[CAUSEWAY-2884] Passwords not matching after restart - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 2.0.0-M7
Component/s: None
Labels:
None

Description

When I restart the web app the old passwords don’t work.

I think this might be the cause of that:

@Service
@Named("isis.ext.secman.PasswordEncryptionServiceUsingJBcrypt")
@javax.annotation.Priority(PriorityPrecedence.MIDPOINT)
@Qualifier("JBCrypt")
public class PasswordEncryptionServiceUsingJBcrypt implements PasswordEncryptionService {

private String salt;

private String getSalt() {
if (salt == null)

{ salt = BCrypt.gensalt(); }

return salt;
}

@Override
public String encrypt(String password)

{ return password == null ? null : BCrypt.hashpw(password, getSalt()); }

That looks like the salt is set on the service and would be different after the service is used following an app restart.

One solution might be a variant that picks up the salt from a property file.

Attachments

Activity

People

Assignee:: Andi Huber

Reporter:: Daniel Keir Haywood

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 08/Nov/21 21:21

Updated:: 28/Feb/22 06:36

Resolved:: 25/Nov/21 13:19