#849 Catch exception in TwoFactor hash and write unit tests

src/main/java/fr/xephi/authme/security/crypts/TwoFactor.java

@@ -4,12 +4,14 @@ import com.google.common.escape.Escaper;
 import com.google.common.io.BaseEncoding;
 import com.google.common.net.UrlEscapers;
 import com.google.common.primitives.Ints;
-
+import fr.xephi.authme.ConsoleLogger;
 import fr.xephi.authme.security.crypts.description.HasSalt;
 import fr.xephi.authme.security.crypts.description.Recommendation;
 import fr.xephi.authme.security.crypts.description.SaltType;
 import fr.xephi.authme.security.crypts.description.Usage;
 
+import javax.crypto.Mac;
+import javax.crypto.spec.SecretKeySpec;
 import java.security.InvalidKeyException;
 import java.security.NoSuchAlgorithmException;
 import java.security.SecureRandom;
@@ -17,9 +19,6 @@ import java.util.Arrays;
 import java.util.Calendar;
 import java.util.concurrent.TimeUnit;
 
-import javax.crypto.Mac;
-import javax.crypto.spec.SecretKeySpec;
-
 @Recommendation(Usage.DOES_NOT_WORK)
 @HasSalt(SaltType.NONE)
 public class TwoFactor extends UnsaltedMethod {
@@ -58,12 +57,13 @@ public class TwoFactor extends UnsaltedMethod {
     public boolean comparePassword(String password, HashedPassword hashedPassword, String name) {
         try {
             return checkPassword(hashedPassword.getHash(), password);
-        } catch (NoSuchAlgorithmException | InvalidKeyException encryptionException) {
-            throw new UnsupportedOperationException("Failed to compare passwords", encryptionException);
+        } catch (Exception e) {
+            ConsoleLogger.logException("Failed to verify two auth code:", e);
+            return false;
         }
     }
 
-    public boolean checkPassword(String secretKey, String userInput)
+    private boolean checkPassword(String secretKey, String userInput)
             throws NoSuchAlgorithmException, InvalidKeyException {
         Integer code = Ints.tryParse(userInput);
         if (code == null) {

src/test/java/fr/xephi/authme/security/crypts/TwoFactorTest.java

@@ -0,0 +1,63 @@
+package fr.xephi.authme.security.crypts;
+
+import fr.xephi.authme.TestHelper;
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+import static org.hamcrest.Matchers.equalTo;
+import static org.junit.Assert.assertThat;
+
+/**
+ * Test for {@link TwoFactor}.
+ */
+public class TwoFactorTest {
+
+    @BeforeClass
+    public static void initLogger() {
+        TestHelper.setupLogger();
+    }
+
+    @Test
+    public void shouldGenerateBarcodeUrl() {
+        // given
+        String user = "tester";
+        String host = "192.168.0.4";
+        String secret = "3AK6Y4KWGRLJMEQW";
+
+        // when
+        String url = TwoFactor.getQRBarcodeURL(user, host, secret);
+
+        // then
+        String expected = "https://www.google.com/chart?chs=130x130&chld=M%7C0&cht=qr"
+            + "&chl=otpauth://totp/tester@192.168.0.4%3Fsecret%3D3AK6Y4KWGRLJMEQW";
+        assertThat(url, equalTo(expected));
+    }
+
+    @Test
+    public void shouldHandleInvalidHash() {
+        // given
+        HashedPassword password = new HashedPassword("!@&#@!(*&@");
+        String inputPassword = "12345";
+        TwoFactor twoFactor = new TwoFactor();
+
+        // when
+        boolean result = twoFactor.comparePassword(inputPassword, password, "name");
+
+        // then
+        assertThat(result, equalTo(false));
+    }
+
+    @Test
+    public void shouldHandleInvalidInput() {
+        // given
+        HashedPassword password = new HashedPassword("3AK6Y4KWGRLJMEQW");
+        String inputPassword = "notA_number!";
+        TwoFactor twoFactor = new TwoFactor();
+
+        // when
+        boolean result = twoFactor.comparePassword(inputPassword, password, "name");
+
+        // then
+        assertThat(result, equalTo(false));
+    }
+}