You are viewing a plain text version of this content. The canonical link for it is here.
Posted to server-dev@james.apache.org by ma...@apache.org on 2018/07/20 08:05:06 UTC

[05/19] james-project git commit: JAMES-2472 implement tests for password hashing

JAMES-2472 implement tests for password hashing


Project: http://git-wip-us.apache.org/repos/asf/james-project/repo
Commit: http://git-wip-us.apache.org/repos/asf/james-project/commit/c1403407
Tree: http://git-wip-us.apache.org/repos/asf/james-project/tree/c1403407
Diff: http://git-wip-us.apache.org/repos/asf/james-project/diff/c1403407

Branch: refs/heads/master
Commit: c1403407a35ba2a2a06e8c99804a2e2fa748c26e
Parents: 3a800d2
Author: Matthieu Baechler <ma...@apache.org>
Authored: Tue Jul 17 16:00:55 2018 +0200
Committer: Matthieu Baechler <ma...@apache.org>
Committed: Fri Jul 20 10:03:52 2018 +0200

----------------------------------------------------------------------
 .../apache/james/user/jpa/model/JPAUser.java    | 13 ++--
 .../james/user/jpa/model/JPAUserTest.java       | 63 ++++++++++++++++++++
 2 files changed, 70 insertions(+), 6 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/james-project/blob/c1403407/server/data/data-jpa/src/main/java/org/apache/james/user/jpa/model/JPAUser.java
----------------------------------------------------------------------
diff --git a/server/data/data-jpa/src/main/java/org/apache/james/user/jpa/model/JPAUser.java b/server/data/data-jpa/src/main/java/org/apache/james/user/jpa/model/JPAUser.java
index c7bca5d..5e2c1f1 100644
--- a/server/data/data-jpa/src/main/java/org/apache/james/user/jpa/model/JPAUser.java
+++ b/server/data/data-jpa/src/main/java/org/apache/james/user/jpa/model/JPAUser.java
@@ -31,6 +31,8 @@ import javax.persistence.Version;
 import org.apache.commons.codec.digest.DigestUtils;
 import org.apache.james.user.api.model.User;
 
+import com.google.common.annotations.VisibleForTesting;
+
 @Entity(name = "JamesUser")
 @Table(name = "JAMES_USER")
 @NamedQueries({ 
@@ -44,13 +46,12 @@ public class JPAUser implements User {
     /**
      * Hash password.
      * 
-     * @param username
-     *            not null
      * @param password
      *            not null
      * @return not null
      */
-    private static String hashPassword(String username, String password, String alg) {
+    @VisibleForTesting
+    static String hashPassword(String password, String alg) {
         String newPass;
         if (alg == null || alg.equals("MD5")) {
             newPass = DigestUtils.md5Hex(password);
@@ -91,7 +92,7 @@ public class JPAUser implements User {
         super();
         this.name = userName;
         this.alg = alg;
-        this.password = hashPassword(userName, password, alg);
+        this.password = hashPassword(password, alg);
     }
 
     @Override
@@ -105,7 +106,7 @@ public class JPAUser implements User {
         if (newPass == null) {
             result = false;
         } else {
-            password = hashPassword(name, newPass, alg);
+            password = hashPassword(newPass, alg);
             result = true;
         }
         return result;
@@ -117,7 +118,7 @@ public class JPAUser implements User {
         if (pass == null) {
             result = password == null;
         } else {
-            result = password != null && password.equals(hashPassword(name, pass, alg));
+            result = password != null && password.equals(hashPassword(pass, alg));
         }
         return result;
     }

http://git-wip-us.apache.org/repos/asf/james-project/blob/c1403407/server/data/data-jpa/src/test/java/org/apache/james/user/jpa/model/JPAUserTest.java
----------------------------------------------------------------------
diff --git a/server/data/data-jpa/src/test/java/org/apache/james/user/jpa/model/JPAUserTest.java b/server/data/data-jpa/src/test/java/org/apache/james/user/jpa/model/JPAUserTest.java
new file mode 100644
index 0000000..2e087aa
--- /dev/null
+++ b/server/data/data-jpa/src/test/java/org/apache/james/user/jpa/model/JPAUserTest.java
@@ -0,0 +1,63 @@
+/****************************************************************
+ * Licensed to the Apache Software Foundation (ASF) under one   *
+ * or more contributor license agreements.  See the NOTICE file *
+ * distributed with this work for additional information        *
+ * regarding copyright ownership.  The ASF licenses this file   *
+ * to you under the Apache License, Version 2.0 (the            *
+ * "License"); you may not use this file except in compliance   *
+ * with the License.  You may obtain a copy of the License at   *
+ *                                                              *
+ *   http://www.apache.org/licenses/LICENSE-2.0                 *
+ *                                                              *
+ * Unless required by applicable law or agreed to in writing,   *
+ * software distributed under the License is distributed on an  *
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY       *
+ * KIND, either express or implied.  See the License for the    *
+ * specific language governing permissions and limitations      *
+ * under the License.                                           *
+ ****************************************************************/
+package org.apache.james.user.jpa.model;
+
+import org.assertj.core.api.Assertions;
+import org.junit.jupiter.api.Test;
+
+class JPAUserTest {
+
+    private static final String RANDOM_PASSWORD = "baeMiqu7";
+
+    @Test
+    void hashPasswordShouldBeNoopWhenNone() {
+        //I doubt the expected result was the author intent
+        Assertions.assertThat(JPAUser.hashPassword(RANDOM_PASSWORD, "NONE")).isEqualTo("password");
+    }
+
+    @Test
+    void hashPasswordShouldHashWhenMD5() {
+        Assertions.assertThat(JPAUser.hashPassword(RANDOM_PASSWORD, "MD5")).isEqualTo("702000e50c9fd3755b8fc20ecb07d1ac");
+    }
+
+    @Test
+    void hashPasswordShouldHashWhenSHA1() {
+        Assertions.assertThat(JPAUser.hashPassword(RANDOM_PASSWORD, "SHA1")).isEqualTo("05dbbaa7b4bcae245f14d19ae58ef1b80adf3363");
+    }
+
+    @Test
+    void hashPasswordShouldHashWhenSHA256() {
+        Assertions.assertThat(JPAUser.hashPassword(RANDOM_PASSWORD, "SHA-256")).isEqualTo("6d06c72a578fe0b78ede2393b07739831a287774dcad0b18bc4bde8b0c948b82");
+    }
+
+    @Test
+    void hashPasswordShouldHashWhenSHA512() {
+        Assertions.assertThat(JPAUser.hashPassword(RANDOM_PASSWORD, "SHA-512")).isEqualTo("f9cc82d1c04bb2ce0494a51f7a21d07ac60b6f79a8a55397f454603acac29d8589fdfd694d5c01ba01a346c76b090abca9ad855b5b0c92c6062ad6d93cdc0d03");
+    }
+
+    @Test
+    void hashPasswordShouldSha1WhenRandomString() {
+        Assertions.assertThat(JPAUser.hashPassword(RANDOM_PASSWORD, "random")).isEqualTo("05dbbaa7b4bcae245f14d19ae58ef1b80adf3363");
+    }
+
+    @Test
+    void hashPasswordShouldMD5WhenNull() {
+        Assertions.assertThat(JPAUser.hashPassword(RANDOM_PASSWORD, null)).isEqualTo("702000e50c9fd3755b8fc20ecb07d1ac");
+    }
+}
\ No newline at end of file


---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org