From d792af2e54bcea8079e757e76ae04740e9de9be2 Mon Sep 17 00:00:00 2001
From: Lucy Ciara Herud-Thomassen <86323303+LucyCiara@users.noreply.github.com>
Date: Tue, 14 Apr 2026 14:19:21 +0200
Subject: [PATCH] update[LoginController]: improve password handling by
 clearing passward char array, and by not saving a password String as a
 variable

---
 .../java/edu/group5/app/control/LoginController.java  | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/src/main/java/edu/group5/app/control/LoginController.java b/src/main/java/edu/group5/app/control/LoginController.java
index cdd5b5f..2a860c9 100644
--- a/src/main/java/edu/group5/app/control/LoginController.java
+++ b/src/main/java/edu/group5/app/control/LoginController.java
@@ -5,6 +5,9 @@
 import edu.group5.app.model.user.UserService;
 import edu.group5.app.view.loginpage.LoginPageView;
 import edu.group5.app.view.loginpage.SignInPageView;
+
+import java.util.Arrays;
+
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 
 public class LoginController {
@@ -27,9 +30,13 @@ public void handleSignIn(SignInPageView view, String firstName, String lastName,
       return;
     }
 
-    String password = new String(passwordChars);
     BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();
-    String hashedPassword = encoder.encode(password);
+
+    // Clears password char array after creating a hash.
+    String hashedPassword = encoder.encode(new String(passwordChars));
+    for (int i = 0; i < passwordChars.length; i++) {
+      passwordChars[0] = '0';
+    }
 
     boolean success = userService.registerUser(
         "Customer", firstName, lastName, email, hashedPassword);