mirror of
https://github.com/AuthMe/AuthMeReloaded.git
synced 2024-12-29 12:07:35 +01:00
#375 Issue warning instead of failing test for non-ASCII password
- Add javadoc to fields
This commit is contained in:
parent
9314612050
commit
71a9f4140b
@ -1,7 +1,6 @@
|
|||||||
package fr.xephi.authme.security.crypts;
|
package fr.xephi.authme.security.crypts;
|
||||||
|
|
||||||
import fr.xephi.authme.security.PasswordSecurity;
|
import fr.xephi.authme.security.PasswordSecurity;
|
||||||
import org.junit.Ignore;
|
|
||||||
import org.junit.Test;
|
import org.junit.Test;
|
||||||
|
|
||||||
import java.security.NoSuchAlgorithmException;
|
import java.security.NoSuchAlgorithmException;
|
||||||
@ -17,13 +16,33 @@ import static org.junit.Assert.assertTrue;
|
|||||||
// TODO #358: Remove NoSuchAlgorithm try-catch-es when no longer necessary
|
// TODO #358: Remove NoSuchAlgorithm try-catch-es when no longer necessary
|
||||||
public abstract class AbstractEncryptionMethodTest {
|
public abstract class AbstractEncryptionMethodTest {
|
||||||
|
|
||||||
|
/** The username used to query {@link EncryptionMethod#comparePassword}. */
|
||||||
public static final String USERNAME = "Test_Player00";
|
public static final String USERNAME = "Test_Player00";
|
||||||
|
/**
|
||||||
|
* List of passwords whose hash is provided to the class to test against; this verifies that previously constructed
|
||||||
|
* hashes remain valid.
|
||||||
|
*/
|
||||||
public static final String[] GIVEN_PASSWORDS = {"password", "PassWord1", "&^%te$t?Pw@_", "âË_3(íù*"};
|
public static final String[] GIVEN_PASSWORDS = {"password", "PassWord1", "&^%te$t?Pw@_", "âË_3(íù*"};
|
||||||
|
/**
|
||||||
|
* List of passwords that are hashed at runtime and then tested against; this verifies that hashes that are
|
||||||
|
* generated are valid.
|
||||||
|
*/
|
||||||
private static final String[] INTERNAL_PASSWORDS = {"test1234", "Ab_C73", "(!#&$~`_-Aa0", "Ûïé1&?+A"};
|
private static final String[] INTERNAL_PASSWORDS = {"test1234", "Ab_C73", "(!#&$~`_-Aa0", "Ûïé1&?+A"};
|
||||||
|
|
||||||
|
/** The encryption method to test. */
|
||||||
private EncryptionMethod method;
|
private EncryptionMethod method;
|
||||||
|
/** Map with the hashes against which the entries in GIVEN_PASSWORDS are tested. */
|
||||||
private Map<String, String> hashes;
|
private Map<String, String> hashes;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Create a new test for the given encryption method.
|
||||||
|
*
|
||||||
|
* @param method The encryption method to test
|
||||||
|
* @param hash0 The pre-generated hash for the first {@link #GIVEN_PASSWORDS}
|
||||||
|
* @param hash1 The pre-generated hash for the second {@link #GIVEN_PASSWORDS}
|
||||||
|
* @param hash2 The pre-generated hash for the third {@link #GIVEN_PASSWORDS}
|
||||||
|
* @param hash3 The pre-generated hash for the fourth {@link #GIVEN_PASSWORDS}
|
||||||
|
*/
|
||||||
public AbstractEncryptionMethodTest(EncryptionMethod method, String hash0, String hash1,
|
public AbstractEncryptionMethodTest(EncryptionMethod method, String hash0, String hash1,
|
||||||
String hash2, String hash3) {
|
String hash2, String hash3) {
|
||||||
this.method = method;
|
this.method = method;
|
||||||
@ -36,13 +55,21 @@ public abstract class AbstractEncryptionMethodTest {
|
|||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testGivenPasswords() {
|
public void testGivenPasswords() {
|
||||||
for (String password : GIVEN_PASSWORDS) {
|
// Test all entries in GIVEN_PASSWORDS except the last one
|
||||||
try {
|
for (int i = 0; i < GIVEN_PASSWORDS.length - 1; ++i) {
|
||||||
assertTrue("Hash for password '" + password + "' should match",
|
String password = GIVEN_PASSWORDS[i];
|
||||||
method.comparePassword(hashes.get(password), password, USERNAME));
|
assertTrue("Hash for password '" + password + "' should match",
|
||||||
} catch (NoSuchAlgorithmException e) {
|
doesGivenHashMatch(password, method));
|
||||||
throw new IllegalStateException("EncryptionMethod '" + method + "' threw exception", e);
|
}
|
||||||
}
|
|
||||||
|
// Note #375: Windows console seems to use its own character encoding (Windows-1252?) and it seems impossible to
|
||||||
|
// force it to use UTF-8, so passwords with non-ASCII characters will fail. Since we do not recommend to use
|
||||||
|
// such characters in passwords (something outside of our control, e.g. a database system, might also cause
|
||||||
|
// problems), we will check the last password in GIVEN_PASSWORDS in a non-failing way; if the hash doesn't match
|
||||||
|
// we'll just issue a message to System.err
|
||||||
|
String lastPassword = GIVEN_PASSWORDS[GIVEN_PASSWORDS.length - 1];
|
||||||
|
if (!doesGivenHashMatch(lastPassword, method)) {
|
||||||
|
System.err.println("Note: Hash for password '" + lastPassword + "' does not match for method " + method);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -67,6 +94,14 @@ public abstract class AbstractEncryptionMethodTest {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private boolean doesGivenHashMatch(String password, EncryptionMethod method) {
|
||||||
|
try {
|
||||||
|
return method.comparePassword(hashes.get(password), password, USERNAME);
|
||||||
|
} catch (NoSuchAlgorithmException e) {
|
||||||
|
throw new IllegalStateException("EncryptionMethod '" + method + "' threw exception", e);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// @org.junit.Test public void a() { AbstractEncryptionMethodTest.generateTest(); }
|
// @org.junit.Test public void a() { AbstractEncryptionMethodTest.generateTest(); }
|
||||||
// TODO #364: Remove this method
|
// TODO #364: Remove this method
|
||||||
static void generateTest(EncryptionMethod method) {
|
static void generateTest(EncryptionMethod method) {
|
||||||
@ -85,7 +120,7 @@ public abstract class AbstractEncryptionMethodTest {
|
|||||||
System.out.println("\t\t\"" + method.computeHash(password, getSalt(method), USERNAME)
|
System.out.println("\t\t\"" + method.computeHash(password, getSalt(method), USERNAME)
|
||||||
+ "\"" + delim + "// " + password);
|
+ "\"" + delim + "// " + password);
|
||||||
} catch (NoSuchAlgorithmException e) {
|
} catch (NoSuchAlgorithmException e) {
|
||||||
throw new RuntimeException("Could not generate hash", e);
|
throw new IllegalStateException("Could not generate hash", e);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
System.out.println("\t}");
|
System.out.println("\t}");
|
||||||
@ -115,9 +150,9 @@ public abstract class AbstractEncryptionMethodTest {
|
|||||||
return BCRYPT.gensalt(8);
|
return BCRYPT.gensalt(8);
|
||||||
}
|
}
|
||||||
} catch (NoSuchAlgorithmException e) {
|
} catch (NoSuchAlgorithmException e) {
|
||||||
throw new RuntimeException(e);
|
throw new RuntimeException(e);
|
||||||
}
|
}
|
||||||
throw new RuntimeException("Unknown EncryptionMethod for salt generation");
|
throw new IllegalStateException("Unknown EncryptionMethod for salt generation");
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user