Decode the Bcrypt encoded password in Spring Security to deactivate user account

BCryptPasswordEncoder bcrypt = new BCryptPasswordEncoder();  
boolean isPasswordMatches = bcrypt.matches(userenteredpasswordWithotEncryoted, encryptedPasswordFromDb);

Example:

boolean isPasswordMatches = bcrypt.matches(
        "Truck123",
        "$2a$10$kcVH3Uy86nJgQtYqAFffZORT9wbNMuNtqytcUZQRX51dx6IfSFEd."
);


if (isPasswordMatches) { // correct password
    ...
} else { // Wrong Password
    ...
}

The problem is solved by using below code:

BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();  
encoder.matches(password, user.getPassword());

password - from form(JSP)
user.getPassword() - from database

BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();
if(email.equalsIgnoreCase(user.getEmail()) && encoder.matches(password, user.getPassword())) {
    userService.deactivateUserByID(user.getId());
    redirectAttributes.addFlashAttribute("successmsg", "Your account has been deactivated successfully.");
    model.setViewName("redirect:/logout");
}else{
    redirectAttributes.addFlashAttribute("errormsg", "Email or Password is incorrect");
    model.setViewName("redirect:/app/profile/deactivate");
}

Decode the Bcrypt encoded password in Spring Security to deactivate user account

Tags:

Bcrypt

Jbcrypt

Related

Recent Posts