From b9693b75fd3928334c1dc67372f69c4ba2e5224b Mon Sep 17 00:00:00 2001 From: Fredrik Marjoni Date: Thu, 26 Feb 2026 11:57:03 +0100 Subject: [PATCH] feat[User]: Add Bcrpyt in verifying password in class and dependency in pom.xml --- pom.xml | 7 +++++++ .../java/edu/group5/app/model/user/User.java | 18 ++++++++++++------ .../edu/group5/app/model/user/User.class | Bin 1917 -> 2200 bytes 3 files changed, 19 insertions(+), 6 deletions(-) diff --git a/pom.xml b/pom.xml index 4895163..4d088c4 100644 --- a/pom.xml +++ b/pom.xml @@ -32,6 +32,13 @@ javafx-controls ${javafx.version} + + + + org.springframework.security + spring-security-crypto + 7.0.2 + diff --git a/src/main/java/edu/group5/app/model/user/User.java b/src/main/java/edu/group5/app/model/user/User.java index 939bea9..e20e4f4 100644 --- a/src/main/java/edu/group5/app/model/user/User.java +++ b/src/main/java/edu/group5/app/model/user/User.java @@ -1,9 +1,13 @@ package edu.group5.app.model.user; +import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; /** * User class represents a user in the system. It is an abstract class that will be extended by specific user types such as Donor, Recipient, and Admin. * Each user has a unique userId, a role that defines their permissions in the system, and personal information such as first name, last name, email, and password hash. * The constructor validates that all required fields are provided and throws an IllegalArgumentException if any of the fields are null or empty. * This ensures that the User objects are always in a valid state when created. + * The class also includes a method to verify the user's password + * by comparing the provided plaintext password with the stored hashed password using BCrypt. + * */ public abstract class User { private int userId; @@ -21,7 +25,7 @@ public abstract class User { * @param firstName the first name of the user * @param lastName the last name of the user * @param email the email address of the user - * @param passwordHash the hashed password of the user + * @param passwordHash the hashed password of the user, used for authentication purposes */ public User(int userId, String role, String firstName, String lastName, String email, String passwordHash) { @@ -101,14 +105,16 @@ public String getPasswordHash() { } /** - * Verifies if the provided password matches the stored password hash for the user. - * This method should implement the logic to hash the input password - * and compare it with the stored password hash. + * Verifies if the provided password matches the stored password hash. + * This method uses BCrypt to compare the plaintext password with the hashed password. * @param password the plaintext password to verify * @return true if the password is correct, false otherwise */ public boolean verifyPassword(String password) { - // TODO Implement password verification logic here, e.g., using a hashing algorithm - return true; // Placeholder return value + if (password == null || password.isEmpty()) { + return false; + } + BCryptPasswordEncoder encoder = new BCryptPasswordEncoder(); + return encoder.matches(password, this.passwordHash); } } diff --git a/target/classes/edu/group5/app/model/user/User.class b/target/classes/edu/group5/app/model/user/User.class index 4f41b157efad2b627e7442266011a3ad90367176..a863d4f6ccfa7c6a4b044c45dcae7ab0efd15832 100644 GIT binary patch delta 509 zcmbu5O-mb56o#McsL}BY1-BZpXlo)Peg>mfA{tv0zo8Ta8OJg4E73cNB3-!ax+N6a zMR&SWL0V$5)I}Fv_$&MqE|s2%KS3^>`@HWx=Wxz_sQ=n%-acO60Fx|Vn&-xGfH#Wq ztWH_pp5Dx)HnhF#9%l8n<+)B?Z|06HM<4CwvesJZwqg^$oVPtsveqXvPIleZCet+f zAyG?`Sw&#i&N*qT)pF7$#fI*8Coj8`m*S|Q91-5g-?ksdzL%NP3iPCus%aKRu~ z4Dp9ZAzpE!UKj2vn+vM4Q^iX(CNx)~4?^!s^h;<}XhfxbeLO`RMT7jfham@AL;o;C zMS|a`FwTB6{r-x#$#AIaCy^pEXOdztEU`%z08NdQ){&=K291gnd}_l8qoSlCbF!wA WcawP*C}T|Aa>{BH)k-!+tfl`Z*MLF* delta 240 zcmbOs_?M6C)W2Q(7#J8_8N4@gt!3tBWZ)=BEG{n3FG|_GfW?B*SBim!L56{YL6$*? zL7qVY2(=iL7%Ui+8JrkY8G;zp7-ASS7;+di8Oj*68QK_h7$z|2F-&F9XPC=iz_66T zkYOEz5yN%{V}`v9CX-d!mM~gRZe$moe4kC7(HYE=VOMAL2D2i8tY9F^hA|q