package com.ambientideas.saltedpassword;
import java.util.Date;
import org.apache.log4j.Logger;
import org.hibernate.Session;
import org.hibernate.criterion.Example;
import com.ambientideas.saltedpassword.util.HibernateUtil;
public class UserAccountManager {
static final Logger log = Logger.getLogger(UserAccountManager.class);
public void createAndStoreUserAccount(String userName, String password, String emailAddress) {
Session session = HibernateUtil.getSessionFactory().getCurrentSession();
session.beginTransaction();
UserAccount theNewUser = new UserAccount();
theNewUser.setUsername(userName);
String randomSalt = HashUtils.randomSalt();
String passwordHash = HashUtils.hash(randomSalt + password);
theNewUser.setPasswordHash(passwordHash);
theNewUser.setEmailAddress(emailAddress);
theNewUser.setRandomSalt(randomSalt);
theNewUser.setAccountCreationDate(new Date());
session.save(theNewUser);
session.getTransaction().commit();
}
public boolean validateLoginUserAccount(String userName, String password, String emailAddress) {
boolean loginSuccessful = false;
Session session = HibernateUtil.getSessionFactory().getCurrentSession();
session.beginTransaction();
UserAccount exampleUserAccount = new UserAccount();
exampleUserAccount.setUsername(userName);
UserAccount ua = (UserAccount) session.createCriteria(UserAccount.class).add( Example.create(exampleUserAccount)).list().get(0);
session.getTransaction().commit();
if (ua != null) {
log.debug(ua);
//Test password validity
String hashWithSalt = HashUtils.hash(ua.getRandomSalt() + password);
if (hashWithSalt.equals(ua.getPasswordHash())) {
loginSuccessful = true;
}
}
return loginSuccessful;
}
}