rushilwiz/astute
1
0
Fork 0
mirror of https://github.com/dyiop/astute.git synced 2025-04-05 21:10:16 -04:00
Code Issues Actions Packages Projects Releases Wiki Activity

* Encrypted credentials

Browse Source
This commit is contained in:
Gopi Katwala 2019-07-16 14:15:10 -04:00
parent c402bb00f2
commit 06e48099fd
2 changed files with 6 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
AstuteSystem/sql/astute.sql
View File

@ -810,9 +810,9 @@ CREATE TABLE IF NOT EXISTS `user` (
-- Dumping data for table astute.user: ~2 rows (approximately) -- Dumping data for table astute.user: ~2 rows (approximately)
/*!40000 ALTER TABLE `user` DISABLE KEYS */; /*!40000 ALTER TABLE `user` DISABLE KEYS */;
INSERT INTO `user` (`user_id`, `username`, `password`, `first_name`, `middle_name`, `last_name`, `role`, `email`, `office_phone_ext`, `cell_phone`) VALUES INSERT INTO `user` (`user_id`, `username`, `password`, `first_name`, `middle_name`, `last_name`, `role`, `email`, `office_phone_ext`, `cell_phone`) VALUES
(1, 'sparikh', 'sparikh', 'Saurin', NULL, 'Parikh', 'Owner', 'sparikh@Astuteng.com', 2024002004, 3014616485), (1, ENCODE('sparikh', 'astutesecret'), ENCODE('sparikh', 'astutesecret'), 'Saurin', NULL, 'Parikh', 'Owner', 'sparikh@Astuteng.com', 2024002004, 3014616485),
(2, 'humaretiya', 'humaretiya', 'Haresh', NULL, 'Umaretiya', 'Owner', 'Humaretiya@astuteng.com', 2024002004, 0); (2, ENCODE('humaretiya', 'astutesecret'), ENCODE('humaretiya', 'astutesecret'), 'Haresh', NULL, 'Umaretiya', 'Owner', 'Humaretiya@astuteng.com', 2024002004, 0);
/*!40000 ALTER TABLE `user` ENABLE KEYS */; /*!40000 ALTER TABLE ENCODE('gkatwala', 'astutesecret')`user` ENABLE KEYS */;
/*!40101 SET SQL_MODE=IFNULL(@OLD_SQL_MODE, '') */; /*!40101 SET SQL_MODE=IFNULL(@OLD_SQL_MODE, '') */;
/*!40014 SET FOREIGN_KEY_CHECKS=IF(@OLD_FOREIGN_KEY_CHECKS IS NULL, 1, @OLD_FOREIGN_KEY_CHECKS) */; /*!40014 SET FOREIGN_KEY_CHECKS=IF(@OLD_FOREIGN_KEY_CHECKS IS NULL, 1, @OLD_FOREIGN_KEY_CHECKS) */;

18
AstuteSystem/src/main/java/com/astute/dao/SqlDAO.java
View File

@ -20,7 +20,7 @@ import static com.astute.exceptions.AstuteException.AUTH_ERROR;
import static com.astute.exceptions.AstuteException.DB_ERROR; import static com.astute.exceptions.AstuteException.DB_ERROR;
public class SqlDAO extends DAO { public class SqlDAO extends DAO {
String key = "astutesecret";
public SqlDAO() throws AstuteException { public SqlDAO() throws AstuteException {
} }
@ -1128,8 +1128,7 @@ public class SqlDAO extends DAO {
public User getUser(String username) throws AstuteException { public User getUser(String username) throws AstuteException {
String sql = "select user_id, username, password, CONCAT(first_name, ' ', last_name) as name from user where username='" + username + "'"; String sql = "select user_id, DECODE(username,'"+key+"'), DECODE(password,'"+key+"'), CONCAT(first_name, ' ', last_name) as name from user where username=ENCODE('" + username + "','"+key+"')";
try { try {
Statement stmt = conn.createStatement(); Statement stmt = conn.createStatement();
ResultSet resultSet = stmt.executeQuery(sql); ResultSet resultSet = stmt.executeQuery(sql);
@ -1142,7 +1141,6 @@ public class SqlDAO extends DAO {
resultSet.getString(4), null resultSet.getString(4), null
); );
} }
// conn.close();
return user; return user;
} catch (SQLException e) { } catch (SQLException e) {
e.printStackTrace(); e.printStackTrace();
@ -1355,19 +1353,9 @@ public class SqlDAO extends DAO {
=============================== Utility Methods =============================================== =============================== Utility Methods ===============================================
*/ */
public User login(String username, String password) throws AstuteException{ public User login(String username, String password) throws AstuteException{
User user = getUser(username); User user = getUser(username);
boolean check = false;
if (user != null && password.equals(user.getPassword())) { if (user != null && password.equals(user.getPassword())) {
check = true;
}
// try {
// check = checkPasswordHash(user.getPassword(), password);
// } catch (NoSuchAlgorithmException e) {
//
// } catch (InvalidKeySpecException e) {
//
// }
if (check) {
//create session //create session
String sessionId = UUID.randomUUID().toString().replaceAll("-", ""); String sessionId = UUID.randomUUID().toString().replaceAll("-", "");