From 67350e02b67463ebbb9505ba83d43e47bfdbd1e7 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Roland=20H=C3=A4der?= Date: Wed, 3 Aug 2016 13:03:59 +0200 Subject: [PATCH] Continued a bit: - introduced ifPasswordMatches (String, User) which checks the unencrypted (direct) password against user's password - this can be used if no login container (only used for login step) is available (e.g. when the user changes password) --- .../jusercore/model/user/UserUtils.java | 34 +++++++++++++++---- .../password_history/UserPasswordHistory.java | 2 +- 2 files changed, 29 insertions(+), 7 deletions(-) diff --git a/src/org/mxchange/jusercore/model/user/UserUtils.java b/src/org/mxchange/jusercore/model/user/UserUtils.java index 2d663ab..ebd64ef 100644 --- a/src/org/mxchange/jusercore/model/user/UserUtils.java +++ b/src/org/mxchange/jusercore/model/user/UserUtils.java @@ -315,8 +315,33 @@ public class UserUtils implements Serializable { throw new IllegalArgumentException("container.userPassword is empty"); //NOI18N } + // Call below method + return ifPasswordMatches(container.getUserPassword(), updatedUser); + } + + /** + * Checks if direct password the updatedUser's password + *

+ * @param unencryptedPassword Unencrypted (direct) password + * @param updatedUser Updated user instance from database + *

+ * @return Whether the password matches + */ + public static boolean ifPasswordMatches (final String unencryptedPassword, final User updatedUser) { + // Validate parameters + if (null == unencryptedPassword) { + // Throw NPE + throw new NullPointerException("unencryptedPassword is null"); //NOI18N + } else if (unencryptedPassword.isEmpty()) { + // NPE for user in container + throw new NullPointerException("unencryptedPassword is empty."); //NOI18N + } else if (null == updatedUser) { + // And again NPE ... + throw new NullPointerException("updatedUser is null"); //NOI18N + } + // First encrypt password - String encryptedPassword = Crypt.crypt(container.getUserPassword(), updatedUser.getUserEncryptedPassword()); + String encryptedPassword = Crypt.crypt(unencryptedPassword, updatedUser.getUserEncryptedPassword()); // Is it matching? return encryptedPassword.equals(updatedUser.getUserEncryptedPassword()); @@ -345,11 +370,8 @@ public class UserUtils implements Serializable { throw new IllegalArgumentException("container.userPassword is empty"); //NOI18N } - // First encrypt password - String encryptedPassword = Crypt.crypt(container.getUserPassword(), container.getUser().getUserEncryptedPassword()); - - // Is it matching? - return encryptedPassword.equals(container.getUser().getUserEncryptedPassword()); + // Call other method + return ifPasswordMatches(container.getUserPassword(), container.getUser()); } /** diff --git a/src/org/mxchange/jusercore/model/user/password_history/UserPasswordHistory.java b/src/org/mxchange/jusercore/model/user/password_history/UserPasswordHistory.java index d6b9c25..270ac6d 100644 --- a/src/org/mxchange/jusercore/model/user/password_history/UserPasswordHistory.java +++ b/src/org/mxchange/jusercore/model/user/password_history/UserPasswordHistory.java @@ -47,7 +47,7 @@ import org.mxchange.jusercore.model.user.User; ) @NamedQueries ( { - @NamedQuery (name = "AllUsersHistoryEntries", query = "SELECT h FROM user_password_history AS h WHERE h.userPasswordHistoryUser = :user ORDER BY h.userPasswordHistoryId ASC") + @NamedQuery (name = "AllUsersHistoryEntries", query = "SELECT h FROM user_password_history AS h WHERE h.userPasswordHistoryUser = :user ORDER BY h.userPasswordHistoryId DESC") } ) @SuppressWarnings ("PersistenceUnitPresent") -- 2.39.5