vmario/docs
1
0
Fork 0
mirror of https://github.com/sismics/docs.git synced 2024-06-26 11:31:24 +02:00
Code Issues Packages Projects Releases Wiki Activity

Configure bcrypt work

Browse Source
This commit is contained in:
Vec7or 2021-01-05 18:59:18 +01:00 committed by GitHub
parent 558de7ba3f
commit ff3db531e5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 37 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
README.md
View File

@ -74,6 +74,7 @@ To build external URL, the server is expecting a `DOCS_BASE_URL` environment var
- General
- `DOCS_BASE_URL`: The base url used by the application. Generated url's will be using this as base.
- `DOCS_GLOBAL_QUOTA`: Defines the default quota applying to all users.
- `DOCS_BCRYPT_WORK`: Defines the work factor which is used for password hashing. The default is `10`. This value may be `4...31` including `4` and `31`. The specified value will be used for all new users and users changing their password. Be aware that setting this factor to high can heavily impact login and user creation performance.
- Admin
- `DOCS_ADMIN_EMAIL_INIT`: Defines the e-mail-address the admin user should have upon initialization.

10
docs-core/src/main/java/com/sismics/docs/core/constant/Constants.java
View File

@ -25,6 +25,11 @@ public class Constants {
*/
public static final String DEFAULT_ADMIN_EMAIL = "admin@localhost";
/**
* Bcrypt default work factor
*/
public static final int DEFAULT_BCRYPT_WORK = 10;
/**
* Guest user ID.
*/
@ -73,6 +78,11 @@ public class Constants {
*/
public static final String ADMIN_EMAIL_INIT_ENV = "DOCS_ADMIN_EMAIL_INIT";
/**
* Work factor to be used by Bcrypt
*/
public static final String BCRYPT_WORK_ENV = "DOCS_BCRYPT_WORK";
/**
* Expiration time of the password recovery in hours.
*/

29
docs-core/src/main/java/com/sismics/docs/core/dao/UserDao.java
View File

@ -1,8 +1,13 @@
package com.sismics.docs.core.dao;
import at.favre.lib.crypto.bcrypt.BCrypt;
import com.google.common.base.Joiner;
import at.favre.lib.crypto.bcrypt.BCrypt;
import org.joda.time.DateTime;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import com.sismics.docs.core.constant.AuditLogType;
import com.sismics.docs.core.constant.Constants;
import com.sismics.docs.core.dao.criteria.UserCriteria;
import com.sismics.docs.core.dao.dto.UserDto;
import com.sismics.docs.core.model.jpa.User;
@ -12,7 +17,6 @@ import com.sismics.docs.core.util.jpa.QueryParam;
import com.sismics.docs.core.util.jpa.QueryUtil;
import com.sismics.docs.core.util.jpa.SortCriteria;
import com.sismics.util.context.ThreadLocalContext;
import org.joda.time.DateTime;
import javax.persistence.EntityManager;
import javax.persistence.NoResultException;
@ -26,6 +30,11 @@ import java.util.*;
* @author jtremeaux
*/
public class UserDao {
/**
* Logger.
*/
private static final Logger log = LoggerFactory.getLogger(UserDao.class);
/**
* Authenticates an user.
*
@ -278,7 +287,21 @@ public class UserDao {
* @return Hashed password
*/
private String hashPassword(String password) {
return BCrypt.withDefaults().hashToString(10, password.toCharArray());
int bcryptWork = Constants.DEFAULT_BCRYPT_WORK;
String envBcryptWork = System.getenv(Constants.BCRYPT_WORK_ENV);
if (envBcryptWork != null) {
try {
int envBcryptWorkInt = Integer.parseInt(envBcryptWork);
if (envBcryptWorkInt >= 4 && envBcryptWorkInt <= 31) {
bcryptWork = envBcryptWorkInt;
} else {
log.warn(Constants.BCRYPT_WORK_ENV + " needs to be in range 4...31. Falling back to " + Constants.DEFAULT_BCRYPT_WORK + ".");
}
} catch (NumberFormatException e) {
log.warn(Constants.BCRYPT_WORK_ENV + " needs to be a number in range 4...31. Falling back to " + Constants.DEFAULT_BCRYPT_WORK + ".");
}
}
return BCrypt.withDefaults().hashToString(bcryptWork, password.toCharArray());
}
/**