Java BCrypt.checkpw方法代碼示例

import org.mindrot.jbcrypt.BCrypt; //導入方法依賴的package包/類
/**
 * Logs in the user with email address and password.
 * Returns the user on success.
 *
 * @param email The user's email address.
 * @param password The user's plain text password.
 * @return the user details.
 */
public NewCookie login(final String email, final String password) {
    final SecurityUser candidate = dao.findUserByEmail(userClass, email);
    if (candidate == null) {
        throw new BadRequestException("notfound");
    }

    if (candidate.getPasswordHash() == null) {
        throw new BadRequestException("invalid");
    }

    if (!BCrypt.checkpw(password, candidate.getPasswordHash())) {
        throw new BadRequestException("incorrect");
    }

    return loginAs(candidate);
}
 

import org.mindrot.jbcrypt.BCrypt; //導入方法依賴的package包/類
/**
 * Changes the current user's password.
 *
 * @param oldPassword The old password.
 * @param newPassword The new password.
 * @param confirmNewPassword The confirmed new password.
 */
public void changePassword(final String oldPassword, final String newPassword, final String confirmNewPassword) {
    requireLogin();

    if (user.getPasswordHash() == null) {
        throw new BadRequestException("unset");
    }

    if (!BCrypt.checkpw(oldPassword, user.getPasswordHash())) {
        throw new BadRequestException("incorrect");
    }

    if (!newPassword.equals(confirmNewPassword)) {
        throw new BadRequestException("mismatch");
    }

    if (newPassword.length() < MINIMUM_PASSWORD_LENGTH) {
        throw new BadRequestException("short");
    }

    user.setPassword(newPassword);
    dao.update(user);
}
 

import org.mindrot.jbcrypt.BCrypt; //導入方法依賴的package包/類
/**
 * Performs authentication on the provided employee.
 *
 * @param employeeId The id number of the employee to authenticate.
 *
 * @param plaintextPassword The plaintext password of the employee.
 *
 * @return The appropriate authenticationResult enum type.
 */
public AuthenticationResult authenticate(Long employeeId, String plaintextPassword) {
    Employee employee = getEmployeeById(employeeId);
    String hashed; // The encrypted (hashed) password of the employee.
    try {
        hashed = employee.getHashedPassword();
    } catch (EntityNotFoundException e) {
        return AuthenticationResult.FAILURE;
    }

    boolean passwordCorrect = BCrypt.checkpw(plaintextPassword, hashed);
    if(passwordCorrect) {
        return AuthenticationResult.SUCCESS;
    } else {
        return AuthenticationResult.FAILURE;
    }
}
 

import org.mindrot.jbcrypt.BCrypt; //導入方法依賴的package包/類
public static Optional<UserPermission> getUser(String username, String password) {
    if (username == null || password == null || !users.containsKey(username)) {
        return Optional.empty();
    }

    try {
        UserPermission perm = users.get(username);
        if (!BCrypt.checkpw(password, perm.getPassword())) {
            return Optional.empty();
        }

        return Optional.of(perm);
    } catch (IllegalArgumentException ignored) {
        return Optional.empty();
    }
}
 

import org.mindrot.jbcrypt.BCrypt; //導入方法依賴的package包/類
@POST
@Produces(MediaType.APPLICATION_JSON)
@Consumes(MediaType.APPLICATION_JSON)
@Path("{id}")
public LoginResponse updateAndLogin(@Context HttpServletRequest request, @PathParam("id") Integer id, UserUpdateInput input) {
	LoginResponse result;

	UsersRecord user = UserDao.INSTANCE.getById(id, CommunityService.get(request));
	if (user == null || !BCrypt.checkpw(input.getCurrentpassword(), user.getPassword())) {
		result = new LoginResponse();
		result.setErrorMsg("Password wrong");
	} else {
		if (input.getPassword() != null && !input.getPassword().trim().isEmpty()) {
			user.setPassword(BCrypt.hashpw(input.getPassword(), BCrypt.gensalt()));
		}
		copyDtoToRec(user, input);
		result = UserProvider.INSTANCE.storeAndLogin(request, user);
	}
	return result;
}
 

import org.mindrot.jbcrypt.BCrypt; //導入方法依賴的package包/類
public UserApplication verifyLogin(String email, String password) throws UserNotFoundException {
	try {
		UserApplication user = getEntityManager().createQuery(
				"SELECT u FROM "+UserApplication.class.getSimpleName()+" u WHERE u.email=:email AND u.enabled=TRUE", 
				UserApplication.class)
			.setParameter("email", email)
			.getSingleResult();
		fetch(user.getProfile().getPermissions()); // load permissions from database
		if(BCrypt.checkpw(password, user.getCipheredPassword())){
			user.setCipheredPassword("");
			return detach(user);
		}
		throw new UserNotFoundException();
	} catch(NoResultException e){
		throw new UserNotFoundException();
	}
}
 

import org.mindrot.jbcrypt.BCrypt; //導入方法依賴的package包/類
@Override
public UserHeader getUserWithPassword(String email, String password) throws DataAccessException {
    try (PreparedStatement ps = prepareStatement(
            "SELECT " + USER_HEADER_FIELDS + ", user_password FROM users WHERE user_email = ?"
    )) {
        ps.setString(1, email.trim().toLowerCase());
        try (ResultSet rs = ps.executeQuery()) {
            if (rs.next()) {
                UserHeader result = populateUserHeader(rs);
                if (BCrypt.checkpw(password, rs.getString("user_password"))) {
                    return result;
                } else {
                    return null;
                }
            } else {
                return null;
            }
        }
    } catch (SQLException ex) {
        throw new DataAccessException("Could not fetch user by password.", ex);
    }
}
 

import org.mindrot.jbcrypt.BCrypt; //導入方法依賴的package包/類
@Override
public SerializeResult loadPlayer(String username, String password) {
    try {
        loginStatement.setString(1, username);
        try (ResultSet set = loginStatement.executeQuery()) {
            if (set.first()) {
                int id = set.getInt("id");
                String hashedPassword = set.getString("password");
                if (BCrypt.checkpw(password, hashedPassword)) {
                    Player player = new Player();
                    player.setDatabaseId(id);
                    player.setPassword(password); /* can't use hashed one in PlayerTable */
                    for (Table<Player> table : playerTables)
                        table.load(player);

                    return new SerializeResult(LoginResponse.STATUS_OK, player);
                }
            }

            return new SerializeResult(LoginResponse.STATUS_INVALID_PASSWORD);
        }
    } catch (SQLException | IOException ex) {
        logger.warn("Loading player " + username + " failed.", ex);
        return new SerializeResult(LoginResponse.STATUS_COULD_NOT_COMPLETE);
    }
}
 

import org.mindrot.jbcrypt.BCrypt; //導入方法依賴的package包/類
public static Result updatePassword(Long userId, String oldPassword, String newPassword) {

        Logger.debug("Updating password for user with ID = " + userId);

        User user = User.find.byId(userId);
        if (user == null) {
            return notFound(JsonErrorMessage("User does not exist"));
        }

        if (!BCrypt.checkpw(oldPassword, user.getPassword())) {
            return unauthorized(JsonErrorMessage("Wrong password."));
        }

        if (newPassword.length() < 5) {
            return badRequest(JsonErrorMessage("Password length has to be at least 5."));
        }

        user.setPassword(newPassword);
        user.save();

        return ok(toJson(user));

    }
 

import org.mindrot.jbcrypt.BCrypt; //導入方法依賴的package包/類
public void iniciarSessao(String email, String senha) throws LoginInvalidoException{
    Usuario u = getUsuario(email);
    if(u == null) {
        throw new LoginInvalidoException();
    }
    if(BCrypt.checkpw(senha, u.getSenha())) {
        SESSAO.alterarSessao(u);
    }
    else{
        throw new LoginInvalidoException();
    }
}
 

import org.mindrot.jbcrypt.BCrypt; //導入方法依賴的package包/類
/**
 * Checks a password against a stored hash using BCrypt.
 *
 * @param plainTextPassword
 * @param hashedPassword
 * @return
 */
public boolean checkPassword(String plainTextPassword, String hashedPassword) {

    if (null == hashedPassword || !hashedPassword.startsWith("$2a$")) {
        throw new RuntimeException("Hashed password is invalid");
    }

    return BCrypt.checkpw(plainTextPassword, hashedPassword);
}
 

import org.mindrot.jbcrypt.BCrypt; //導入方法依賴的package包/類
public boolean verifyAndUpdateHash(String password, String hash, Function<String, Boolean> updateFunc) {
    if (BCrypt.checkpw(password, hash)) {
        int rounds = getRounds(hash);
        // It might be smart to only allow increasing the rounds.
        // If someone makes a mistake the ability to undo it would be nice though.
        if (rounds != logRounds) {
            log.debug("Updating password from {} rounds to {}", rounds, logRounds);
            String newHash = hash(password);
            return updateFunc.apply(newHash);
        }
        return true;
    }
    return false;
}
 

import org.mindrot.jbcrypt.BCrypt; //導入方法依賴的package包/類
/**
 * @param candidate         the clear text
 * @param encryptedPassword the encrypted password string to check.
 * @return true if the candidate matches, false otherwise.
 */
public static boolean checkPassword(String candidate, String encryptedPassword) {
    if (candidate == null) {
        return false;
    }
    if (encryptedPassword == null) {
        return false;
    }
    return BCrypt.checkpw(candidate, encryptedPassword);
}
 

import org.mindrot.jbcrypt.BCrypt; //導入方法依賴的package包/類
/**
 * Returns a user if the login information is valid, throws a ClientException exception otherwise.
 *
 * @param username
 * @param password
 * @return
 */
public T checkUserLoginValid(String username, String password) throws ClientException {
    Integer failures = or((Integer)LocalMemoryCache.get(PROBLEM_LOG_CACHE_BUCKET, request().getActualIp()), 0);
    if (failures > MAX_PROBLEMS) {
        throw new ClientException("You have too many login failures in the last 10 minutes. Please wait before trying again.", 429);
    }


    T user = forUsername(username);
    String err = "User not found or password invalid";
    if (user == null) {
        markFailed(username);
        throw new ClientException(err, 403);
    }

    failures = or((Integer)LocalMemoryCache.get(PROBLEM_LOG_CACHE_BUCKET, username), 0);
    if (failures > (MAX_PROBLEMS + 5)) { // We are more tolerant of user name failures, else easy to lock someone else out of account
        throw new ClientException("You have too many login failures in the last 10 minutes. Please wait before trying again.", 429);
    }

    if (empty(user.getBcryptedPassword())) {
        throw new ClientException("Password never confiruged for this user. Did you originally login with Google or Facebook? Otherwise, click on the password reset link to choose a new password.");
    }

    boolean valid = BCrypt.checkpw(password, user.getBcryptedPassword());



    if (!valid) {
        markFailed(username);
        throw new ClientException(err, 403);
    }
    return user;
}
 

import org.mindrot.jbcrypt.BCrypt; //導入方法依賴的package包/類
public boolean checkPassword(String password_plaintext){
    if(this.password == null || password_plaintext == null)
        return false;
    if(!this.password.startsWith("$2a$"))
        throw new IllegalArgumentException("Invalid hash provided for comparison");
    return BCrypt.checkpw(password_plaintext, password);
}