Skip to content

Commit

Permalink
update[LoginController]: improve password handling by clearing passwa…
Browse files Browse the repository at this point in the history 
…rd char array, and by not saving a password String as a variable
  • Loading branch information
Lucy Ciara Herud-Thomassen authored and Lucy Ciara Herud-Thomassen committed Apr 14, 2026
1 parent a26914e commit d792af2
Showing 1 changed file with 9 additions and 2 deletions.
11 changes: 9 additions & 2 deletions src/main/java/edu/group5/app/control/LoginController.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,9 @@
import edu.group5.app.model.user.UserService;
import edu.group5.app.view.loginpage.LoginPageView;
import edu.group5.app.view.loginpage.SignInPageView;

import java.util.Arrays;

import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

public class LoginController {
Expand All @@ -27,9 +30,13 @@ public void handleSignIn(SignInPageView view, String firstName, String lastName,
return;
}

String password = new String(passwordChars);
BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();
String hashedPassword = encoder.encode(password);

// Clears password char array after creating a hash.
String hashedPassword = encoder.encode(new String(passwordChars));
for (int i = 0; i < passwordChars.length; i++) {
passwordChars[0] = '0';
}

boolean success = userService.registerUser(
"Customer", firstName, lastName, email, hashedPassword);
Expand Down

0 comments on commit d792af2

Please sign in to comment.