Implement Argon2 password hashing and verification in user management

This commit is contained in:
fourbites
2025-08-18 23:52:41 +02:00
parent f0c392c331
commit 802ec201fa
4 changed files with 124 additions and 3 deletions
@@ -1589,7 +1589,7 @@ public class OOOUserRepository extends UserRepository
String[] usersSchema = {
"userId INTEGER(10) PRIMARY KEY NOT NULL AUTO_INCREMENT",
"username VARCHAR(255) NOT NULL",
"password VARCHAR(32) NOT NULL",
"password VARCHAR(128) NOT NULL",
"email VARCHAR(128) NOT NULL",
"realname VARCHAR(128) NOT NULL",
"created DATE NOT NULL",
@@ -1605,6 +1605,12 @@ public class OOOUserRepository extends UserRepository
};
JDBCUtil.createTableIfMissing(conn, "users", usersSchema, "");
// give the password a longer length to allow more secure hashing
int passwordLength = JDBCUtil.getColumnSize(conn, "users", "password");
if (passwordLength < 128) {
JDBCUtil.changeColumn(conn, "users", "password", "password VARCHAR(128) NOT NULL");
}
String[] historySchema = {
"userId INTEGER(10) PRIMARY KEY NOT NULL",
"username VARCHAR(255) NOT NULL",