diff --git a/src/de/deadlocker8/budgetmaster/logic/Helpers.java b/src/de/deadlocker8/budgetmaster/logic/Helpers.java index a3761e796fd6ad0bd0a435ffe141d0d397e9fa34..46cbd7e69215357f7aad1354fc9e775767fcc054 100644 --- a/src/de/deadlocker8/budgetmaster/logic/Helpers.java +++ b/src/de/deadlocker8/budgetmaster/logic/Helpers.java @@ -9,6 +9,7 @@ import java.time.format.DateTimeFormatter; public class Helpers { public static final DecimalFormat NUMBER_FORMAT = new DecimalFormat("0.00"); + public static final String SALT = "ny9/Y+G|WrJ,82|oIYQQ X %i-sq#4,uA-qKPtwFPnw+s(k2`rV)^-a1|t{D3Z>S"; public static String getURLEncodedString(String input) { diff --git a/src/de/deadlocker8/budgetmaster/ui/SettingsController.java b/src/de/deadlocker8/budgetmaster/ui/SettingsController.java index c477c8574241863b1a7f5801b941efaa8736222d..b59ac2dedbe534a3ab3ab8f4869bd6d72c011d47 100644 --- a/src/de/deadlocker8/budgetmaster/ui/SettingsController.java +++ b/src/de/deadlocker8/budgetmaster/ui/SettingsController.java @@ -4,6 +4,7 @@ import java.io.IOException; import java.util.ArrayList; import java.util.Optional; +import de.deadlocker8.budgetmaster.logic.Helpers; import de.deadlocker8.budgetmaster.logic.ServerConnection; import de.deadlocker8.budgetmaster.logic.Settings; import de.deadlocker8.budgetmaster.logic.Utils; @@ -27,6 +28,7 @@ import logger.Logger; import tools.AlertGenerator; import tools.BASE58Type; import tools.ConvertTo; +import tools.HashUtils; import tools.RandomCreations; import tools.Worker; @@ -128,7 +130,7 @@ public class SettingsController if(controller.getSettings() != null) { controller.getSettings().setUrl(url); - controller.getSettings().setSecret(secret); + controller.getSettings().setSecret(HashUtils.hash(secret, Helpers.SALT)); controller.getSettings().setCurrency(currency); controller.getSettings().setRestActivated(radioButtonRestActivated.isSelected()); controller.getSettings().setTrustedHosts(trustedHosts); @@ -137,7 +139,7 @@ public class SettingsController { Settings settings = new Settings(); settings.setUrl(url); - settings.setSecret(secret); + settings.setSecret(HashUtils.hash(secret, Helpers.SALT)); settings.setCurrency(currency); settings.setRestActivated(radioButtonRestActivated.isSelected()); settings.setTrustedHosts(trustedHosts); diff --git a/src/de/deadlocker8/budgetmasterserver/server/SparkServer.java b/src/de/deadlocker8/budgetmasterserver/server/SparkServer.java index 62aea0bf86195a23219742d1af73105f4d776270..0b47774b2edfef2f779f49321665d32101dedead 100644 --- a/src/de/deadlocker8/budgetmasterserver/server/SparkServer.java +++ b/src/de/deadlocker8/budgetmasterserver/server/SparkServer.java @@ -17,6 +17,7 @@ import org.joda.time.DateTime; import com.google.gson.Gson; import com.google.gson.GsonBuilder; +import de.deadlocker8.budgetmaster.logic.Helpers; import de.deadlocker8.budgetmasterserver.main.DatabaseHandler; import de.deadlocker8.budgetmasterserver.main.Settings; import de.deadlocker8.budgetmasterserver.server.category.CategoryAdd; @@ -39,6 +40,7 @@ import de.deadlocker8.budgetmasterserver.server.updater.RepeatingPaymentUpdater; import logger.Logger; import spark.Spark; import spark.route.RouteOverview; +import tools.HashUtils; public class SparkServer { @@ -78,7 +80,7 @@ public class SparkServer String clientSecret = request.queryMap("secret").value(); - if(clientSecret == null || !clientSecret.equals(settings.getServerSecret())) + if(clientSecret == null || !clientSecret.equals(HashUtils.hash(settings.getServerSecret(), Helpers.SALT))) { halt(401, "Unauthorized"); }