if (user.getHashMethod() == null) { throw AuthenticationException.newBuilder() .setSource(Source.local(method)) hashMethod = HashMethod.valueOf(user.getHashMethod()); } catch (IllegalArgumentException ex) { throw AuthenticationException.newBuilder() .setSource(Source.local(method)) .setLogin(user.getLogin()) .setMessage(format("Unknown hash method [%s]", user.getHashMethod())) .build();
assertThat(user.getSalt()).isEqualTo("1234"); assertThat(user.getCryptedPassword()).isEqualTo("abcd"); assertThat(user.getHashMethod()).isEqualTo("SHA1"); assertThat(user.getExternalLogin()).isEqualTo("johngithub"); assertThat(user.getExternalIdentityProvider()).isEqualTo("github");
@Test public void reactivate_user() { UserDto user = db.users().insertUser(u -> u.setActive(false)); createDefaultGroup(); underTest.reactivateAndCommit(db.getSession(), user, NewUser.builder() .setLogin("marius") .setName("Marius2") .setEmail("marius2@mail.com") .setPassword("password2") .build(), u -> { }); UserDto reloaded = dbClient.userDao().selectByUuid(session, user.getUuid()); assertThat(reloaded.isActive()).isTrue(); assertThat(reloaded.getLogin()).isEqualTo("marius"); assertThat(reloaded.getName()).isEqualTo("Marius2"); assertThat(reloaded.getEmail()).isEqualTo("marius2@mail.com"); assertThat(reloaded.getScmAccounts()).isNull(); assertThat(reloaded.isLocal()).isTrue(); assertThat(reloaded.getSalt()).isNull(); assertThat(reloaded.getHashMethod()).isEqualTo(HashMethod.BCRYPT.name()); assertThat(reloaded.getCryptedPassword()).isNotNull().isNotEqualTo("650d2261c98361e2f67f90ce5c65a95e7d8ea2fg"); assertThat(reloaded.getCreatedAt()).isEqualTo(user.getCreatedAt()); assertThat(reloaded.getUpdatedAt()).isGreaterThan(user.getCreatedAt()); }
assertThat(dto.getHashMethod()).isEqualTo(HashMethod.BCRYPT.name()); assertThat(dto.getCryptedPassword()).isNotNull(); assertThat(dto.getCreatedAt())
assertThat(reloaded.getSalt()).isEqualTo("12345"); assertThat(reloaded.getCryptedPassword()).isEqualTo("abcde"); assertThat(reloaded.getHashMethod()).isEqualTo("BCRYPT"); assertThat(reloaded.getExternalLogin()).isEqualTo("johngithub"); assertThat(reloaded.getExternalIdentityProvider()).isEqualTo("github");
@Test public void authentication_upgrade_hash_function_when_SHA1_was_used() { String password = randomAlphanumeric(60); byte[] saltRandom = new byte[20]; RANDOM.nextBytes(saltRandom); String salt = DigestUtils.sha1Hex(saltRandom); UserDto user = newUserDto() .setLogin("myself") .setHashMethod(SHA1.name()) .setCryptedPassword(DigestUtils.sha1Hex("--" + salt + "--" + password + "--")) .setSalt(salt); db.users().insertUser(user); underTest.authenticate(db.getSession(), user, password, AuthenticationEvent.Method.BASIC); Optional<UserDto> myself = db.users().selectUserByLogin("myself"); assertThat(myself).isPresent(); assertThat(myself.get().getHashMethod()).isEqualTo(BCRYPT.name()); assertThat(myself.get().getSalt()).isNull(); // authentication must work with upgraded hash method underTest.authenticate(db.getSession(), user, password, AuthenticationEvent.Method.BASIC); } }
if (user.getHashMethod() == null) { throw AuthenticationException.newBuilder() .setSource(Source.local(method)) hashMethod = HashMethod.valueOf(user.getHashMethod()); } catch (IllegalArgumentException ex) { throw AuthenticationException.newBuilder() .setSource(Source.local(method)) .setLogin(user.getLogin()) .setMessage(format("Unknown hash method [%s]", user.getHashMethod())) .build();