Login with Play! framework

Navigation
1

I'm trying to create a system login but I have the following problem: 

public Result salvaNovoUsuario() {
    Form<Usuario> formulario = 
    formularios.form(Usuario.class).bindFromRequest();

    if (validadorDeUsuario.temErros(formulario)) {
        flash("danger", "Existem erros no preenchimento do cadastro");
        return badRequest(formularioDeNovoUsuario.render(formulario));
    }

    Usuario usuario = formulario.get();
    String criptoSenha = BCrypt.hashpw(usuario.getSenha(), 
    BCrypt.gensalt(-1));
    usuario.setSenha(criptoSenha);
    usuario.save();
    TokenDeCadastro token = new TokenDeCadastro(usuario);
    token.save();
    enviador.send(new EmailDeCadastro(token));
    flash("success", "Um email foi enviado para confirmar seu cadastro!");
    return redirect(routes.UsuarioController.formularioDeNovoUsuario());
}

This method works and saves an encrypted password to the bank, but at login it happens it generates a random hash so I can not log in. 

public Result fazLogin() {
    DynamicForm formulario = formularios.form().bindFromRequest();
    String email = formulario.get("email");
    String senha = BCrypt.hashpw(formulario.get("senha"), BCrypt.gensalt());
    Optional<Usuario> possivelUsuario = usuarioDAO.comEmailESenha(email, 
    senha);
    if (possivelUsuario.isPresent()) {
        Usuario usuario = possivelUsuario.get();
        if (usuario.isVerificado()) {
            session(AUTH, usuario.getEmail());
            usuario.update();
            flash("success", "Login foi efetuado com sucesso!");
            return redirect(routes.UsuarioController.painel());
        }
        else {
            flash("warning", "Usuario ainda nao confirmado! Confirma seu 
     email!");
        }
    }
    else {
        flash("danger", "Credenciais invalidas!");
    }
    return redirect(routes.UsuarioController.formularioDeLogin());
}

Is there a way to save the password that has been set and use it in login since I will never have the same hash?

    
asked by anonymous 27.06.2017 / 20:23

1 answer

1

I discovered the solution, generating a static salt by passing a String: 

public static String salt = "string aleatória";

Or do not have hash during login: 

public Result fazLogin() {
    DynamicForm formulario = formularios.form().bindFromRequest();
    String email = formulario.get("email");
    String senha = formulario.get("senha");

    Optional<Usuario> possivelUsuario = usuarioDAO.comEmail(email);

    if (possivelUsuario.isPresent()) {
        Usuario usuario = possivelUsuario.get();
        if (usuario.isVerificado() && BCrypt.checkpw(senha, usuario.getSenha())) {
            session(AUTH, usuario.getEmail());
            flash("success", "Login foi efetuado com sucesso!");
            return redirect(routes.UsuarioController.painel());
        }
        else if(!usuario.isVerificado()){
            flash("warning", "Usuario ainda nao confirmado! Confirma seu email!");
        }
    }
    else {
        flash("danger", "Credenciais invalidas!");
    }
    return redirect(routes.UsuarioController.formularioDeLogin());
}
    
28.06.2017 / 19:17
JavaScript - formatMoney - How to use FILE PHP editing image and information coming with POST