svn commit: r1535084 - in /jackrabbit/oak/trunk/oak-core/src: main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImplTest.java

[an...@apache.org]

Author: angela
Date: Wed Oct 23 18:02:03 2013
New Revision: 1535084

URL: http://svn.apache.org/r1535084
Log:
OAK-91 : authentication (wip)

Modified:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImplTest.java

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java?rev=1535084&r1=1535083&r2=1535084&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java Wed Oct 23 18:02:03 2013
@@ -111,8 +111,7 @@ public class TokenProviderImpl implement
     private static final int DEFAULT_KEY_SIZE = 8;
     private static final char DELIM = '_';
 
-    private static final Set<String> RESERVED_ATTRIBUTES = new HashSet(2);
-
+    private static final Set<String> RESERVED_ATTRIBUTES = new HashSet(3);
     static {
         RESERVED_ATTRIBUTES.add(TOKEN_ATTRIBUTE);
         RESERVED_ATTRIBUTES.add(TOKEN_ATTRIBUTE_EXPIRY);
@@ -219,7 +218,7 @@ public class TokenProviderImpl implement
                 String nodeId = getIdentifier(tokenNode.getTree());
                 String token = new StringBuilder(nodeId).append(DELIM).append(key).toString();
 
-                String keyHash = PasswordUtil.buildPasswordHash(key);
+                String keyHash = PasswordUtil.buildPasswordHash(getKeyValue(key, userId));
                 tokenNode.setString(TOKEN_ATTRIBUTE_KEY, keyHash);
 
                 long exp;
@@ -320,6 +319,11 @@ public class TokenProviderImpl implement
         return res.toString();
     }
 
+    @Nonnull
+    private static String getKeyValue(String key, String userId) {
+        return key + userId;
+    }
+
     private static boolean isValidTokenTree(Tree tokenTree) {
         if (tokenTree == null || !tokenTree.exists()) {
             return false;
@@ -500,7 +504,7 @@ public class TokenProviderImpl implement
             if (pos > -1) {
                 tk = tk.substring(pos + 1);
             }
-            if (key == null || !PasswordUtil.isSame(key, tk)) {
+            if (key == null || !PasswordUtil.isSame(key, getKeyValue(tk, userId))) {
                 return false;
             }
 

Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImplTest.java?rev=1535084&r1=1535083&r2=1535084&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImplTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImplTest.java Wed Oct 23 18:02:03 2013
@@ -250,6 +250,30 @@ public class TokenProviderImplTest exten
     }
 
     @Test
+    public void testGetTokenInfoFromInvalidLocation4() throws Exception {
+        TokenInfo info = tokenProvider.createToken(userId, Collections.<String, Object>emptyMap());
+        Tree tokenTree = getTokenTree(info);
+
+        assertNotNull(tokenProvider.getTokenInfo(info.getToken()));
+
+        TokenInfo info2 = null;
+        try {
+            Tree adminTree = root.getTree(getUserManager(root).getAuthorizable(adminSession.getAuthInfo().getUserID()).getPath());
+            NodeUtil node = new NodeUtil(adminTree).getOrAddChild(".tokens", "nt:unstructured");
+            assertTrue(root.move(tokenTree.getPath(), node.getTree().getPath() + "/" + tokenTree.getName()));
+            root.commit();
+
+            info2 = tokenProvider.getTokenInfo(info.getToken());
+            assertNotNull(info2);
+            assertFalse(info2.matches(new TokenCredentials(info.getToken())));
+        } finally {
+            Tree t = getTokenTree(info2);
+            t.remove();
+            root.commit();
+        }
+    }
+
+    @Test
     public void testGetTokenInfo() throws Exception {
         String token = tokenProvider.createToken(userId, Collections.<String, Object>emptyMap()).getToken();
         TokenInfo info = tokenProvider.getTokenInfo(token);