Implement Argon2Password Encoder to login/register

Author: KangDroid

build.gradle.kts

@@ -92,6 +92,9 @@ dependencies {
 	implementation("io.jsonwebtoken:jjwt-impl:0.11.2")
 	implementation("io.jsonwebtoken:jjwt-jackson:0.11.2")
 
+	// Argon2 Related
+	implementation("org.bouncycastle:bcprov-jdk15on:1.64")
+
 	// Spring Annotation Processor
 	compileOnly("org.springframework.boot:spring-boot-configuration-processor")
 

src/main/kotlin/com/mptsix/todaydiary/security/PasswordEncryptorService.kt

@@ -0,0 +1,19 @@
+package com.mptsix.todaydiary.security
+
+import org.springframework.security.crypto.argon2.Argon2PasswordEncoder
+import org.springframework.stereotype.Service
+
+@Service
+class PasswordEncryptorService {
+    private val argon2PasswordEncoder: Argon2PasswordEncoder = Argon2PasswordEncoder(
+        16, 32, 1, 4096, 5
+    )
+
+    fun encodePlainText(plainInput: String): String {
+        return argon2PasswordEncoder.encode(plainInput)
+    }
+
+    fun isMatching(plainInput: String, encodedPassword: String): Boolean {
+        return argon2PasswordEncoder.matches(plainInput, encodedPassword)
+    }
+}

src/main/kotlin/com/mptsix/todaydiary/service/UserService.kt

@@ -13,6 +13,7 @@ import com.mptsix.todaydiary.error.exception.ConflictException
 import com.mptsix.todaydiary.error.exception.ForbiddenException
 import com.mptsix.todaydiary.error.exception.NotFoundException
 import com.mptsix.todaydiary.security.JWTTokenProvider
+import com.mptsix.todaydiary.security.PasswordEncryptorService
 import org.bson.BsonBinarySubType
 import org.bson.types.Binary
 import org.slf4j.Logger
@@ -24,7 +25,8 @@ import kotlin.streams.toList
 @Service
 class UserService(
     private val userRepository: UserRepository,
-    private val jwtTokenProvider: JWTTokenProvider
+    private val jwtTokenProvider: JWTTokenProvider,
+    private val passwordEncryptorService: PasswordEncryptorService
 ) {
     // Logger
     private val logger: Logger = LoggerFactory.getLogger(this::class.java)
@@ -61,7 +63,7 @@ class UserService(
         }
 
         // Register
-        val registeredUser: User = userRepository.addUser(userRegisterRequest.toUser())
+        val registeredUser: User = userRepository.addUser(userRegisterRequest.toUser().apply {userPassword = passwordEncryptorService.encodePlainText(userRegisterRequest.userPassword)})
         return UserRegisterResponse(
             registeredId = registeredUser.userId
         )
@@ -73,7 +75,7 @@ class UserService(
             throw NotFoundException("Cannot find userid: ${loginRequest.userId}")
         }
         val user: User = userRepository.findByUserId(loginRequest.userId)
-        if (user.userPassword != loginRequest.userPassword) {
+        if (!passwordEncryptorService.isMatching(loginRequest.userPassword, user.userPassword)) {
             logger.error("Username is correct, but user password is not found!")
             throw ForbiddenException("Username is correct, but user password is not correct!")
         }

src/test/kotlin/com/mptsix/todaydiary/service/UserServiceTest.kt

@@ -175,6 +175,7 @@ internal class UserServiceTest {
         runCatching {
             userService.loginUser(loginRequest)
         }.onFailure {
+            println(it.stackTraceToString())
             fail("We registered user, but login failed?")
         }.onSuccess {
             assertThat(it.userToken).isNotEqualTo("")