summaryrefslogtreecommitdiffstats
path: root/src/test
diff options
context:
space:
mode:
authorFlorian Zschocke <florian.zschocke@devolo.de>2019-11-05 22:26:11 +0100
committerFlorian Zschocke <florian.zschocke@devolo.de>2019-11-05 22:32:24 +0100
commitc09335a0305f7f345bf745cbe90c216834689425 (patch)
treefdbea3bde7fda309aba3eda21ff382a399f30289 /src/test
parentd1ee233d27fae23b1d0a69bbb6b9a363c3a76abe (diff)
downloadgitblit-c09335a0305f7f345bf745cbe90c216834689425.tar.gz
gitblit-c09335a0305f7f345bf745cbe90c216834689425.zip
Use the new PasswordHash classes.
Integrate the `PasswordHash` class and subclass in the user and password editing and authentication. Replaces the old code and the previous `SecurePasswordHashingUtils` class.
Diffstat (limited to 'src/test')
-rw-r--r--src/test/java/com/gitblit/tests/AuthenticationManagerTest.java38
-rw-r--r--src/test/java/com/gitblit/utils/PasswordHashTest.java40
-rw-r--r--src/test/java/com/gitblit/utils/SecurePasswordHashUtilsTest.java63
3 files changed, 72 insertions, 69 deletions
diff --git a/src/test/java/com/gitblit/tests/AuthenticationManagerTest.java b/src/test/java/com/gitblit/tests/AuthenticationManagerTest.java
index 31b7512c..45009856 100644
--- a/src/test/java/com/gitblit/tests/AuthenticationManagerTest.java
+++ b/src/test/java/com/gitblit/tests/AuthenticationManagerTest.java
@@ -43,6 +43,7 @@ import javax.servlet.http.HttpSessionContext;
import javax.servlet.http.HttpUpgradeHandler;
import javax.servlet.http.Part;
+import com.gitblit.utils.PasswordHash;
import org.junit.Test;
import com.gitblit.IUserService;
@@ -55,7 +56,6 @@ import com.gitblit.manager.UserManager;
import com.gitblit.models.TeamModel;
import com.gitblit.models.UserModel;
import com.gitblit.tests.mock.MemorySettings;
-import com.gitblit.utils.SecurePasswordHashUtils;
import com.gitblit.utils.XssFilter;
import com.gitblit.utils.XssFilter.AllowXssFilter;
@@ -659,17 +659,43 @@ public class AuthenticationManagerTest extends GitblitUnitTest {
users.updateUserModel(user);
assertNotNull(auth.authenticate(user.username, user.password.toCharArray(), null));
-
- // validate that plaintext password was automatically updated to hashed one
- assertTrue(user.password.startsWith(SecurePasswordHashUtils.PBKDF2WITHHMACSHA256_TYPE));
-
user.disabled = true;
users.updateUserModel(user);
assertNull(auth.authenticate(user.username, user.password.toCharArray(), null));
users.deleteUserModel(user);
}
-
+
+
+ @Test
+ public void testAuthenticateUpgradePlaintext() throws Exception {
+ IAuthenticationManager auth = newAuthenticationManager();
+
+ UserModel user = new UserModel("sunnyjim");
+ user.password = "password";
+ users.updateUserModel(user);
+
+ assertNotNull(auth.authenticate(user.username, user.password.toCharArray(), null));
+
+ // validate that plaintext password was automatically updated to hashed one
+ assertTrue(user.password.startsWith(PasswordHash.getDefaultType().name() + ":"));
+ }
+
+
+ @Test
+ public void testAuthenticateUpgradeMD5() throws Exception {
+ IAuthenticationManager auth = newAuthenticationManager();
+
+ UserModel user = new UserModel("sunnyjim");
+ user.password = "MD5:5F4DCC3B5AA765D61D8327DEB882CF99";
+ users.updateUserModel(user);
+
+ assertNotNull(auth.authenticate(user.username, "password".toCharArray(), null));
+
+ // validate that MD5 password was automatically updated to hashed one
+ assertTrue(user.password.startsWith(PasswordHash.getDefaultType().name() + ":"));
+ }
+
@Test
public void testContenairAuthenticate() throws Exception {
diff --git a/src/test/java/com/gitblit/utils/PasswordHashTest.java b/src/test/java/com/gitblit/utils/PasswordHashTest.java
index c5a485dc..40c472aa 100644
--- a/src/test/java/com/gitblit/utils/PasswordHashTest.java
+++ b/src/test/java/com/gitblit/utils/PasswordHashTest.java
@@ -99,6 +99,15 @@ public class PasswordHashTest {
assertTrue("Failed to match " +CMD5_HASHED_ENTRY_0, pwdh.matches(CMD5_HASHED_ENTRY_0, CMD5_PASSWORD_0.toCharArray(), CMD5_USERNAME_0));
+ pwdh = PasswordHash.instanceOf("combined-md5");
+ assertNotNull(pwdh);
+ assertEquals(PasswordHash.Type.CMD5, pwdh.type);
+
+ pwdh = PasswordHash.instanceOf("COMBINED-MD5");
+ assertNotNull(pwdh);
+ assertEquals(PasswordHash.Type.CMD5, pwdh.type);
+
+
pwdh = PasswordHash.instanceOf("MD5");
assertNotNull(pwdh);
assertNotEquals(PasswordHash.Type.CMD5, pwdh.type);
@@ -593,4 +602,35 @@ public class PasswordHashTest {
assertFalse("Matched wrong hashed entry, with empty user", pwdh.matches(PBKDF2_HASHED_ENTRY_3, PBKDF2_PASSWORD_0.toCharArray(), ""));
assertFalse("Matched wrong hashed entry, with user", pwdh.matches(PBKDF2_HASHED_ENTRY_3, PBKDF2_PASSWORD_0.toCharArray(), "someuser"));
}
+
+ @Test
+ public void getEntryType() {
+ assertEquals(PasswordHash.Type.MD5, PasswordHash.getEntryType("MD5:blah"));
+ assertEquals(PasswordHash.Type.MD5, PasswordHash.getEntryType("md5:blah"));
+ assertEquals(PasswordHash.Type.MD5, PasswordHash.getEntryType("mD5:blah"));
+
+ assertEquals(PasswordHash.Type.CMD5, PasswordHash.getEntryType("CMD5:blah"));
+ assertEquals(PasswordHash.Type.CMD5, PasswordHash.getEntryType("cmd5:blah"));
+ assertEquals(PasswordHash.Type.CMD5, PasswordHash.getEntryType("Cmd5:blah"));
+
+ assertEquals(PasswordHash.Type.CMD5, PasswordHash.getEntryType("combined-md5:blah"));
+ assertEquals(PasswordHash.Type.CMD5, PasswordHash.getEntryType("COMBINED-MD5:blah"));
+ assertEquals(PasswordHash.Type.CMD5, PasswordHash.getEntryType("combined-MD5:blah"));
+
+ assertEquals(PasswordHash.Type.PBKDF2, PasswordHash.getEntryType("PBKDF2:blah"));
+ assertEquals(PasswordHash.Type.PBKDF2, PasswordHash.getEntryType("pbkdf2:blah"));
+ assertEquals(PasswordHash.Type.PBKDF2, PasswordHash.getEntryType("Pbkdf2:blah"));
+ assertEquals(PasswordHash.Type.PBKDF2, PasswordHash.getEntryType("pbKDF2:blah"));
+
+ assertEquals(PasswordHash.Type.PBKDF2, PasswordHash.getEntryType("PBKDF2WithHmacSHA256:blah"));
+ assertEquals(PasswordHash.Type.PBKDF2, PasswordHash.getEntryType("PBKDF2WITHHMACSHA256:blah"));
+ }
+
+ @Test
+ public void getEntryValue() {
+ assertEquals("value", PasswordHash.getEntryValue("MD5:value"));
+ assertEquals("plain text", PasswordHash.getEntryValue("plain text"));
+ assertEquals("what this", PasswordHash.getEntryValue(":what this"));
+ assertEquals("", PasswordHash.getEntryValue(":"));
+ }
}
diff --git a/src/test/java/com/gitblit/utils/SecurePasswordHashUtilsTest.java b/src/test/java/com/gitblit/utils/SecurePasswordHashUtilsTest.java
deleted file mode 100644
index f687bda6..00000000
--- a/src/test/java/com/gitblit/utils/SecurePasswordHashUtilsTest.java
+++ /dev/null
@@ -1,63 +0,0 @@
-package com.gitblit.utils;
-
-import static org.junit.Assert.*;
-
-import org.junit.Before;
-import org.junit.Test;
-
-public class SecurePasswordHashUtilsTest {
-
- private static final String STORED_PASSWORD = "PBKDF2WITHHMACSHA256:2d7d3ccaa277787f288e9f929247361bfc83607c6a8447bf496267512e360ba0a97b3114937213b23230072517d65a2e00695a1cbc47a732510840817f22c1bc";
- private static final byte[] STORED_SALT_BYTES = new byte[]{45, 125, 60, -54, -94, 119, 120, 127, 40, -114, -97, -110, -110, 71, 54, 27, -4, -125, 96, 124, 106, -124, 71, -65, 73, 98, 103, 81, 46, 54, 11, -96};
- private static final byte[] STORED_HASH_BYTES = new byte[]{-87, 123, 49, 20, -109, 114, 19, -78, 50, 48, 7, 37, 23, -42, 90, 46, 0, 105, 90, 28, -68, 71, -89, 50, 81, 8, 64, -127, 127, 34, -63, -68};
-
- private SecurePasswordHashUtils utils;
-
- @Before
- public void init(){
- utils = SecurePasswordHashUtils.get();
- }
-
- @Test
- public void testGetNextSalt() {
- assertEquals(32, utils.getNextSalt().length);
- }
-
- @Test
- public void testHash() {
- byte[] hash = utils.hash("foo".toCharArray(), STORED_SALT_BYTES);
- assertArrayEquals(STORED_HASH_BYTES, hash);
- }
-
- @Test
- public void testIsPasswordCorrectCharArrayByteArrayByteArray() {
- assertTrue(utils.isPasswordCorrect("foo".toCharArray(), STORED_SALT_BYTES, STORED_HASH_BYTES));
- assertFalse(utils.isPasswordCorrect("bar".toCharArray(), STORED_SALT_BYTES, STORED_HASH_BYTES));
- }
-
- @Test
- public void testCreateNewStorableHashFromPassword() {
- String newPwHash = utils.createStoredPasswordFromPassword("foo");
- assertTrue(newPwHash.startsWith(SecurePasswordHashUtils.PBKDF2WITHHMACSHA256_TYPE));
- }
-
- @Test
- public void testGetSaltFromStoredPassword() {
- byte[] saltFromStoredPassword = utils.getSaltFromStoredPassword(STORED_PASSWORD);
- assertArrayEquals(STORED_SALT_BYTES, saltFromStoredPassword);
-
- }
-
- @Test
- public void testGetHashFromStoredPassword() {
- byte[] hashFromStoredPassword = utils.getHashFromStoredPassword(STORED_PASSWORD);
- assertArrayEquals(STORED_HASH_BYTES, hashFromStoredPassword);
- }
-
- @Test
- public void testIsPasswordCorrectCharArrayString() {
- assertTrue(utils.isPasswordCorrect("foo".toCharArray(), STORED_PASSWORD));
- assertFalse(utils.isPasswordCorrect("bar".toCharArray(), STORED_PASSWORD));
- }
-
-}