Merge branch 'master' into releaser1.9.1

author: Florian Zschocke <f.zschocke+git@gmail.com> 2020-04-05 13:07:25 +0200
committer: Florian Zschocke <f.zschocke+git@gmail.com> 2020-04-05 13:07:25 +0200
commit: a93cd37bc60b4f311692e0e9c6b0ddf320eb5c29 (patch)
tree: f48a9a963233f1f23d4e77e9ba9e908ea5bb6472 /src/test/java/com/gitblit
parent: 08666d065be34a227a9b5bb16810280d8ee39178 (diff)
parent: 34e77ddf09e58ea0a817d31ed74a6bce574bff97 (diff)
download: gitblit-a93cd37bc60b4f311692e0e9c6b0ddf320eb5c29.tar.gz
gitblit-a93cd37bc60b4f311692e0e9c6b0ddf320eb5c29.zip
2 files changed, 99 insertions, 16 deletions
diff --git a/src/test/java/com/gitblit/tests/AuthenticationManagerTest.java b/src/test/java/com/gitblit/tests/AuthenticationManagerTest.java
index 45009856..81d68895 100644
--- a/src/test/java/com/gitblit/tests/AuthenticationManagerTest.java
+++ b/src/test/java/com/gitblit/tests/AuthenticationManagerTest.java
@@ -19,13 +19,7 @@ import java.io.BufferedReader;
 import java.io.IOException;
 import java.io.UnsupportedEncodingException;
 import java.security.Principal;
-import java.util.Collection;
-import java.util.Collections;
-import java.util.Enumeration;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Locale;
-import java.util.Map;
+import java.util.*;
 
 import javax.servlet.AsyncContext;
 import javax.servlet.DispatcherType;
@@ -654,16 +648,84 @@ public class AuthenticationManagerTest extends GitblitUnitTest {
 	public void testAuthenticate() throws Exception {
 		IAuthenticationManager auth = newAuthenticationManager();
 
+
+		String password = "pass word";
 		UserModel user = new UserModel("sunnyjim");
-		user.password = "password";
+		user.password = password;
 		users.updateUserModel(user);
 
-		assertNotNull(auth.authenticate(user.username, user.password.toCharArray(), null));
+		char[] pwd = password.toCharArray();
+		assertNotNull(auth.authenticate(user.username, pwd, null));
+
+		// validate that the passed in password has been zeroed out in memory
+		char[] zeroes = new char[pwd.length];
+		Arrays.fill(zeroes, Character.MIN_VALUE);
+		assertArrayEquals(zeroes, pwd);
+	}
+
+
+	@Test
+	public void testAuthenticateDisabledUser() throws Exception {
+		IAuthenticationManager auth = newAuthenticationManager();
+
+
+		String password = "password";
+		UserModel user = new UserModel("sunnyjim");
+		user.password = password;
 		user.disabled = true;
+		users.updateUserModel(user);
+
+		assertNull(auth.authenticate(user.username, password.toCharArray(), null));
+
+		user.disabled = false;
+		users.updateUserModel(user);
+		assertNotNull(auth.authenticate(user.username, password.toCharArray(), null));
+	}
+
+
+	@Test
+	public void testAuthenticateEmptyPassword() throws Exception {
+		IAuthenticationManager auth = newAuthenticationManager();
+
+
+		String password = "password";
+		UserModel user = new UserModel("sunnyjim");
+		user.password = password;
+		users.updateUserModel(user);
 
+		assertNull(auth.authenticate(user.username, "".toCharArray(), null));
+		assertNull(auth.authenticate(user.username, " 	 ".toCharArray(), null));
+		assertNull(auth.authenticate(user.username, new char[]{' ', '\u0010', '\u0015'}, null));
+	}
+
+
+
+
+	@Test
+	public void testAuthenticateWrongPassword() throws Exception {
+		IAuthenticationManager auth = newAuthenticationManager();
+
+
+		String password = "password";
+		UserModel user = new UserModel("sunnyjim");
+		user.password = password;
 		users.updateUserModel(user);
-		assertNull(auth.authenticate(user.username, user.password.toCharArray(), null));
-		users.deleteUserModel(user);
+
+		assertNull(auth.authenticate(user.username, "helloworld".toCharArray(), null));
+	}
+
+
+	@Test
+	public void testAuthenticateNoSuchUser() throws Exception {
+		IAuthenticationManager auth = newAuthenticationManager();
+
+
+		String password = "password";
+		UserModel user = new UserModel("sunnyjim");
+		user.password = password;
+		users.updateUserModel(user);
+
+		assertNull(auth.authenticate("rainyjoe", password.toCharArray(), null));
 	}
 
 
@@ -671,14 +733,18 @@ public class AuthenticationManagerTest extends GitblitUnitTest {
 	public void testAuthenticateUpgradePlaintext() throws Exception {
 		IAuthenticationManager auth = newAuthenticationManager();
 
+		String password = "topsecret";
 		UserModel user = new UserModel("sunnyjim");
-		user.password = "password";
+		user.password = password;
 		users.updateUserModel(user);
 
-		assertNotNull(auth.authenticate(user.username, user.password.toCharArray(), null));
+		assertNotNull(auth.authenticate(user.username, password.toCharArray(), null));
 
 		// validate that plaintext password was automatically updated to hashed one
 		assertTrue(user.password.startsWith(PasswordHash.getDefaultType().name() + ":"));
+
+		// validate that the password is still valid and the user can log in
+		assertNotNull(auth.authenticate(user.username, password.toCharArray(), null));
 	}
 
 
@@ -686,14 +752,18 @@ public class AuthenticationManagerTest extends GitblitUnitTest {
 	public void testAuthenticateUpgradeMD5() throws Exception {
 		IAuthenticationManager auth = newAuthenticationManager();
 
+		String password = "secretAndHashed";
 		UserModel user = new UserModel("sunnyjim");
-		user.password = "MD5:5F4DCC3B5AA765D61D8327DEB882CF99";
+		user.password = "MD5:BD95A1CFD00868B59B3564112D1E5847";
 		users.updateUserModel(user);
 
-		assertNotNull(auth.authenticate(user.username, "password".toCharArray(), null));
+		assertNotNull(auth.authenticate(user.username, password.toCharArray(), null));
 
 		// validate that MD5 password was automatically updated to hashed one
 		assertTrue(user.password.startsWith(PasswordHash.getDefaultType().name() + ":"));
+
+		// validate that the password is still valid and the user can log in
+		assertNotNull(auth.authenticate(user.username, password.toCharArray(), null));
 	}
 
 
diff --git a/src/test/java/com/gitblit/tests/StringUtilsTest.java b/src/test/java/com/gitblit/tests/StringUtilsTest.java
index 7176b88c..3dae66f4 100644
--- a/src/test/java/com/gitblit/tests/StringUtilsTest.java
+++ b/src/test/java/com/gitblit/tests/StringUtilsTest.java
@@ -26,13 +26,26 @@ public class StringUtilsTest extends GitblitUnitTest {
 
 	@Test
 	public void testIsEmpty() throws Exception {
-		assertTrue(StringUtils.isEmpty(null));
+		assertTrue(StringUtils.isEmpty((String)null));
 		assertTrue(StringUtils.isEmpty(""));
 		assertTrue(StringUtils.isEmpty("  "));
 		assertFalse(StringUtils.isEmpty("A"));
 	}
 
 	@Test
+	public void testIsEmptyCharArray() throws Exception {
+		assertTrue(StringUtils.isEmpty((char[])null));
+		assertTrue(StringUtils.isEmpty(new char[0]));
+		assertTrue(StringUtils.isEmpty(new char[]{ ' ' }));
+		assertTrue(StringUtils.isEmpty(new char[]{ '	'}));
+		assertTrue(StringUtils.isEmpty(new char[]{ ' ', ' ' }));
+		assertTrue(StringUtils.isEmpty(new char[]{ '	',  ' ', '	' }));
+		assertFalse(StringUtils.isEmpty(new char[]{ '\u0020', 'f' }));
+		assertFalse(StringUtils.isEmpty(new char[]{ '\u0148', '\u0020' }));
+		assertFalse(StringUtils.isEmpty(new char[]{ 'A' }));
+	}
+
+	@Test
 	public void testBreakLinesForHtml() throws Exception {
 		String input = "this\nis\r\na\rtest\r\n\r\nof\n\nline\r\rbreaking";
 		String output = "this<br/>is<br/>a<br/>test<br/><br/>of<br/><br/>line<br/><br/>breaking";
author	Florian Zschocke <f.zschocke+git@gmail.com>	2020-04-05 13:07:25 +0200
committer	Florian Zschocke <f.zschocke+git@gmail.com>	2020-04-05 13:07:25 +0200
commit	a93cd37bc60b4f311692e0e9c6b0ddf320eb5c29 (patch)
tree	f48a9a963233f1f23d4e77e9ba9e908ea5bb6472 /src/test/java/com/gitblit
parent	08666d065be34a227a9b5bb16810280d8ee39178 (diff)
parent	34e77ddf09e58ea0a817d31ed74a6bce574bff97 (diff)
download	gitblit-a93cd37bc60b4f311692e0e9c6b0ddf320eb5c29.tar.gz gitblit-a93cd37bc60b4f311692e0e9c6b0ddf320eb5c29.zip