123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365 |
- /*
- * Copyright 2013 gitblit.com.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
- package com.gitblit.tests;
-
- import java.io.File;
- import java.io.FilenameFilter;
- import java.io.IOException;
- import java.util.HashMap;
-
- import org.apache.commons.io.FileUtils;
- import org.junit.After;
- import org.junit.Before;
- import org.junit.Test;
-
- import com.gitblit.IStoredSettings;
- import com.gitblit.auth.HtpasswdAuthProvider;
- import com.gitblit.manager.RuntimeManager;
- import com.gitblit.manager.UserManager;
- import com.gitblit.models.UserModel;
- import com.gitblit.tests.mock.MemorySettings;
-
- /**
- * Test the Htpasswd user service.
- *
- */
- public class HtpasswdAuthenticationTest extends GitblitUnitTest {
-
- private static final String RESOURCE_DIR = "src/test/resources/htpasswd/";
- private static final String KEY_SUPPORT_PLAINTEXT_PWD = "realm.htpasswd.supportPlaintextPasswords";
-
- private static final int NUM_USERS_HTPASSWD = 10;
-
- private static final MemorySettings MS = new MemorySettings(new HashMap<String, Object>());
-
- private HtpasswdAuthProvider htpasswd;
-
-
- private MemorySettings getSettings(String userfile, String groupfile, Boolean overrideLA)
- {
- MS.put("realm.userService", RESOURCE_DIR + "users.conf");
- MS.put("realm.htpasswd.userfile", (userfile == null) ? (RESOURCE_DIR + "htpasswd") : userfile);
- MS.put("realm.htpasswd.groupfile", (groupfile == null) ? (RESOURCE_DIR + "htgroup") : groupfile);
- MS.put("realm.htpasswd.overrideLocalAuthentication", (overrideLA == null) ? "false" : overrideLA.toString());
- // Default to keep test the same on all platforms.
- MS.put(KEY_SUPPORT_PLAINTEXT_PWD, "false");
-
- return MS;
- }
-
- private MemorySettings getSettings()
- {
- return getSettings(null, null, null);
- }
-
- private void setupUS()
- {
- htpasswd = newHtpasswdAuthentication(getSettings());
- }
-
- private HtpasswdAuthProvider newHtpasswdAuthentication(IStoredSettings settings) {
- RuntimeManager runtime = new RuntimeManager(settings, GitBlitSuite.BASEFOLDER).start();
- UserManager users = new UserManager(runtime).start();
- HtpasswdAuthProvider htpasswd = new HtpasswdAuthProvider();
- htpasswd.setup(runtime, users);
- return htpasswd;
- }
-
-
- private void copyInFiles() throws IOException
- {
- File dir = new File(RESOURCE_DIR);
- FilenameFilter filter = new FilenameFilter() {
- @Override
- public boolean accept(File dir, String file) {
- return file.endsWith(".in");
- }
- };
- for (File inf : dir.listFiles(filter)) {
- File dest = new File(inf.getParent(), inf.getName().substring(0, inf.getName().length() - 3));
- FileUtils.copyFile(inf, dest);
- }
- }
-
-
- private void deleteGeneratedFiles()
- {
- File dir = new File(RESOURCE_DIR);
- FilenameFilter filter = new FilenameFilter() {
- @Override
- public boolean accept(File dir, String file) {
- return !(file.endsWith(".in"));
- }
- };
- for (File file : dir.listFiles(filter)) {
- file.delete();
- }
- }
-
-
- @Before
- public void setup() throws IOException
- {
- copyInFiles();
- setupUS();
- }
-
-
- @After
- public void tearDown()
- {
- deleteGeneratedFiles();
- }
-
-
-
- @Test
- public void testSetup() throws IOException
- {
- assertEquals(NUM_USERS_HTPASSWD, htpasswd.getNumberHtpasswdUsers());
- }
-
-
- @Test
- public void testAuthenticate()
- {
- MS.put(KEY_SUPPORT_PLAINTEXT_PWD, "true");
- UserModel user = htpasswd.authenticate("user1", "pass1".toCharArray());
- assertNotNull(user);
- assertEquals("user1", user.username);
-
- user = htpasswd.authenticate("user2", "pass2".toCharArray());
- assertNotNull(user);
- assertEquals("user2", user.username);
-
- // Test different encryptions
- user = htpasswd.authenticate("plain", "passWord".toCharArray());
- assertNotNull(user);
- assertEquals("plain", user.username);
-
- MS.put(KEY_SUPPORT_PLAINTEXT_PWD, "false");
- user = htpasswd.authenticate("crypt", "password".toCharArray());
- assertNotNull(user);
- assertEquals("crypt", user.username);
-
- user = htpasswd.authenticate("md5", "password".toCharArray());
- assertNotNull(user);
- assertEquals("md5", user.username);
-
- user = htpasswd.authenticate("sha", "password".toCharArray());
- assertNotNull(user);
- assertEquals("sha", user.username);
-
-
- // Test leading and trailing whitespace
- user = htpasswd.authenticate("trailing", "whitespace".toCharArray());
- assertNotNull(user);
- assertEquals("trailing", user.username);
-
- user = htpasswd.authenticate("tabbed", "frontAndBack".toCharArray());
- assertNotNull(user);
- assertEquals("tabbed", user.username);
-
- user = htpasswd.authenticate("leading", "whitespace".toCharArray());
- assertNotNull(user);
- assertEquals("leading", user.username);
- }
-
-
- @Test
- public void testAttributes()
- {
- MS.put(KEY_SUPPORT_PLAINTEXT_PWD, "true");
- UserModel user = htpasswd.authenticate("user1", "pass1".toCharArray());
- assertNotNull(user);
- assertEquals("El Capitan", user.displayName);
- assertEquals("cheffe@example.com", user.emailAddress);
- assertTrue(user.canAdmin);
-
- user = htpasswd.authenticate("user2", "pass2".toCharArray());
- assertNotNull(user);
- assertEquals("User Two", user.displayName);
- assertTrue(user.canCreate);
- assertTrue(user.canFork);
- }
-
-
- @Test
- public void testAuthenticateDenied()
- {
- UserModel user = null;
- MS.put(KEY_SUPPORT_PLAINTEXT_PWD, "true");
- user = htpasswd.authenticate("user1", "".toCharArray());
- assertNull("User 'user1' falsely authenticated.", user);
-
- user = htpasswd.authenticate("user1", "pass2".toCharArray());
- assertNull("User 'user1' falsely authenticated.", user);
-
- user = htpasswd.authenticate("user2", "lalala".toCharArray());
- assertNull("User 'user2' falsely authenticated.", user);
-
-
- user = htpasswd.authenticate("user3", "disabled".toCharArray());
- assertNull("User 'user3' falsely authenticated.", user);
-
- user = htpasswd.authenticate("user4", "disabled".toCharArray());
- assertNull("User 'user4' falsely authenticated.", user);
-
-
- user = htpasswd.authenticate("plain", "text".toCharArray());
- assertNull("User 'plain' falsely authenticated.", user);
-
- user = htpasswd.authenticate("plain", "password".toCharArray());
- assertNull("User 'plain' falsely authenticated.", user);
-
-
- MS.put(KEY_SUPPORT_PLAINTEXT_PWD, "false");
-
- user = htpasswd.authenticate("crypt", "".toCharArray());
- assertNull("User 'cyrpt' falsely authenticated.", user);
-
- user = htpasswd.authenticate("crypt", "passwd".toCharArray());
- assertNull("User 'crypt' falsely authenticated.", user);
-
- user = htpasswd.authenticate("md5", "".toCharArray());
- assertNull("User 'md5' falsely authenticated.", user);
-
- user = htpasswd.authenticate("md5", "pwd".toCharArray());
- assertNull("User 'md5' falsely authenticated.", user);
-
- user = htpasswd.authenticate("sha", "".toCharArray());
- assertNull("User 'sha' falsely authenticated.", user);
-
- user = htpasswd.authenticate("sha", "letmein".toCharArray());
- assertNull("User 'sha' falsely authenticated.", user);
-
-
- user = htpasswd.authenticate(" tabbed", "frontAndBack".toCharArray());
- assertNull("User 'tabbed' falsely authenticated.", user);
-
- user = htpasswd.authenticate(" leading", "whitespace".toCharArray());
- assertNull("User 'leading' falsely authenticated.", user);
- }
-
-
- @Test
- public void testCleartextIntrusion()
- {
- MS.put(KEY_SUPPORT_PLAINTEXT_PWD, "true");
- assertNull(htpasswd.authenticate("md5", "$apr1$qAGGNfli$sAn14mn.WKId/3EQS7KSX0".toCharArray()));
- assertNull(htpasswd.authenticate("sha", "{SHA}W6ph5Mm5Pz8GgiULbPgzG37mj9g=".toCharArray()));
-
- assertNull(htpasswd.authenticate("user1", "#externalAccount".toCharArray()));
-
- MS.put(KEY_SUPPORT_PLAINTEXT_PWD, "false");
- assertNull(htpasswd.authenticate("md5", "$apr1$qAGGNfli$sAn14mn.WKId/3EQS7KSX0".toCharArray()));
- assertNull(htpasswd.authenticate("sha", "{SHA}W6ph5Mm5Pz8GgiULbPgzG37mj9g=".toCharArray()));
-
- assertNull(htpasswd.authenticate("user1", "#externalAccount".toCharArray()));
- }
-
-
- @Test
- public void testCryptVsPlaintext()
- {
- MS.put(KEY_SUPPORT_PLAINTEXT_PWD, "false");
- assertNull(htpasswd.authenticate("crypt", "6TmlbxqZ2kBIA".toCharArray()));
- assertNotNull(htpasswd.authenticate("crypt", "password".toCharArray()));
-
- MS.put(KEY_SUPPORT_PLAINTEXT_PWD, "true");
- assertNotNull(htpasswd.authenticate("crypt", "6TmlbxqZ2kBIA".toCharArray()));
- assertNull(htpasswd.authenticate("crypt", "password".toCharArray()));
- }
-
- @Test
- public void testChangeHtpasswdFile()
- {
- UserModel user;
-
- // User default set up.
- user = htpasswd.authenticate("md5", "password".toCharArray());
- assertNotNull(user);
- assertEquals("md5", user.username);
-
- user = htpasswd.authenticate("sha", "password".toCharArray());
- assertNotNull(user);
- assertEquals("sha", user.username);
-
- user = htpasswd.authenticate("blueone", "GoBlue!".toCharArray());
- assertNull(user);
-
- user = htpasswd.authenticate("bluetwo", "YayBlue!".toCharArray());
- assertNull(user);
-
-
- // Switch to different htpasswd file.
- getSettings(RESOURCE_DIR + "htpasswd-user", null, null);
-
- user = htpasswd.authenticate("md5", "password".toCharArray());
- assertNull(user);
-
- user = htpasswd.authenticate("sha", "password".toCharArray());
- assertNull(user);
-
- user = htpasswd.authenticate("blueone", "GoBlue!".toCharArray());
- assertNotNull(user);
- assertEquals("blueone", user.username);
-
- user = htpasswd.authenticate("bluetwo", "YayBlue!".toCharArray());
- assertNotNull(user);
- assertEquals("bluetwo", user.username);
- }
-
-
- @Test
- public void testChangeHtpasswdFileNotExisting()
- {
- UserModel user;
-
- // User default set up.
- user = htpasswd.authenticate("md5", "password".toCharArray());
- assertNotNull(user);
- assertEquals("md5", user.username);
-
- user = htpasswd.authenticate("sha", "password".toCharArray());
- assertNotNull(user);
- assertEquals("sha", user.username);
-
- user = htpasswd.authenticate("blueone", "GoBlue!".toCharArray());
- assertNull(user);
-
- user = htpasswd.authenticate("bluetwo", "YayBlue!".toCharArray());
- assertNull(user);
-
-
- // Switch to different htpasswd file that doesn't exist.
- // Currently we stop working with old users upon this change.
- getSettings(RESOURCE_DIR + "no-such-file", null, null);
-
- user = htpasswd.authenticate("md5", "password".toCharArray());
- assertNull(user);
-
- user = htpasswd.authenticate("sha", "password".toCharArray());
- assertNull(user);
-
- user = htpasswd.authenticate("blueone", "GoBlue!".toCharArray());
- assertNull(user);
-
- user = htpasswd.authenticate("bluetwo", "YayBlue!".toCharArray());
- assertNull(user);
- }
-
- }
|