Use Bcrypt for password encoding/checking

src/main/java/org/tb/mobile/LoginMobileAction.java

@@ -26,28 +26,10 @@ public ActionForward execute(ActionMapping mapping, ActionForm form, HttpServlet
         boolean isValid = false;
         String username = request.getParameter("username");
         String password = request.getParameter("password");
-        Employee loginEmployee = employeeDAO.getLoginEmployee(username);
+        Employee employee = employeeDAO.getLoginEmployee(username);
 
-        boolean passwordMatches = loginEmployee != null && SecureHashUtils.passwordMatches(
-            password,
-            loginEmployee.getPassword()
-        );
-        if (!passwordMatches) {
-            boolean legacyPasswordMatches = loginEmployee != null && SecureHashUtils.legacyPasswordMatches(
-                password, loginEmployee.getPassword()
-            );
-            if (legacyPasswordMatches) {
-                // employee still has old password form
-                // store password again with new hashing algorithm
-                Employee em = employeeDAO.getEmployeeById(loginEmployee.getId());
-                em.changePassword(password);
-                loginEmployee.changePassword(password);
-                employeeDAO.save(em, loginEmployee);
-                passwordMatches = true;
-            }
-        }
-        if (loginEmployee != null && passwordMatches) {
-            long employeeId = loginEmployee.getId();
+        if (employee != null && SecureHashUtils.passwordMatches(password, employee.getPassword())) {
+            long employeeId = employee.getId();
             isValid = true;
             Date date = new Date();
             Long employeecontractId = employeecontractDAO.getEmployeeContractByEmployeeIdAndDate(employeeId, date).getId();

src/main/java/org/tb/util/SecureHashUtils.java

@@ -5,15 +5,14 @@
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
-import org.tb.exception.LogicException;
 
 @Slf4j
 public class SecureHashUtils {
-
+    
     private static final int COMPLEXITY = 10;
-
+    
     private SecureHashUtils() {}
-
+    
     public static String encodePassword(String password) {
         PasswordEncoder encoder = new BCryptPasswordEncoder(COMPLEXITY);
         return encoder.encode(password);
@@ -24,10 +23,6 @@ public static boolean passwordMatches(String enteredPassword, String hashedPassw
         return encoder.matches(enteredPassword, hashedPassword);
     }
 
-    public static boolean legacyPasswordMatches(String enteredPassword, String md5HashedPassword) {
-        return makeMD5(enteredPassword).equals(md5HashedPassword);
-    }
-
     /**
      * Makes a md5-hash for a given string.
      *
@@ -43,8 +38,8 @@ public static String makeMD5(String text) {
             md = MessageDigest.getInstance("MD5");        // getting a 'MD5-Instance'
             encryptMsg = md.digest(text.getBytes());    // solving the MD5-Hash
         } catch (NoSuchAlgorithmException e) {
-            log.error("MD5 not supported!", e);
-            throw new LogicException("MD5 not supported", e);
+            System.out.println("No Such Algorithm Exception!");
+            return "";
         }
 
         String swap = "";        // swap-string for the result