summaryrefslogtreecommitdiffstats
path: root/src/test/java/com/gitblit/tests/AuthenticationManagerTest.java
diff options
context:
space:
mode:
Diffstat (limited to 'src/test/java/com/gitblit/tests/AuthenticationManagerTest.java')
-rw-r--r--src/test/java/com/gitblit/tests/AuthenticationManagerTest.java100
1 files changed, 85 insertions, 15 deletions
diff --git a/src/test/java/com/gitblit/tests/AuthenticationManagerTest.java b/src/test/java/com/gitblit/tests/AuthenticationManagerTest.java
index 45009856..81d68895 100644
--- a/src/test/java/com/gitblit/tests/AuthenticationManagerTest.java
+++ b/src/test/java/com/gitblit/tests/AuthenticationManagerTest.java
@@ -19,13 +19,7 @@ import java.io.BufferedReader;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.Principal;
-import java.util.Collection;
-import java.util.Collections;
-import java.util.Enumeration;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Locale;
-import java.util.Map;
+import java.util.*;
import javax.servlet.AsyncContext;
import javax.servlet.DispatcherType;
@@ -654,16 +648,84 @@ public class AuthenticationManagerTest extends GitblitUnitTest {
public void testAuthenticate() throws Exception {
IAuthenticationManager auth = newAuthenticationManager();
+
+ String password = "pass word";
UserModel user = new UserModel("sunnyjim");
- user.password = "password";
+ user.password = password;
users.updateUserModel(user);
- assertNotNull(auth.authenticate(user.username, user.password.toCharArray(), null));
+ char[] pwd = password.toCharArray();
+ assertNotNull(auth.authenticate(user.username, pwd, null));
+
+ // validate that the passed in password has been zeroed out in memory
+ char[] zeroes = new char[pwd.length];
+ Arrays.fill(zeroes, Character.MIN_VALUE);
+ assertArrayEquals(zeroes, pwd);
+ }
+
+
+ @Test
+ public void testAuthenticateDisabledUser() throws Exception {
+ IAuthenticationManager auth = newAuthenticationManager();
+
+
+ String password = "password";
+ UserModel user = new UserModel("sunnyjim");
+ user.password = password;
user.disabled = true;
+ users.updateUserModel(user);
+
+ assertNull(auth.authenticate(user.username, password.toCharArray(), null));
+
+ user.disabled = false;
+ users.updateUserModel(user);
+ assertNotNull(auth.authenticate(user.username, password.toCharArray(), null));
+ }
+
+
+ @Test
+ public void testAuthenticateEmptyPassword() throws Exception {
+ IAuthenticationManager auth = newAuthenticationManager();
+
+
+ String password = "password";
+ UserModel user = new UserModel("sunnyjim");
+ user.password = password;
+ users.updateUserModel(user);
+ assertNull(auth.authenticate(user.username, "".toCharArray(), null));
+ assertNull(auth.authenticate(user.username, " ".toCharArray(), null));
+ assertNull(auth.authenticate(user.username, new char[]{' ', '\u0010', '\u0015'}, null));
+ }
+
+
+
+
+ @Test
+ public void testAuthenticateWrongPassword() throws Exception {
+ IAuthenticationManager auth = newAuthenticationManager();
+
+
+ String password = "password";
+ UserModel user = new UserModel("sunnyjim");
+ user.password = password;
users.updateUserModel(user);
- assertNull(auth.authenticate(user.username, user.password.toCharArray(), null));
- users.deleteUserModel(user);
+
+ assertNull(auth.authenticate(user.username, "helloworld".toCharArray(), null));
+ }
+
+
+ @Test
+ public void testAuthenticateNoSuchUser() throws Exception {
+ IAuthenticationManager auth = newAuthenticationManager();
+
+
+ String password = "password";
+ UserModel user = new UserModel("sunnyjim");
+ user.password = password;
+ users.updateUserModel(user);
+
+ assertNull(auth.authenticate("rainyjoe", password.toCharArray(), null));
}
@@ -671,14 +733,18 @@ public class AuthenticationManagerTest extends GitblitUnitTest {
public void testAuthenticateUpgradePlaintext() throws Exception {
IAuthenticationManager auth = newAuthenticationManager();
+ String password = "topsecret";
UserModel user = new UserModel("sunnyjim");
- user.password = "password";
+ user.password = password;
users.updateUserModel(user);
- assertNotNull(auth.authenticate(user.username, user.password.toCharArray(), null));
+ assertNotNull(auth.authenticate(user.username, password.toCharArray(), null));
// validate that plaintext password was automatically updated to hashed one
assertTrue(user.password.startsWith(PasswordHash.getDefaultType().name() + ":"));
+
+ // validate that the password is still valid and the user can log in
+ assertNotNull(auth.authenticate(user.username, password.toCharArray(), null));
}
@@ -686,14 +752,18 @@ public class AuthenticationManagerTest extends GitblitUnitTest {
public void testAuthenticateUpgradeMD5() throws Exception {
IAuthenticationManager auth = newAuthenticationManager();
+ String password = "secretAndHashed";
UserModel user = new UserModel("sunnyjim");
- user.password = "MD5:5F4DCC3B5AA765D61D8327DEB882CF99";
+ user.password = "MD5:BD95A1CFD00868B59B3564112D1E5847";
users.updateUserModel(user);
- assertNotNull(auth.authenticate(user.username, "password".toCharArray(), null));
+ assertNotNull(auth.authenticate(user.username, password.toCharArray(), null));
// validate that MD5 password was automatically updated to hashed one
assertTrue(user.password.startsWith(PasswordHash.getDefaultType().name() + ":"));
+
+ // validate that the password is still valid and the user can log in
+ assertNotNull(auth.authenticate(user.username, password.toCharArray(), null));
}