mirror of
https://github.com/AuthMe/AuthMeReloaded.git
synced 2024-12-24 17:47:38 +01:00
#849 Catch exception in TwoFactor hash and write unit tests
This commit is contained in:
parent
3616c3187e
commit
160cbc6aa4
@ -4,12 +4,14 @@ import com.google.common.escape.Escaper;
|
||||
import com.google.common.io.BaseEncoding;
|
||||
import com.google.common.net.UrlEscapers;
|
||||
import com.google.common.primitives.Ints;
|
||||
|
||||
import fr.xephi.authme.ConsoleLogger;
|
||||
import fr.xephi.authme.security.crypts.description.HasSalt;
|
||||
import fr.xephi.authme.security.crypts.description.Recommendation;
|
||||
import fr.xephi.authme.security.crypts.description.SaltType;
|
||||
import fr.xephi.authme.security.crypts.description.Usage;
|
||||
|
||||
import javax.crypto.Mac;
|
||||
import javax.crypto.spec.SecretKeySpec;
|
||||
import java.security.InvalidKeyException;
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
import java.security.SecureRandom;
|
||||
@ -17,9 +19,6 @@ import java.util.Arrays;
|
||||
import java.util.Calendar;
|
||||
import java.util.concurrent.TimeUnit;
|
||||
|
||||
import javax.crypto.Mac;
|
||||
import javax.crypto.spec.SecretKeySpec;
|
||||
|
||||
@Recommendation(Usage.DOES_NOT_WORK)
|
||||
@HasSalt(SaltType.NONE)
|
||||
public class TwoFactor extends UnsaltedMethod {
|
||||
@ -58,12 +57,13 @@ public class TwoFactor extends UnsaltedMethod {
|
||||
public boolean comparePassword(String password, HashedPassword hashedPassword, String name) {
|
||||
try {
|
||||
return checkPassword(hashedPassword.getHash(), password);
|
||||
} catch (NoSuchAlgorithmException | InvalidKeyException encryptionException) {
|
||||
throw new UnsupportedOperationException("Failed to compare passwords", encryptionException);
|
||||
} catch (Exception e) {
|
||||
ConsoleLogger.logException("Failed to verify two auth code:", e);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
public boolean checkPassword(String secretKey, String userInput)
|
||||
private boolean checkPassword(String secretKey, String userInput)
|
||||
throws NoSuchAlgorithmException, InvalidKeyException {
|
||||
Integer code = Ints.tryParse(userInput);
|
||||
if (code == null) {
|
||||
|
@ -0,0 +1,63 @@
|
||||
package fr.xephi.authme.security.crypts;
|
||||
|
||||
import fr.xephi.authme.TestHelper;
|
||||
import org.junit.BeforeClass;
|
||||
import org.junit.Test;
|
||||
|
||||
import static org.hamcrest.Matchers.equalTo;
|
||||
import static org.junit.Assert.assertThat;
|
||||
|
||||
/**
|
||||
* Test for {@link TwoFactor}.
|
||||
*/
|
||||
public class TwoFactorTest {
|
||||
|
||||
@BeforeClass
|
||||
public static void initLogger() {
|
||||
TestHelper.setupLogger();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void shouldGenerateBarcodeUrl() {
|
||||
// given
|
||||
String user = "tester";
|
||||
String host = "192.168.0.4";
|
||||
String secret = "3AK6Y4KWGRLJMEQW";
|
||||
|
||||
// when
|
||||
String url = TwoFactor.getQRBarcodeURL(user, host, secret);
|
||||
|
||||
// then
|
||||
String expected = "https://www.google.com/chart?chs=130x130&chld=M%7C0&cht=qr"
|
||||
+ "&chl=otpauth://totp/tester@192.168.0.4%3Fsecret%3D3AK6Y4KWGRLJMEQW";
|
||||
assertThat(url, equalTo(expected));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void shouldHandleInvalidHash() {
|
||||
// given
|
||||
HashedPassword password = new HashedPassword("!@&#@!(*&@");
|
||||
String inputPassword = "12345";
|
||||
TwoFactor twoFactor = new TwoFactor();
|
||||
|
||||
// when
|
||||
boolean result = twoFactor.comparePassword(inputPassword, password, "name");
|
||||
|
||||
// then
|
||||
assertThat(result, equalTo(false));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void shouldHandleInvalidInput() {
|
||||
// given
|
||||
HashedPassword password = new HashedPassword("3AK6Y4KWGRLJMEQW");
|
||||
String inputPassword = "notA_number!";
|
||||
TwoFactor twoFactor = new TwoFactor();
|
||||
|
||||
// when
|
||||
boolean result = twoFactor.comparePassword(inputPassword, password, "name");
|
||||
|
||||
// then
|
||||
assertThat(result, equalTo(false));
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue
Block a user