diff options
| author | Florian Zschocke <florian.zschocke@devolo.de> | 2019-11-05 22:26:11 +0100 |
|---|---|---|
| committer | Florian Zschocke <florian.zschocke@devolo.de> | 2019-11-05 22:32:24 +0100 |
| commit | c09335a0305f7f345bf745cbe90c216834689425 (patch) | |
| tree | fdbea3bde7fda309aba3eda21ff382a399f30289 /src/test/java/com/gitblit/tests | |
| parent | d1ee233d27fae23b1d0a69bbb6b9a363c3a76abe (diff) | |
| download | gitblit-c09335a0305f7f345bf745cbe90c216834689425.tar.gz gitblit-c09335a0305f7f345bf745cbe90c216834689425.zip | |
Use the new PasswordHash classes.
Integrate the `PasswordHash` class and subclass in the user
and password editing and authentication. Replaces the old code and
the previous `SecurePasswordHashingUtils` class.
Diffstat (limited to 'src/test/java/com/gitblit/tests')
| -rw-r--r-- | src/test/java/com/gitblit/tests/AuthenticationManagerTest.java | 38 |
1 files changed, 32 insertions, 6 deletions
diff --git a/src/test/java/com/gitblit/tests/AuthenticationManagerTest.java b/src/test/java/com/gitblit/tests/AuthenticationManagerTest.java index 31b7512c..45009856 100644 --- a/src/test/java/com/gitblit/tests/AuthenticationManagerTest.java +++ b/src/test/java/com/gitblit/tests/AuthenticationManagerTest.java @@ -43,6 +43,7 @@ import javax.servlet.http.HttpSessionContext; import javax.servlet.http.HttpUpgradeHandler; import javax.servlet.http.Part; +import com.gitblit.utils.PasswordHash; import org.junit.Test; import com.gitblit.IUserService; @@ -55,7 +56,6 @@ import com.gitblit.manager.UserManager; import com.gitblit.models.TeamModel; import com.gitblit.models.UserModel; import com.gitblit.tests.mock.MemorySettings; -import com.gitblit.utils.SecurePasswordHashUtils; import com.gitblit.utils.XssFilter; import com.gitblit.utils.XssFilter.AllowXssFilter; @@ -659,17 +659,43 @@ public class AuthenticationManagerTest extends GitblitUnitTest { users.updateUserModel(user); assertNotNull(auth.authenticate(user.username, user.password.toCharArray(), null)); - - // validate that plaintext password was automatically updated to hashed one - assertTrue(user.password.startsWith(SecurePasswordHashUtils.PBKDF2WITHHMACSHA256_TYPE)); - user.disabled = true; users.updateUserModel(user); assertNull(auth.authenticate(user.username, user.password.toCharArray(), null)); users.deleteUserModel(user); } - + + + @Test + public void testAuthenticateUpgradePlaintext() throws Exception { + IAuthenticationManager auth = newAuthenticationManager(); + + UserModel user = new UserModel("sunnyjim"); + user.password = "password"; + users.updateUserModel(user); + + assertNotNull(auth.authenticate(user.username, user.password.toCharArray(), null)); + + // validate that plaintext password was automatically updated to hashed one + assertTrue(user.password.startsWith(PasswordHash.getDefaultType().name() + ":")); + } + + + @Test + public void testAuthenticateUpgradeMD5() throws Exception { + IAuthenticationManager auth = newAuthenticationManager(); + + UserModel user = new UserModel("sunnyjim"); + user.password = "MD5:5F4DCC3B5AA765D61D8327DEB882CF99"; + users.updateUserModel(user); + + assertNotNull(auth.authenticate(user.username, "password".toCharArray(), null)); + + // validate that MD5 password was automatically updated to hashed one + assertTrue(user.password.startsWith(PasswordHash.getDefaultType().name() + ":")); + } + @Test public void testContenairAuthenticate() throws Exception { |