Decode the Bcrypt encoded password in Spring Security to deactivate user account
I am working on web application project in Spring Hibernate MVC. I am storing encoded passwords in a database using Bcrypt algorithm in Spring security.
Now I want to get that encoded password to be decoded to deactivate a use account where in I am giving user email and password to verify before user deactivate the account. I have a problem in getting the decoded password.
Can anyone help me to get out of it or any alternate solution for my requirement?
Answer
The problem is solved by using below code:
BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();
encoder.matches(password, user.getPassword());
password - from form(JSP)
user.getPassword() - from database
BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();
if(email.equalsIgnoreCase(user.getEmail()) && encoder.matches(password, user.getPassword())) {
userService.deactivateUserByID(user.getId());
redirectAttributes.addFlashAttribute("successmsg", "Your account has been deactivated successfully.");
model.setViewName("redirect:/logout");
}else{
redirectAttributes.addFlashAttribute("errormsg", "Email or Password is incorrect");
model.setViewName("redirect:/app/profile/deactivate");
}