encoder library added

build.gradle

@@ -22,6 +22,8 @@ dependencies {
 
     testCompileOnly 'org.projectlombok:lombok:1.18.30'
     testAnnotationProcessor 'org.projectlombok:lombok:1.18.30'
+
+    implementation group: 'com.password4j', name: 'password4j', version: '1.7.3'
 }
 
 test {

src/main/java/ru/ylab/repository/InMemoryUserRepository.java → src/main/java/ru/ylab/repository/impl/InMemoryUserRepository.java

@@ -1,23 +1,27 @@
 package ru.ylab.repository;
 
 import ru.ylab.entity.User;
+import ru.ylab.repository.UserRepository;
+import ru.ylab.security.Password4jPasswordEncoder;
+import ru.ylab.security.PasswordEncoder;
 
 import java.util.HashMap;
 import java.util.Map;
 import java.util.Optional;
 
 public class InMemoryUserRepository implements UserRepository {
+    private static final PasswordEncoder passwordEncoder = new Password4jPasswordEncoder();
     private static final Map<Long, User> USERS = init();
 
     private static Map<Long, User> init() {
         User admin = User.builder()
                 .name("admin")
-                .password("password")
+                .password(passwordEncoder.encode("admin"))
                 .isAdmin(true)
                 .build();
         User testUser = User.builder()
                 .name("testUser")
-                .password("password2")
+                .password(passwordEncoder.encode("testUser"))
                 .build();
         Map<Long, User> map = new HashMap<>();
         map.put(admin.getId(), admin);

src/main/java/ru/ylab/security/Password4jPasswordEncoder.java

@@ -0,0 +1,21 @@
+package ru.ylab.security;
+
+import com.password4j.Password;
+
+public class Password4jPasswordEncoder implements PasswordEncoder {
+    private static final String SECRET_KEY = "superSecret";
+
+    @Override
+    public String encode(String password) {
+        return Password
+                .hash(password)
+                .addSalt(SECRET_KEY)
+                .withArgon2()
+                .getResult();
+    }
+
+    @Override
+    public boolean verify(String password, String hash) {
+        return Password.check(password, hash).addSalt(SECRET_KEY).withArgon2();
+    }
+}

src/main/java/ru/ylab/security/PasswordEncoder.java

@@ -0,0 +1,7 @@
+package ru.ylab.security;
+
+public interface PasswordEncoder {
+    String encode(String password);
+
+    boolean verify(String password, String hash);
+}

src/main/java/ru/ylab/service/UserService.java

@@ -7,16 +7,20 @@
 import ru.ylab.dto.UserAuthenticationRequestDTO;
 import ru.ylab.dto.UserRegistrationRequestDTO;
 import ru.ylab.repository.UserRepository;
+import ru.ylab.security.PasswordEncoder;
 
 @RequiredArgsConstructor
 public class UserService {
     private final UserRepository userRepository;
+    private final PasswordEncoder passwordEncoder;
+    @Getter
+    private User currentUser;
 
     public User registerUser(UserRegistrationRequestDTO requestDTO) {
         if (!checkUsernameExists(requestDTO.name())) {
             User user = User.builder()
                     .name(requestDTO.name())
-                    .password(requestDTO.password())
+                    .password(passwordEncoder.encode(requestDTO.password()))
                     .build();
             userRepository.save(user);
             return user;
@@ -27,7 +31,7 @@ public User registerUser(UserRegistrationRequestDTO requestDTO) {
     public User authenticate(UserAuthenticationRequestDTO requestDTO) {
         var user = userRepository.getUserByName(requestDTO.name())
                 .orElseThrow(UserAuthenticationException::new);
-        if (!user.getPassword().equals(requestDTO.password())) {
+        if (!passwordEncoder.verify(requestDTO.password(), user.getPassword())) {
             throw new UserAuthenticationException();
         }
         return user;