container.login.LoginContainer;
 
 /**
  * An utilities class for customers
@@ -39,6 +40,15 @@ public class UserUtils extends BaseFrameworkSystem {
         * @return Hashed user password
         */
        public static String encryptPassword (final String userPassword) {
+               // Is it null or empty?
+               if (null == userPassword) {
+                       // Throw NPE
+                       throw new NullPointerException("userPassword is null");
+               } else if (userPassword.isEmpty()) {
+                       // Empty passwords are hardcoded not allowed due to security risks
+                       throw new IllegalArgumentException("userPassword is empty");
+               }
+
                // Generate large number
                String number = Long.toString(Math.round(Math.random() * 10_000_000_000L));
 
@@ -52,6 +62,39 @@ public class UserUtils extends BaseFrameworkSystem {
                return encryptedPassword;
        }
 
+       /**
+        * Checks if password from container matches the updatedUser's password
+        * <p>
+        * @param container Container holding user instance and unencrypted password
+        * @param updatedUser Updated user instance from database
+        * @return Whethet the password matches
+        */
+       public static boolean ifPasswordMatches (final LoginContainer container, final User updatedUser) {
+               // Validate parameters
+               if (null == container) {
+                       // Throw NPE
+                       throw new NullPointerException("container is null");
+               } else if (null == updatedUser) {
+                       // And again NPE ...
+                       throw new NullPointerException("updatedUser is null");
+               } else if (container.getUser() == null) {
+                       // NPE for user in container
+                       throw new NullPointerException("container.user is null");
+               } else if (container.getUserPassword() == null) {
+                       // NPE for user password in container
+                       throw new NullPointerException("container.userPassword is null");
+               } else if (container.getUserPassword().isEmpty()) {
+                       // Empty password in container
+                       throw new IllegalArgumentException("container.userPassword is empty");
+               }
+
+               // First encrypt password
+               String encryptedPassword = Crypt.crypt(container.getUserPassword(), updatedUser.getUserEncryptedPassword());
+
+               // Is it matching?
+               return encryptedPassword.equals(updatedUser.getUserEncryptedPassword());
+       }
+
        /**
         * No instance from this class
         */