JPA - Java Spring Boot - problems finding account with password encoding?

Question

I am new to JPA - I've started to build a user system and added the encoding bean to my pom.

When I do a search on the table for just an email address - it finds the user and comes back with the data.

TblLogin acc = tblLoginRepository.findByEmail(email);  

and the repo I have for this is as follows.

public interface TblLoginRepository extends JpaRepository<TblLogin, String> {
    TblLogin findByEmail(String email) throws Exception;
}

-- when I try and do a look up with the password encoded it doesn't find the user - and I am not sure why as the data appears correct?

with password

TblLogin checkAccount = tblLoginRepository.findByEmailAndPassword(email,passwordEncoder.encode(password));

repo2

public interface TblLoginRepository extends JpaRepository<TblLogin, String> {
    TblLogin findByEmail(String email) throws Exception;
    TblLogin findByEmailAndPassword(String email, String password) throws Exception;
}

--

is it because my type for password has changed? - should it be checking for something else...

Answer 1

I don't exactly know how you did implement it. Make sure about few things while implementing that functionality.

1 - register PasswordEncoder bean:

public PassordEncoder encoder() {
     return new BCryptPasswordEncoder(11, new SecureRandom("seed".getBytes("UTF-8)));
}

depend on custom "seed" (for security reasons)

2 - make sure you are encoding within same character charset. As said earlier... I do not know HOW you retrieve your password that you are hashing. Give a try construction (ugly) as follows:

 String passwordToHash = new String(password.getBytes("UTF-8"));

3 - How do you store hash in your DB? Can you verify whether hash that you generate during "save" process and the one you are having stored after that process is the same?

Hope it helps.