mirror of
https://github.com/sismics/docs.git
synced 2024-11-21 21:47:57 +01:00
Configure bcrypt work
This commit is contained in:
parent
558de7ba3f
commit
ff3db531e5
@ -74,6 +74,7 @@ To build external URL, the server is expecting a `DOCS_BASE_URL` environment var
|
||||
- General
|
||||
- `DOCS_BASE_URL`: The base url used by the application. Generated url's will be using this as base.
|
||||
- `DOCS_GLOBAL_QUOTA`: Defines the default quota applying to all users.
|
||||
- `DOCS_BCRYPT_WORK`: Defines the work factor which is used for password hashing. The default is `10`. This value may be `4...31` including `4` and `31`. The specified value will be used for all new users and users changing their password. Be aware that setting this factor to high can heavily impact login and user creation performance.
|
||||
|
||||
- Admin
|
||||
- `DOCS_ADMIN_EMAIL_INIT`: Defines the e-mail-address the admin user should have upon initialization.
|
||||
|
@ -25,6 +25,11 @@ public class Constants {
|
||||
*/
|
||||
public static final String DEFAULT_ADMIN_EMAIL = "admin@localhost";
|
||||
|
||||
/**
|
||||
* Bcrypt default work factor
|
||||
*/
|
||||
public static final int DEFAULT_BCRYPT_WORK = 10;
|
||||
|
||||
/**
|
||||
* Guest user ID.
|
||||
*/
|
||||
@ -73,6 +78,11 @@ public class Constants {
|
||||
*/
|
||||
public static final String ADMIN_EMAIL_INIT_ENV = "DOCS_ADMIN_EMAIL_INIT";
|
||||
|
||||
/**
|
||||
* Work factor to be used by Bcrypt
|
||||
*/
|
||||
public static final String BCRYPT_WORK_ENV = "DOCS_BCRYPT_WORK";
|
||||
|
||||
/**
|
||||
* Expiration time of the password recovery in hours.
|
||||
*/
|
||||
|
@ -1,8 +1,13 @@
|
||||
package com.sismics.docs.core.dao;
|
||||
|
||||
import at.favre.lib.crypto.bcrypt.BCrypt;
|
||||
import com.google.common.base.Joiner;
|
||||
import at.favre.lib.crypto.bcrypt.BCrypt;
|
||||
import org.joda.time.DateTime;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
||||
import com.sismics.docs.core.constant.AuditLogType;
|
||||
import com.sismics.docs.core.constant.Constants;
|
||||
import com.sismics.docs.core.dao.criteria.UserCriteria;
|
||||
import com.sismics.docs.core.dao.dto.UserDto;
|
||||
import com.sismics.docs.core.model.jpa.User;
|
||||
@ -12,7 +17,6 @@ import com.sismics.docs.core.util.jpa.QueryParam;
|
||||
import com.sismics.docs.core.util.jpa.QueryUtil;
|
||||
import com.sismics.docs.core.util.jpa.SortCriteria;
|
||||
import com.sismics.util.context.ThreadLocalContext;
|
||||
import org.joda.time.DateTime;
|
||||
|
||||
import javax.persistence.EntityManager;
|
||||
import javax.persistence.NoResultException;
|
||||
@ -26,6 +30,11 @@ import java.util.*;
|
||||
* @author jtremeaux
|
||||
*/
|
||||
public class UserDao {
|
||||
/**
|
||||
* Logger.
|
||||
*/
|
||||
private static final Logger log = LoggerFactory.getLogger(UserDao.class);
|
||||
|
||||
/**
|
||||
* Authenticates an user.
|
||||
*
|
||||
@ -278,7 +287,21 @@ public class UserDao {
|
||||
* @return Hashed password
|
||||
*/
|
||||
private String hashPassword(String password) {
|
||||
return BCrypt.withDefaults().hashToString(10, password.toCharArray());
|
||||
int bcryptWork = Constants.DEFAULT_BCRYPT_WORK;
|
||||
String envBcryptWork = System.getenv(Constants.BCRYPT_WORK_ENV);
|
||||
if (envBcryptWork != null) {
|
||||
try {
|
||||
int envBcryptWorkInt = Integer.parseInt(envBcryptWork);
|
||||
if (envBcryptWorkInt >= 4 && envBcryptWorkInt <= 31) {
|
||||
bcryptWork = envBcryptWorkInt;
|
||||
} else {
|
||||
log.warn(Constants.BCRYPT_WORK_ENV + " needs to be in range 4...31. Falling back to " + Constants.DEFAULT_BCRYPT_WORK + ".");
|
||||
}
|
||||
} catch (NumberFormatException e) {
|
||||
log.warn(Constants.BCRYPT_WORK_ENV + " needs to be a number in range 4...31. Falling back to " + Constants.DEFAULT_BCRYPT_WORK + ".");
|
||||
}
|
||||
}
|
||||
return BCrypt.withDefaults().hashToString(bcryptWork, password.toCharArray());
|
||||
}
|
||||
|
||||
/**
|
||||
|
Loading…
Reference in New Issue
Block a user