zmiana hasla

This commit is contained in:
mikgaw@st.amu.edu.pl 2023-12-04 00:12:07 +01:00
parent 9c47e45353
commit e96f619e46
4 changed files with 231 additions and 63 deletions

View File

@ -1,13 +1,11 @@
package com.example.bsm_notatnik; package com.example.bsm_notatnik;
import androidx.annotation.NonNull;
import androidx.appcompat.app.AppCompatActivity; import androidx.appcompat.app.AppCompatActivity;
import android.content.Intent; import android.content.Intent;
import android.content.SharedPreferences; import android.content.SharedPreferences;
import android.os.Bundle; import android.os.Bundle;
import android.text.TextUtils; import android.text.TextUtils;
import android.util.Log;
import android.view.View; import android.view.View;
import android.widget.Button; import android.widget.Button;
import android.widget.EditText; import android.widget.EditText;
@ -15,17 +13,12 @@ import android.widget.ProgressBar;
import android.widget.TextView; import android.widget.TextView;
import android.widget.Toast; import android.widget.Toast;
import com.google.android.gms.tasks.OnCompleteListener; import java.nio.charset.StandardCharsets;
import com.google.android.gms.tasks.Task; import java.security.MessageDigest;
import com.google.firebase.auth.AuthResult;
import com.google.firebase.auth.FirebaseAuth;
import com.google.firebase.auth.FirebaseUser;
import java.security.NoSuchAlgorithmException; import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException; import java.security.spec.InvalidKeySpecException;
import java.security.spec.KeySpec; import java.security.spec.KeySpec;
import java.util.Base64; import java.util.Base64;
import java.util.Objects;
import javax.crypto.SecretKey; import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory; import javax.crypto.SecretKeyFactory;
@ -66,8 +59,10 @@ public class Login extends AppCompatActivity {
@Override @Override
public void onClick(View view) { public void onClick(View view) {
//progressBar.setVisibility(View.VISIBLE); //progressBar.setVisibility(View.VISIBLE);
String email, password; String email, hashedEmail, password;
email = String.valueOf(editTextEmail.getText()); email = String.valueOf(editTextEmail.getText());
hashedEmail = hashEmail(email);
password = String.valueOf(editTextPassword.getText()); password = String.valueOf(editTextPassword.getText());
if (TextUtils.isEmpty(email)){ if (TextUtils.isEmpty(email)){
@ -78,31 +73,39 @@ public class Login extends AppCompatActivity {
Toast.makeText(Login.this, "Enter password!", Toast.LENGTH_SHORT).show(); Toast.makeText(Login.this, "Enter password!", Toast.LENGTH_SHORT).show();
return; return;
} }
if (!checkIfUserExists(email)){ if (!checkIfUserExists(hashedEmail)){
Toast.makeText(Login.this, "No such username in database!", Toast.LENGTH_SHORT).show(); Toast.makeText(Login.this, "No such username in database!", Toast.LENGTH_SHORT).show();
editTextPassword.setText(""); editTextPassword.setText("");
return; return;
} }
login(email, password); login(hashedEmail, password);
//progressBar.setVisibility(View.GONE); //progressBar.setVisibility(View.GONE);
} }
}); });
} }
private boolean checkIfUserExists(String email){ private boolean checkIfUserExists(String hashedemail){
SharedPreferences sharedPreferences = getSharedPreferences(SHARED_NAME_CREDENTIALS, MODE_PRIVATE); SharedPreferences sharedPreferences = getSharedPreferences(SHARED_NAME_CREDENTIALS, MODE_PRIVATE);
return sharedPreferences.contains("user_" + email); return sharedPreferences.contains("user_" + hashedemail);
} }
private void login(String email, String password){ private String hashEmail(String email){
byte[] emailSalt = new byte[16];
emailSalt = getFirst16BytesOfHash(email);
return hashCredential(email, emailSalt);
}
private void login(String hashedemail, String password){
SharedPreferences sharedPreferences = getSharedPreferences(SHARED_NAME_CREDENTIALS, MODE_PRIVATE); SharedPreferences sharedPreferences = getSharedPreferences(SHARED_NAME_CREDENTIALS, MODE_PRIVATE);
String passwordHashFromData = sharedPreferences.getString("user_" + email, "err"); String passwordHashFromData = sharedPreferences.getString("user_" + hashedemail, "err");
byte[] salt = getSaltForUser(email);
String inputPasswordHash = hashPassword(password, salt); byte[] salt = getSaltForUser(hashedemail);
String inputPasswordHash = hashCredential(password, salt);
assert inputPasswordHash != null; assert inputPasswordHash != null;
@ -110,7 +113,7 @@ public class Login extends AppCompatActivity {
Toast.makeText(getApplicationContext(), "Login Successful", Toast.LENGTH_SHORT).show(); Toast.makeText(getApplicationContext(), "Login Successful", Toast.LENGTH_SHORT).show();
Intent intent = new Intent(getApplicationContext(), MainActivity.class); Intent intent = new Intent(getApplicationContext(), MainActivity.class);
intent.putExtra("CURRENT_USER_EMAIL", email); intent.putExtra("CURRENT_USER_EMAIL_HASH", hashedemail);
startActivity(intent); startActivity(intent);
finish(); finish();
@ -120,22 +123,22 @@ public class Login extends AppCompatActivity {
} }
} }
private byte[] getSaltForUser(String email){ private byte[] getSaltForUser(String hashedemail){
SharedPreferences sharedPreferences = getSharedPreferences(SHARED_NAME_CREDENTIALS, MODE_PRIVATE); SharedPreferences sharedPreferences = getSharedPreferences(SHARED_NAME_CREDENTIALS, MODE_PRIVATE);
String saltFromData = sharedPreferences.getString("salt_" + email, "err"); String saltFromData = sharedPreferences.getString("salt_" + hashedemail, "err");
return Base64.getDecoder().decode(saltFromData); return Base64.getDecoder().decode(saltFromData);
} }
private static String hashPassword(String password, byte[] salt){ private static String hashCredential(String credential, byte[] salt){
int iteratiions = 1000; int iteratiions = 1000;
int keyLen = 256; int keyLen = 256;
KeySpec keySpec = new PBEKeySpec(password.toCharArray(), salt, iteratiions, keyLen); KeySpec keySpec = new PBEKeySpec(credential.toCharArray(), salt, iteratiions, keyLen);
try{ try{
SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256"); SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256");
SecretKey secretKey = secretKeyFactory.generateSecret(keySpec); SecretKey secretKey = secretKeyFactory.generateSecret(keySpec);
byte[] hashedPassword = secretKey.getEncoded(); byte[] hashedCredential = secretKey.getEncoded();
return Base64.getEncoder().encodeToString(hashedPassword); return Base64.getEncoder().encodeToString(hashedCredential);
} catch (NoSuchAlgorithmException | InvalidKeySpecException e) { } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
e.printStackTrace(); e.printStackTrace();
@ -144,4 +147,25 @@ public class Login extends AppCompatActivity {
} }
private byte[] getFirst16BytesOfHash(String input){
try {
// Create MessageDigest instance for SHA-256
MessageDigest digest = MessageDigest.getInstance("SHA-256");
// Get the hash value by updating the digest with the input bytes
byte[] hashBytes = digest.digest(input.getBytes(StandardCharsets.UTF_8));
// Truncate the hash to the first 16 bytes
byte[] truncatedHash = new byte[16];
System.arraycopy(hashBytes, 0, truncatedHash, 0, 16);
return truncatedHash;
} catch (NoSuchAlgorithmException e) {
// Handle the exception (e.g., print an error message)
e.printStackTrace();
return null;
}
}
} }

View File

@ -1,7 +1,9 @@
package com.example.bsm_notatnik; package com.example.bsm_notatnik;
import android.content.DialogInterface; import android.content.DialogInterface;
import android.content.Intent; import android.content.Intent;
import android.content.SharedPreferences;
import android.os.Bundle; import android.os.Bundle;
import android.text.TextUtils;
import android.view.LayoutInflater; import android.view.LayoutInflater;
import android.view.Menu; import android.view.Menu;
import android.view.MenuItem; import android.view.MenuItem;
@ -14,12 +16,25 @@ import android.widget.Toast;
import androidx.appcompat.app.AlertDialog; import androidx.appcompat.app.AlertDialog;
import androidx.appcompat.app.AppCompatActivity; import androidx.appcompat.app.AppCompatActivity;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.KeySpec;
import java.util.Base64;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
public class MainActivity extends AppCompatActivity { public class MainActivity extends AppCompatActivity {
Button buttonLogout, buttonChangePassword; Button buttonLogout, buttonChangePassword;
private static final String SHARED_NAME_CREDENTIALS = "Credentials";
@Override @Override
protected void onCreate(Bundle savedInstanceState) { protected void onCreate(Bundle savedInstanceState) {
@ -27,7 +42,7 @@ public class MainActivity extends AppCompatActivity {
setContentView(R.layout.activity_main); setContentView(R.layout.activity_main);
Intent intent = getIntent(); Intent intent = getIntent();
String currentu_username = intent.getStringExtra("CURRENT_USER_EMAIL"); String current_username_hashed = intent.getStringExtra("CURRENT_USER_EMAIL_HASH");
buttonLogout = findViewById(R.id.btn_logout); buttonLogout = findViewById(R.id.btn_logout);
buttonChangePassword = findViewById(R.id.btn_change_password); buttonChangePassword = findViewById(R.id.btn_change_password);
@ -44,7 +59,7 @@ public class MainActivity extends AppCompatActivity {
buttonChangePassword.setOnClickListener(new View.OnClickListener() { buttonChangePassword.setOnClickListener(new View.OnClickListener() {
@Override @Override
public void onClick(View view) { public void onClick(View view) {
showPasswordChangeDialog(); showPasswordChangeDialog(current_username_hashed);
} }
}); });
@ -58,7 +73,10 @@ public class MainActivity extends AppCompatActivity {
finish(); finish();
} }
private void showPasswordChangeDialog(){
private void showPasswordChangeDialog(String hashedEmail){
// Inflate the dialog layout // Inflate the dialog layout
LayoutInflater inflater = getLayoutInflater(); LayoutInflater inflater = getLayoutInflater();
View dialogView = inflater.inflate(R.layout.password_change_dialog, null); View dialogView = inflater.inflate(R.layout.password_change_dialog, null);
@ -73,18 +91,36 @@ public class MainActivity extends AppCompatActivity {
@Override @Override
public void onClick(DialogInterface dialogInterface, int i) { public void onClick(DialogInterface dialogInterface, int i) {
// Handle password change logic here // Handle password change logic here
EditText editTextOldPassword = dialogView.findViewById(R.id.editTextOldPassword);
EditText editTextNewPassword = dialogView.findViewById(R.id.editTextNewPassword); EditText editTextNewPassword = dialogView.findViewById(R.id.editTextNewPassword);
EditText editTextConfirmPassword = dialogView.findViewById(R.id.editTextConfirmPassword); EditText editTextConfirmPassword = dialogView.findViewById(R.id.editTextConfirmPassword);
String oldPassword = editTextOldPassword.getText().toString();
String newPassword = editTextNewPassword.getText().toString(); String newPassword = editTextNewPassword.getText().toString();
String confirmPassword = editTextConfirmPassword.getText().toString(); String confirmPassword = editTextConfirmPassword.getText().toString();
if (TextUtils.isEmpty(oldPassword) || TextUtils.isEmpty(newPassword) || TextUtils.isEmpty(confirmPassword)) {
Toast.makeText(MainActivity.this, "Fill out all 3 fields!", Toast.LENGTH_SHORT).show();
return;
}
if(!validatePassword(newPassword)){
Toast.makeText(MainActivity.this, "Wrong format of new password!", Toast.LENGTH_SHORT).show();
return;
}
if(!validateOldPassword(hashedEmail, oldPassword)){
Toast.makeText(MainActivity.this, "Old password not correct!", Toast.LENGTH_SHORT).show();
return;
}
// Perform password change validation and logic // Perform password change validation and logic
if (newPassword.equals(confirmPassword)) { if (newPassword.equals(confirmPassword)) {
// Passwords match, implement your password change logic here updatePassword(hashedEmail, newPassword);
Toast.makeText(MainActivity.this, "Password Changed", Toast.LENGTH_SHORT).show();
} else { } else {
// Passwords do not match, show an error message Toast.makeText(MainActivity.this, "New passwords don't match!", Toast.LENGTH_SHORT).show();
// You can use a Toast or any other method to display the message return;
} }
} }
}); });
@ -102,5 +138,75 @@ public class MainActivity extends AppCompatActivity {
alertDialog.show(); alertDialog.show();
} }
private boolean validatePassword(String password){
final String PASSWORD_PATTERN = "^.{6,}$";
Pattern pattern = Pattern.compile(PASSWORD_PATTERN);
Matcher matcher = pattern.matcher(password);
return matcher.matches();
}
private void updatePassword(String hashedEmail, String newPassword){
SharedPreferences sharedPreferences = getSharedPreferences(SHARED_NAME_CREDENTIALS, MODE_PRIVATE);
SharedPreferences.Editor editor = sharedPreferences.edit();
byte[] newSalt = generateSalt();
String newSaltString = Base64.getEncoder().encodeToString(newSalt);
editor.putString("salt_" + hashedEmail, newSaltString);
String hashedNewPassword = hashCredential(newPassword, newSalt);
editor.putString("user_" + hashedEmail, hashedNewPassword);
editor.apply();
}
private boolean validateOldPassword(String hashedEmail, String oldPassword){
byte[] salt = getSaltForUser(hashedEmail);
String hashedOldPassword = hashCredential(oldPassword, salt);
String hashedCorrectPassword = getPasswordFromShared(hashedEmail);
assert hashedOldPassword != null;
if (hashedOldPassword.equals(hashedCorrectPassword)){
return true;
} else {
return false;
}
}
private byte[] getSaltForUser(String hashedEmail){
SharedPreferences sharedPreferences = getSharedPreferences(SHARED_NAME_CREDENTIALS, MODE_PRIVATE);
String saltFromData = sharedPreferences.getString("salt_" + hashedEmail, "err");
return Base64.getDecoder().decode(saltFromData);
}
private String getPasswordFromShared(String hashedEmail){
SharedPreferences sharedPreferences = getSharedPreferences(SHARED_NAME_CREDENTIALS, MODE_PRIVATE);
return sharedPreferences.getString("user_" + hashedEmail, "err");
}
private static byte[] generateSalt(){
SecureRandom random = new SecureRandom();
byte[] salt = new byte[16];
random.nextBytes(salt);
return salt;
}
private static String hashCredential(String credential, byte[] salt){
int iteratiions = 1000;
int keyLen = 256;
KeySpec keySpec = new PBEKeySpec(credential.toCharArray(), salt, iteratiions, keyLen);
try{
SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256");
SecretKey secretKey = secretKeyFactory.generateSecret(keySpec);
byte[] hashedCredential = secretKey.getEncoded();
return Base64.getEncoder().encodeToString(hashedCredential);
} catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
e.printStackTrace();
return null;
}
}
} }

View File

@ -2,12 +2,10 @@ package com.example.bsm_notatnik;
import androidx.appcompat.app.AppCompatActivity; import androidx.appcompat.app.AppCompatActivity;
import android.content.Context;
import android.content.Intent; import android.content.Intent;
import android.content.SharedPreferences; import android.content.SharedPreferences;
import android.os.Bundle; import android.os.Bundle;
import android.text.TextUtils; import android.text.TextUtils;
import android.util.Log;
import android.view.View; import android.view.View;
import android.widget.Button; import android.widget.Button;
import android.widget.EditText; import android.widget.EditText;
@ -17,13 +15,15 @@ import android.widget.Toast;
import javax.crypto.SecretKey; import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory; import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec; import javax.crypto.spec.PBEKeySpec;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException; import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom; import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException; import java.security.spec.InvalidKeySpecException;
import java.security.spec.KeySpec; import java.security.spec.KeySpec;
import java.util.Base64; import java.util.Base64;
import java.security.SecureRandom;
import java.util.regex.Matcher; import java.util.regex.Matcher;
import java.util.regex.Pattern; import java.util.regex.Pattern;
@ -67,7 +67,8 @@ public class Register extends AppCompatActivity {
@Override @Override
public void onClick(View view) { public void onClick(View view) {
//progressBar.setVisibility(View.VISIBLE); //progressBar.setVisibility(View.VISIBLE);
String email, password; String email, hashedEmail, password, hashedPassword;
email = String.valueOf(editTextEmail.getText()); email = String.valueOf(editTextEmail.getText());
password = String.valueOf(editTextPassword.getText()); password = String.valueOf(editTextPassword.getText());
@ -81,8 +82,11 @@ public class Register extends AppCompatActivity {
Toast.makeText(Register.this, "Enter password!", Toast.LENGTH_SHORT).show(); Toast.makeText(Register.this, "Enter password!", Toast.LENGTH_SHORT).show();
return; return;
} }
hashedEmail = hashEmail(email);
//checks if given username is already registered in database //checks if given username is already registered in database
if (checkIfUserExists(email)){ if (checkIfUserExists(hashedEmail)){
editTextEmail.setText(""); editTextEmail.setText("");
editTextPassword.setText(""); editTextPassword.setText("");
Toast.makeText(Register.this, "Account with this username already exists!", Toast.LENGTH_SHORT).show(); Toast.makeText(Register.this, "Account with this username already exists!", Toast.LENGTH_SHORT).show();
@ -101,11 +105,13 @@ public class Register extends AppCompatActivity {
} }
byte[] salt = generateSalt();
saveSaltForUser(email, salt);
String hashPassword = hashPassword(password, salt); byte[] salt = generateSalt();
saveNewUser(email, hashPassword); saveSaltForUser(hashedEmail, salt);
hashedPassword = hashCredential(password, salt);
saveNewUser(hashedEmail, hashedPassword);
Toast.makeText(Register.this, "Konto utworzone z email: " + email + " oraz hasłem: " + password, Toast.LENGTH_SHORT).show(); Toast.makeText(Register.this, "Konto utworzone z email: " + email + " oraz hasłem: " + password, Toast.LENGTH_SHORT).show();
editTextEmail.setText(""); editTextEmail.setText("");
@ -115,16 +121,10 @@ public class Register extends AppCompatActivity {
} }
private void saveNewUser(String email, String password){
SharedPreferences sharedPreferences = getSharedPreferences(SHARED_NAME_CREDENTIALS, MODE_PRIVATE);
SharedPreferences.Editor editor = sharedPreferences.edit();
editor.putString("user_" + email, password);
editor.apply();
}
private boolean checkIfUserExists(String email){ private boolean checkIfUserExists(String hashedemail){
SharedPreferences sharedPreferences = getSharedPreferences(SHARED_NAME_CREDENTIALS, MODE_PRIVATE); SharedPreferences sharedPreferences = getSharedPreferences(SHARED_NAME_CREDENTIALS, MODE_PRIVATE);
return sharedPreferences.contains("user_" + email); return sharedPreferences.contains("user_" + hashedemail);
} }
private boolean validateEmail(String email){ private boolean validateEmail(String email){
@ -143,13 +143,11 @@ public class Register extends AppCompatActivity {
return matcher.matches(); return matcher.matches();
} }
private void saveSaltForUser(String email, byte[] salt){ private String hashEmail(String email){
SharedPreferences sharedPreferences = getSharedPreferences(SHARED_NAME_CREDENTIALS, MODE_PRIVATE); byte[] emailSalt;
SharedPreferences.Editor editor = sharedPreferences.edit(); emailSalt = getFirst16BytesOfHash(email);
String saltString = Base64.getEncoder().encodeToString(salt); return hashCredential(email, emailSalt);
editor.putString("salt_" + email, saltString);
editor.apply();
} }
private static byte[] generateSalt(){ private static byte[] generateSalt(){
@ -159,16 +157,34 @@ public class Register extends AppCompatActivity {
return salt; return salt;
} }
private static String hashPassword(String password, byte[] salt){ private void saveSaltForUser(String hashedemail, byte[] salt){
SharedPreferences sharedPreferences = getSharedPreferences(SHARED_NAME_CREDENTIALS, MODE_PRIVATE);
SharedPreferences.Editor editor = sharedPreferences.edit();
String saltString = Base64.getEncoder().encodeToString(salt);
editor.putString("salt_" + hashedemail, saltString);
editor.apply();
}
private void saveNewUser(String hashedemail, String password){
SharedPreferences sharedPreferences = getSharedPreferences(SHARED_NAME_CREDENTIALS, MODE_PRIVATE);
SharedPreferences.Editor editor = sharedPreferences.edit();
editor.putString("user_" + hashedemail, password);
editor.apply();
}
private static String hashCredential(String credential, byte[] salt){
int iteratiions = 1000; int iteratiions = 1000;
int keyLen = 256; int keyLen = 256;
KeySpec keySpec = new PBEKeySpec(password.toCharArray(), salt, iteratiions, keyLen); KeySpec keySpec = new PBEKeySpec(credential.toCharArray(), salt, iteratiions, keyLen);
try{ try{
SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256"); SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256");
SecretKey secretKey = secretKeyFactory.generateSecret(keySpec); SecretKey secretKey = secretKeyFactory.generateSecret(keySpec);
byte[] hashedPassword = secretKey.getEncoded(); byte[] hashedCredential = secretKey.getEncoded();
return Base64.getEncoder().encodeToString(hashedPassword); return Base64.getEncoder().encodeToString(hashedCredential);
} catch (NoSuchAlgorithmException | InvalidKeySpecException e) { } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
e.printStackTrace(); e.printStackTrace();
@ -176,5 +192,25 @@ public class Register extends AppCompatActivity {
} }
} }
private byte[] getFirst16BytesOfHash(String input){
try {
// Create MessageDigest instance for SHA-256
MessageDigest digest = MessageDigest.getInstance("SHA-256");
// Get the hash value by updating the digest with the input bytes
byte[] hashBytes = digest.digest(input.getBytes(StandardCharsets.UTF_8));
// Truncate the hash to the first 16 bytes
byte[] truncatedHash = new byte[16];
System.arraycopy(hashBytes, 0, truncatedHash, 0, 16);
return truncatedHash;
} catch (NoSuchAlgorithmException e) {
// Handle the exception (e.g., print an error message)
e.printStackTrace();
return null;
}
}
} }

View File

@ -5,6 +5,13 @@
android:orientation="vertical" android:orientation="vertical"
android:padding="16dp"> android:padding="16dp">
<EditText
android:id="@+id/editTextOldPassword"
android:layout_width="match_parent"
android:layout_height="wrap_content"
android:hint="Enter Old Password"
android:inputType="textPassword"/>
<EditText <EditText
android:id="@+id/editTextNewPassword" android:id="@+id/editTextNewPassword"
android:layout_width="match_parent" android:layout_width="match_parent"
@ -19,10 +26,5 @@
android:hint="Confirm New Password" android:hint="Confirm New Password"
android:inputType="textPassword"/> android:inputType="textPassword"/>
<Button
android:id="@+id/btnChangePassword"
android:layout_width="match_parent"
android:layout_height="wrap_content"
android:text="Change Password"/>
</LinearLayout> </LinearLayout>