Upstream/AuthMeReloaded
1
0
Fork 0
mirror of https://github.com/AuthMe/AuthMeReloaded.git synced 2025-02-03 21:41:30 +01:00
Code Issues Projects Releases Wiki Activity

#653 Empty salt column causes error when retrieving password

Browse Source 
- Handle potentially empty salt column in MySQL and SQLite
- Create unit tests reflecting these cases
This commit is contained in:
ljacqu 2016-04-14 11:48:24 +02:00
parent 3c59bb1efb
commit 3bb7ff2b85
5 changed files with 59 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
src/main/java/fr/xephi/authme/datasource/MySQL.java
View File

@ -274,20 +274,20 @@ public class MySQL implements DataSource {
@Override @Override
public HashedPassword getPassword(String user) { public HashedPassword getPassword(String user) {
String sql = "SELECT " + col.PASSWORD + "," + col.SALT + " FROM " + tableName boolean useSalt = !col.SALT.isEmpty();
+ " WHERE " + col.NAME + "=?;"; String sql = "SELECT " + col.PASSWORD
ResultSet rs = null; + (useSalt ? ", " + col.SALT : "")
+ " FROM " + tableName + " WHERE " + col.NAME + "=?;";
try (Connection con = getConnection(); PreparedStatement pst = con.prepareStatement(sql)) { try (Connection con = getConnection(); PreparedStatement pst = con.prepareStatement(sql)) {
pst.setString(1, user.toLowerCase()); pst.setString(1, user.toLowerCase());
rs = pst.executeQuery(); try (ResultSet rs = pst.executeQuery()) {
if (rs.next()) { if (rs.next()) {
return new HashedPassword(rs.getString(col.PASSWORD), return new HashedPassword(rs.getString(col.PASSWORD),
!col.SALT.isEmpty() ? rs.getString(col.SALT) : null); useSalt ? rs.getString(col.SALT) : null);
}
} }
} catch (SQLException ex) { } catch (SQLException ex) {
logSqlException(ex); logSqlException(ex);
} finally {
close(rs);
} }
return null; return null;
} }

22
src/main/java/fr/xephi/authme/datasource/SQLite.java
View File

@ -154,22 +154,20 @@ public class SQLite implements DataSource {
@Override @Override
public HashedPassword getPassword(String user) { public HashedPassword getPassword(String user) {
PreparedStatement pst = null; boolean useSalt = !col.SALT.isEmpty();
ResultSet rs = null; String sql = "SELECT " + col.PASSWORD
try { + (useSalt ? ", " + col.SALT : "")
pst = con.prepareStatement("SELECT " + col.PASSWORD + "," + col.SALT + " FROM " + tableName + " WHERE " + col.NAME + "=?";
+ " FROM " + tableName + " WHERE " + col.NAME + "=?"); try (PreparedStatement pst = con.prepareStatement(sql)) {
pst.setString(1, user); pst.setString(1, user);
rs = pst.executeQuery(); try (ResultSet rs = pst.executeQuery()) {
if (rs.next()) { if (rs.next()) {
return new HashedPassword(rs.getString(col.PASSWORD), return new HashedPassword(rs.getString(col.PASSWORD),
!col.SALT.isEmpty() ? rs.getString(col.SALT) : null); useSalt ? rs.getString(col.SALT) : null);
}
} }
} catch (SQLException ex) { } catch (SQLException ex) {
logSqlException(ex); logSqlException(ex);
} finally {
close(rs);
close(pst);
} }
return null; return null;
} }

37
src/test/java/fr/xephi/authme/datasource/AbstractDataSourceIntegrationTest.java
View File

@ -22,7 +22,11 @@ import static org.junit.Assume.assumeThat;
*/ */
public abstract class AbstractDataSourceIntegrationTest { public abstract class AbstractDataSourceIntegrationTest {
protected abstract DataSource getDataSource(); protected DataSource getDataSource() {
return getDataSource("salt");
}
protected abstract DataSource getDataSource(String saltColumn);
@Test @Test
public void shouldReturnIfAuthIsAvailableOrNot() { public void shouldReturnIfAuthIsAvailableOrNot() {
@ -56,6 +60,22 @@ public abstract class AbstractDataSourceIntegrationTest {
assertThat(userPassword, equalToHash("b28c32f624a4eb161d6adc9acb5bfc5b", "f750ba32")); assertThat(userPassword, equalToHash("b28c32f624a4eb161d6adc9acb5bfc5b", "f750ba32"));
} }
@Test
public void shouldReturnPasswordWithEmptySaltColumn() {
// given
DataSource dataSource = getDataSource("");
// when
HashedPassword bobbyPassword = dataSource.getPassword("bobby");
HashedPassword invalidPassword = dataSource.getPassword("doesNotExist");
HashedPassword userPassword = dataSource.getPassword("user");
// then
assertThat(bobbyPassword, equalToHash("$SHA$11aa0706173d7272$dbba966"));
assertThat(invalidPassword, nullValue());
assertThat(userPassword, equalToHash("b28c32f624a4eb161d6adc9acb5bfc5b"));
}
@Test @Test
public void shouldGetAuth() { public void shouldGetAuth() {
// given // given
@ -133,6 +153,21 @@ public abstract class AbstractDataSourceIntegrationTest {
assertThat(dataSource.getPassword("user"), equalToHash(newHash)); assertThat(dataSource.getPassword("user"), equalToHash(newHash));
} }
@Test
public void shouldUpdatePasswordWithNoSalt() {
// given
DataSource dataSource = getDataSource("");
HashedPassword newHash = new HashedPassword("new_hash", "1241");
// when
boolean response1 = dataSource.updatePassword("user", newHash);
boolean response2 = dataSource.updatePassword("non-existent-name", new HashedPassword("asdfasdf", "a1f34ec"));
// then
assertThat(response1 && response2, equalTo(true));
assertThat(dataSource.getPassword("user"), equalToHash("new_hash"));
}
@Test @Test
public void shouldRemovePlayerAuth() { public void shouldRemovePlayerAuth() {
// given // given

4
src/test/java/fr/xephi/authme/datasource/MySqlIntegrationTest.java
View File

@ -53,7 +53,6 @@ public class MySqlIntegrationTest extends AbstractDataSourceIntegrationTest {
}); });
set(DatabaseSettings.MYSQL_DATABASE, "h2_test"); set(DatabaseSettings.MYSQL_DATABASE, "h2_test");
set(DatabaseSettings.MYSQL_TABLE, "authme"); set(DatabaseSettings.MYSQL_TABLE, "authme");
set(DatabaseSettings.MYSQL_COL_SALT, "salt");
ConsoleLoggerTestInitializer.setupLogger(); ConsoleLoggerTestInitializer.setupLogger();
Path sqlInitFile = TestHelper.getJarPath("/datasource-integration/sql-initialize.sql"); Path sqlInitFile = TestHelper.getJarPath("/datasource-integration/sql-initialize.sql");
@ -80,7 +79,8 @@ public class MySqlIntegrationTest extends AbstractDataSourceIntegrationTest {
} }
@Override @Override
protected DataSource getDataSource() { protected DataSource getDataSource(String saltColumn) {
when(settings.getProperty(DatabaseSettings.MYSQL_COL_SALT)).thenReturn(saltColumn);
return new MySQL(settings, hikariSource); return new MySQL(settings, hikariSource);
} }

3
src/test/java/fr/xephi/authme/datasource/SQLiteIntegrationTest.java
View File

@ -75,7 +75,8 @@ public class SQLiteIntegrationTest extends AbstractDataSourceIntegrationTest {
} }
@Override @Override
protected DataSource getDataSource() { protected DataSource getDataSource(String saltColumn) {
when(settings.getProperty(DatabaseSettings.MYSQL_COL_SALT)).thenReturn(saltColumn);
return new SQLite(settings, con); return new SQLite(settings, con);
} }