I'm developing my own spring (java) web-app, which include owncloud as a file manager now. And I want to use a single table for authentication, based on the Owncloud tables such as oc_users, oc_groups and oc_group_user.
First problem I have got, that the password stored as a hash. OK, after some searches, I realized that the "$2y" is id, which means method bcrypt (Blowfish); that the "$10" is the cost factor, and everything else are "salt" plus hash.
But if I understand correctly, bcrypt use dynamic salt, and I don't know, where I must use 'passwordsalt' from config.php?
To sum up:
1) I get some login text + password in my app;
2) With the help of some hash-method I get "newHash"; (How?)
3) I compare it with "storedHash" from DB;
4) ... some profit.
So, can you give me a little help with that problem please.
Some upd.
I have found files Database.php and Hasher.php (IHasher) and methods "checkPassword", "setPassword" and "createUser". And also I've found some recomendation for v5.0, but this methods in the file Database.php were currently updated like:
public function createUser($uid, $password) {
if (!$this->userExists($uid)) {
- $hasher = $this->getHasher();
- $hash = $hasher->HashPassword($password . OC_Config::getValue('passwordsalt', ''));
$query = OC_DB::prepare('INSERT INTO `*PREFIX*users` ( `uid`, `password` ) VALUES( ?, ? )');
- $result = $query->execute(array($uid, $hash));
+ $result = $query->execute(array($uid, \OC::$server->getHasher()->hash($password)));
return $result ? true : false;
}So, if earlier I could change the hash method like with adding something like $hash = MD5($password);, now I have no idea, what do with this thing.