From bc853b03e3947013758158f3596c3b7e1333a93d Mon Sep 17 00:00:00 2001 From: dankito Date: Tue, 13 Oct 2020 17:26:58 +0200 Subject: [PATCH] Implemented that in case of AuthenticationType.Password as database password + "_" + is used --- .../authentication/AuthenticationService.kt | 38 +++++++++++-------- 1 file changed, 22 insertions(+), 16 deletions(-) diff --git a/ui/BankingAndroidApp/src/main/java/net/dankito/banking/ui/android/authentication/AuthenticationService.kt b/ui/BankingAndroidApp/src/main/java/net/dankito/banking/ui/android/authentication/AuthenticationService.kt index c0191641..f68c4664 100644 --- a/ui/BankingAndroidApp/src/main/java/net/dankito/banking/ui/android/authentication/AuthenticationService.kt +++ b/ui/BankingAndroidApp/src/main/java/net/dankito/banking/ui/android/authentication/AuthenticationService.kt @@ -56,7 +56,9 @@ open class AuthenticationService( open fun authenticateUserWithPassword(enteredPassword: String): Boolean { if (isCorrectUserPassword(enteredPassword)) { - return openDatabase(enteredPassword) + loadAuthenticationSettings()?.let { settings -> + return openDatabase(settings, enteredPassword) + } } return false @@ -117,19 +119,24 @@ open class AuthenticationService( ?: run { result(false) } } - protected open fun openDatabase(settings: AuthenticationSettings) { - if (settings.type == AuthenticationType.None) { - settings.defaultPassword?.let { encryptedPassword -> - settings.initializationVector?.let { iv -> - settings.salt?.let { salt -> - val decrypted = cryptographyManager.decryptDataWithPbe(decodeFromBase64(encryptedPassword), DefaultPasswordEncryptionKey, - decodeFromBase64(iv), decodeFromBase64(salt)) + protected open fun openDatabase(settings: AuthenticationSettings, userPassword: String? = null): Boolean { + settings.defaultPassword?.let { encryptedPassword -> + settings.initializationVector?.let { iv -> + settings.salt?.let { salt -> + val defaultPassword = cryptographyManager.decryptDataWithPbe(decodeFromBase64(encryptedPassword), DefaultPasswordEncryptionKey, + decodeFromBase64(iv), decodeFromBase64(salt)) - openDatabase(decrypted) + if (userPassword != null) { + return openDatabase(userPassword + "_" + defaultPassword) + } + else { + return openDatabase(defaultPassword) } } } } + + return false } protected open fun openDatabase(password: String?): Boolean { @@ -167,18 +174,17 @@ open class AuthenticationService( settings.initializationVector = encodeToBase64(encryptionCipher.iv) } } - else if (type == AuthenticationType.Password) { - if (newUserPassword != null) { - settings.hashedUserPassword = BCrypt.withDefaults().hashToString(12, newUserPassword.toCharArray()) - newDatabasePassword = newUserPassword - } - } - else if (type == AuthenticationType.None) { + else { val salt = cryptographyManager.generateRandomBytes(8) val (encryptedPassword, iv) = cryptographyManager.encryptDataWithPbe(newDefaultPassword, DefaultPasswordEncryptionKey, salt) settings.defaultPassword = encodeToBase64(encryptedPassword) settings.initializationVector = encodeToBase64(iv) settings.salt = encodeToBase64(salt) + + if (newUserPassword != null) { + settings.hashedUserPassword = BCrypt.withDefaults().hashToString(12, newUserPassword.toCharArray()) + newDatabasePassword = newUserPassword + "_" + newDefaultPassword + } } if (persistence.changePassword(newDatabasePassword)) {