From 4fcd7ebfd51567b13c566ca62ad4d4e87205d33a Mon Sep 17 00:00:00 2001
From: Bill Smith <wsmith@unicon.net>
Date: Mon, 7 Jan 2019 09:58:55 -0700
Subject: [PATCH] [SHIBUI-1031]

Added password encryption on POST.
---
 .../admin/ui/security/controller/UsersController.java           | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/controller/UsersController.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/controller/UsersController.java
index 451882b25..f4c63c9f4 100644
--- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/controller/UsersController.java
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/controller/UsersController.java
@@ -78,8 +78,8 @@ ResponseEntity<?> saveOne(@RequestBody User user) {
                     .body(new ErrorResponse(String.valueOf(HttpStatus.CONFLICT.value()),
                             String.format("A user with username [%s] already exists within the system.", user.getUsername())));
         }
+        user.setPassword(BCrypt.hashpw(user.getPassword(), BCrypt.gensalt()));
         userRoleService.updateUserRole(user);
-        //TODO: encrypt password? Or is it sent to us encrypted?
         User savedUser = userRepository.save(user);
         return ResponseEntity.ok(savedUser);
     }