spring boot using BcryptPasswordEncoder , the passwords are not matching

Question

Spring boot application, user want to change the password after login but i the function is not changing the password.

    @PostMapping("/settings/passwordupdate")
    public String PasswordUpdate(@RequestParam("oldPassword") String oldPassword,
            @RequestParam("newPassword") String newPassword, Principal principal) {

         
        String userName = principal.getName();
        User currentUser = serviceUserDetail.findByUserName(userName);
        final BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
        System.out.println(newPassword + " ||||  " + passwordEncoder.encode(currentUser.getPassword()));    
        if (passwordEncoder.matches(oldPassword, passwordEncoder.encode(currentUser.getPassword()))) {
             
            System.out.print("match");
            
        } else {
            System.out.print("not match");
        }
        return "redirect:/";
    }

the result is

pass ||||  $2a$10$Y3JMpBg/3l4SHJY/X8XRS.O3vLxr64iLLoLY3r933irwsnrvCIr2q
not match---------------

while i can login via the password "pass" which means the password is okey

Might be that one of them are too salty:P stackoverflow.com/questions/25844419/… — Siavash Renani
– Siavash Renani, Commented Apr 11, 2021 at 16:06

İsmail Y. · Accepted Answer · 2021-04-11 17:08:30Z

0

You cannot match the new password with the old password encoded again. You can match the old password in the parameter with the current password.

You can try it like this:

if (passwordEncoder.matches(oldPassword, currentUser.getPassword())) {
    String encodedNewPassword = passwordEncoder.encode(newPassword);
    // Store encoded new password..
}

See also BCryptPasswordEncoder.matches(java.lang.CharSequence rawPassword, java.lang.String encodedPassword)

edited Apr 11, 2021 at 17:08

answered Apr 11, 2021 at 16:41

İsmail Y.

3,9956 gold badges25 silver badges35 bronze badges

Sign up to request clarification or add additional context in comments.

2 Comments

SAR Over a year ago

so how i can check if the password provide is same as old password in the database

İsmail Y. Over a year ago

Send user's current password to matches method after oldPassword. Example: passwordEncoder.matches(oldPassword, currentUser.getPassword())

Collectives™ on Stack Overflow

spring boot using BcryptPasswordEncoder , the passwords are not matching

1 Answer 1

2 Comments

Your Answer

Linked

Hot Network Questions

Collectives™ on Stack Overflow

1 Answer 1

2 Comments

Your Answer

Sign up or log in

Post as a guest

Linked

Related