-
Notifications
You must be signed in to change notification settings - Fork 4
Feature/#198 password encoding #199
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: develop
Are you sure you want to change the base?
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,13 @@ | ||
| package de.doubleslash.keeptime.common; | ||
|
|
||
| import org.springframework.security.crypto.argon2.Argon2PasswordEncoder; | ||
|
|
||
| public class DefaultPasswordEncoder { | ||
|
|
||
| private static Argon2PasswordEncoder passwordEncoder = new Argon2PasswordEncoder(16, 32, 4, 128000, 10); | ||
|
|
||
| public static final Argon2PasswordEncoder getPasswordEncoder() { | ||
| return DefaultPasswordEncoder.passwordEncoder; | ||
| } | ||
|
|
||
| } |
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -43,6 +43,7 @@ | |
| import org.slf4j.Logger; | ||
| import org.slf4j.LoggerFactory; | ||
| import org.springframework.beans.factory.annotation.Autowired; | ||
| import org.springframework.security.crypto.password.PasswordEncoder; | ||
| import org.springframework.stereotype.Component; | ||
|
|
||
| import de.doubleslash.keeptime.ApplicationProperties; | ||
|
|
@@ -758,12 +759,15 @@ private void handleApiOn() { | |
| String username = authName.getText(); | ||
| String password = authPassword.getText(); | ||
|
Collaborator
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. like you commented in the issue Your idea -> "Probably we should only save a password if provided a new one and we should not load the password from the application.properties into the view" sounds reasonable, yes 👍 |
||
|
|
||
| PasswordEncoder passwordEncoder = DefaultPasswordEncoder.getPasswordEncoder(); | ||
| String encodedPassword = passwordEncoder.encode(password); | ||
|
|
||
| Map<String, String> propertiesToUpdate = new HashMap<>(); | ||
| propertiesToUpdate.put("spring.main.web-application-type", ""); | ||
| propertiesToUpdate.put("server.port", authPort.getText()); | ||
| propertiesToUpdate.put("api", "ON"); | ||
| propertiesToUpdate.put("spring.security.user.name", username); | ||
| propertiesToUpdate.put("spring.security.user.password", password); | ||
| propertiesToUpdate.put("spring.security.user.password", encodedPassword); | ||
|
|
||
| propertyWrite(propertiesToUpdate); | ||
| } | ||
|
|
||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I guess I would rather use a spring buildin passwordencoder like https://docs.spring.io/spring-security/reference/features/authentication/password-storage.html (I did not validate this yet.) But I like less dependencies :P
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The Argon2PasswordEncoder is mentioned on the page you linked :)
https://docs.spring.io/spring-security/reference/features/authentication/password-storage.html#authentication-password-storage-argon2
To be fair, we could use the default password encoder. Probably it will be sufficient for KeepTime 😄
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
you are right. argon is mentioned
the default one sound also sufficient - saves 8MB of disk space :D