From 78b085815b9873acdf178b2e9c9598d065fd40c0 Mon Sep 17 00:00:00 2001
From: Joaquín Reñé <jrene@curisit.net>
Date: Mon, 20 Apr 2026 19:30:51 +0000
Subject: [PATCH] #4479 - upgrade SecurisServer to Java 21

---
 securis/src/main/java/net/curisit/securis/services/UserResource.java |   35 ++++++++++++++++++++++++++++++-----
 1 files changed, 30 insertions(+), 5 deletions(-)

diff --git a/securis/src/main/java/net/curisit/securis/services/UserResource.java b/securis/src/main/java/net/curisit/securis/services/UserResource.java
index 3674d25..85fd4b7 100644
--- a/securis/src/main/java/net/curisit/securis/services/UserResource.java
+++ b/securis/src/main/java/net/curisit/securis/services/UserResource.java
@@ -407,11 +407,15 @@
         LOG.info("login() called. session={}", request.getSession(false));
         LOG.info("login() username='{}'", username);
         
-        LOG.info("UserResource instance={}", this);
-        LOG.info("Injected em={}", em);
-        LOG.info("Injected tokenHelper={}", tokenHelper);
-        LOG.info("Injected cache={}", cache);
-
+        boolean trazalogin = false;
+        
+        if (trazalogin) {
+	        LOG.info("UserResource instance={}", this);
+	        LOG.info("Injected em={}", em);
+	        LOG.info("Injected tokenHelper={}", tokenHelper);
+	        LOG.info("Injected cache={}", cache);
+        }
+        
         if (username == null || username.trim().isEmpty()) {
             LOG.error("login() username is null or empty");
             throw new SeCurisServiceException(ErrorCodes.UNAUTHORIZED_ACCESS, "Wrong credentials");
@@ -432,6 +436,27 @@
         String securedPassword = Utils.sha256(password);
         LOG.info("login() hashed password generated? {}", securedPassword != null);
 
+        if (trazalogin) {
+	        LOG.info("login() stored password hash='{}'", user.getPassword());
+	        LOG.info("login() computed password hash='{}'", securedPassword);
+	        LOG.info("login() stored length={}, computed length={}",
+	                user.getPassword() == null ? null : user.getPassword().length(),
+	                securedPassword == null ? null : securedPassword.length());
+	        
+	        
+	        LOG.info("raw password='{}'", password);
+	        LOG.info("sha256(raw)='{}'", Utils.sha256(password));
+	        LOG.info("sha256(trim)='{}'", Utils.sha256(password == null ? null : password.trim()));
+	        LOG.info("sha256(lower)='{}'", Utils.sha256(password == null ? null : password.toLowerCase()));
+	        LOG.info("sha256(upper)='{}'", Utils.sha256(password == null ? null : password.toUpperCase()));
+	        LOG.info("sha256(username+password)='{}'", Utils.sha256(username + password));
+	        LOG.info("sha256(password+username)='{}'", Utils.sha256(password + username));
+	        LOG.info("stored hash='{}'", user.getPassword());
+	        
+	        LOG.info("password.equals('admin')={}", "admin".equals(password));
+	        LOG.info("password length={}", password == null ? null : password.length());
+        }    
+	        
         if (securedPassword == null || !securedPassword.equals(user.getPassword())) {
             LOG.error("Wrong password for user '{}'", username);
             throw new SeCurisServiceException(ErrorCodes.UNAUTHORIZED_ACCESS, "Wrong credentials");

--
Gitblit v1.3.2