Fix password encoder for compatibility

2024-11-15 11:07:57 +01:00 · 2020-11-08 12:08:13 -08:00 · 2020-11-08 12:08:13 -08:00 · 6789fa60b5
commit 6789fa60b5
parent 9111b6988f
6 changed files with 51 additions and 17 deletions
--- a/wise-webapp/src/main/java/com/wisemapping/security/DefaultPasswordEncoderFactories.java
+++ b/wise-webapp/src/main/java/com/wisemapping/security/DefaultPasswordEncoderFactories.java
@ -0,0 +1,26 @@
 package com.wisemapping.security;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.DelegatingPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import java.util.HashMap;
 import java.util.Map;
 public class DefaultPasswordEncoderFactories {
    private static final String ENCODING_ID = "bcrypt";
    @SuppressWarnings("deprecation")
    static PasswordEncoder createDelegatingPasswordEncoder() {
        final Map<String, PasswordEncoder> encoders = new HashMap<>();
        encoders.put(ENCODING_ID, new BCryptPasswordEncoder(16));
        DelegatingPasswordEncoder result = new DelegatingPasswordEncoder(ENCODING_ID, encoders);
        result.setDefaultPasswordEncoderForMatches(new LegacyPasswordEncoder());
        return result;
    }
 }
--- a/wise-webapp/src/main/java/com/wisemapping/security/LegacyPasswordEncoder.java
+++ b/wise-webapp/src/main/java/com/wisemapping/security/LegacyPasswordEncoder.java
@ -18,27 +18,37 @@
 package com.wisemapping.security;
-import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.apache.log4j.Logger;
 import org.springframework.security.crypto.password.PasswordEncoder;
-public class CustomPasswordEncoder implements PasswordEncoder {
+@SuppressWarnings("deprecation")
 public class LegacyPasswordEncoder implements PasswordEncoder {
    final private static Logger logger = Logger.getLogger("com.wisemapping.security.LegacyPasswordEncoder");
    private static final String ENC_PREFIX = "ENC:";
-    private BCryptPasswordEncoder delegateEncoder = new BCryptPasswordEncoder(16);
+    private static final PasswordEncoder sha1Encoder = new org.springframework.security.crypto.password.MessageDigestPasswordEncoder("SHA-1");
    @Override
    public String encode(CharSequence rawPassword) {
-        String password = rawPassword.toString();
+
-        if(!rawPassword.toString().startsWith(ENC_PREFIX)) {
+        logger.info("LegacyPasswordEncoder encode executed.");
-            password = ENC_PREFIX + delegateEncoder.encode(rawPassword);
+
        String result = rawPassword.toString();
        if (!rawPassword.toString().startsWith(ENC_PREFIX)) {
            result = ENC_PREFIX + sha1Encoder.encode(rawPassword);
        }
-        return password;
+        return result;
    }
    @Override
    public boolean matches(CharSequence rawPassword, String encodedPassword) {
        String encodedRawPassword = delegateEncoder.encode(rawPassword);
-        return delegateEncoder.matches(encodedRawPassword, encodedPassword);
+        String newEncodedPassword = encodedPassword;
        if (encodedPassword.startsWith(ENC_PREFIX)) {
            newEncodedPassword = encode(rawPassword);
        }
        return newEncodedPassword.equals(encodedPassword);
    }
 }
--- a/wise-webapp/src/main/webapp/WEB-INF/classes/log4j.properties
+++ b/wise-webapp/src/main/webapp/WEB-INF/classes/log4j.properties
@ -1,7 +1,6 @@
 log4j.rootLogger=WARN, stdout, R
-log4j.logger.com.wisemapping=WARN,stdout,R
+log4j.logger.com.wisemapping=INFO,stdout,R
-log4j.logger.org.springframework=WARN,stdout,R
+log4j.logger.org.springframework=INFO,stdout,R
 log4j.logger.org.codehaus.jackson=WARN,stdout,R
 log4j.logger.org.hibernate=WARN,stdout,R
 log4j.logger.org.hibernate.engine.StatefulPersistenceContext=ERROR,stdout,R
--- a/wise-webapp/src/main/webapp/WEB-INF/wisemapping-model.xml
+++ b/wise-webapp/src/main/webapp/WEB-INF/wisemapping-model.xml
@ -7,7 +7,7 @@
    <beans>
        <bean id="userManager" class="com.wisemapping.dao.UserManagerImpl">
            <property name="hibernateTemplate" ref="hibernateTemplate"/>
-            <property name="encoder" ref="encoder"/>
+            <property name="encoder" ref="passwordEncoder"/>
        </bean>
        <bean id="mindmapManager" class="com.wisemapping.dao.MindmapManagerImpl">
--- a/wise-webapp/src/main/webapp/WEB-INF/wisemapping-security-db.xml
+++ b/wise-webapp/src/main/webapp/WEB-INF/wisemapping-security-db.xml
@ -8,6 +8,8 @@
          http://www.springframework.org/schema/security
          http://www.springframework.org/schema/security/spring-security.xsd">
    <bean id="passwordEncoder" class="com.wisemapping.security.DefaultPasswordEncoderFactories" factory-method="createDelegatingPasswordEncoder"/>
    <sec:authentication-manager alias="authenticationManager">
        <sec:authentication-provider ref="dbAuthenticationProvider"/>
        <sec:authentication-provider user-service-ref="userDetailsService"/>
@ -15,7 +17,6 @@
    <bean id="dbAuthenticationProvider" class="com.wisemapping.security.AuthenticationProvider">
        <property name="userDetailsService" ref="userDetailsService"/>
-        <property name="encoder" ref="encoder"/>
+        <property name="encoder" ref="passwordEncoder"/>
    </bean>
 </beans>
--- a/wise-webapp/src/main/webapp/WEB-INF/wisemapping-security.xml
+++ b/wise-webapp/src/main/webapp/WEB-INF/wisemapping-security.xml
@ -87,8 +87,6 @@
        <sec:logout logout-url="/c/logout" invalidate-session="true" logout-success-url="/c/login"/>
    </sec:http>
    <bean id="encoder" class="com.wisemapping.security.CustomPasswordEncoder"/>
    <import resource="wisemapping-security-${security.type}.xml"/>
    <bean id="userDetailsService" class="com.wisemapping.security.UserDetailsService">