You are viewing a plain text version of this content. The canonical link for it is here.
Posted to server-dev@james.apache.org by ma...@apache.org on 2018/07/20 08:05:06 UTC
[05/19] james-project git commit: JAMES-2472 implement tests for
password hashing
JAMES-2472 implement tests for password hashing
Project: http://git-wip-us.apache.org/repos/asf/james-project/repo
Commit: http://git-wip-us.apache.org/repos/asf/james-project/commit/c1403407
Tree: http://git-wip-us.apache.org/repos/asf/james-project/tree/c1403407
Diff: http://git-wip-us.apache.org/repos/asf/james-project/diff/c1403407
Branch: refs/heads/master
Commit: c1403407a35ba2a2a06e8c99804a2e2fa748c26e
Parents: 3a800d2
Author: Matthieu Baechler <ma...@apache.org>
Authored: Tue Jul 17 16:00:55 2018 +0200
Committer: Matthieu Baechler <ma...@apache.org>
Committed: Fri Jul 20 10:03:52 2018 +0200
----------------------------------------------------------------------
.../apache/james/user/jpa/model/JPAUser.java | 13 ++--
.../james/user/jpa/model/JPAUserTest.java | 63 ++++++++++++++++++++
2 files changed, 70 insertions(+), 6 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/james-project/blob/c1403407/server/data/data-jpa/src/main/java/org/apache/james/user/jpa/model/JPAUser.java
----------------------------------------------------------------------
diff --git a/server/data/data-jpa/src/main/java/org/apache/james/user/jpa/model/JPAUser.java b/server/data/data-jpa/src/main/java/org/apache/james/user/jpa/model/JPAUser.java
index c7bca5d..5e2c1f1 100644
--- a/server/data/data-jpa/src/main/java/org/apache/james/user/jpa/model/JPAUser.java
+++ b/server/data/data-jpa/src/main/java/org/apache/james/user/jpa/model/JPAUser.java
@@ -31,6 +31,8 @@ import javax.persistence.Version;
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.james.user.api.model.User;
+import com.google.common.annotations.VisibleForTesting;
+
@Entity(name = "JamesUser")
@Table(name = "JAMES_USER")
@NamedQueries({
@@ -44,13 +46,12 @@ public class JPAUser implements User {
/**
* Hash password.
*
- * @param username
- * not null
* @param password
* not null
* @return not null
*/
- private static String hashPassword(String username, String password, String alg) {
+ @VisibleForTesting
+ static String hashPassword(String password, String alg) {
String newPass;
if (alg == null || alg.equals("MD5")) {
newPass = DigestUtils.md5Hex(password);
@@ -91,7 +92,7 @@ public class JPAUser implements User {
super();
this.name = userName;
this.alg = alg;
- this.password = hashPassword(userName, password, alg);
+ this.password = hashPassword(password, alg);
}
@Override
@@ -105,7 +106,7 @@ public class JPAUser implements User {
if (newPass == null) {
result = false;
} else {
- password = hashPassword(name, newPass, alg);
+ password = hashPassword(newPass, alg);
result = true;
}
return result;
@@ -117,7 +118,7 @@ public class JPAUser implements User {
if (pass == null) {
result = password == null;
} else {
- result = password != null && password.equals(hashPassword(name, pass, alg));
+ result = password != null && password.equals(hashPassword(pass, alg));
}
return result;
}
http://git-wip-us.apache.org/repos/asf/james-project/blob/c1403407/server/data/data-jpa/src/test/java/org/apache/james/user/jpa/model/JPAUserTest.java
----------------------------------------------------------------------
diff --git a/server/data/data-jpa/src/test/java/org/apache/james/user/jpa/model/JPAUserTest.java b/server/data/data-jpa/src/test/java/org/apache/james/user/jpa/model/JPAUserTest.java
new file mode 100644
index 0000000..2e087aa
--- /dev/null
+++ b/server/data/data-jpa/src/test/java/org/apache/james/user/jpa/model/JPAUserTest.java
@@ -0,0 +1,63 @@
+/****************************************************************
+ * Licensed to the Apache Software Foundation (ASF) under one *
+ * or more contributor license agreements. See the NOTICE file *
+ * distributed with this work for additional information *
+ * regarding copyright ownership. The ASF licenses this file *
+ * to you under the Apache License, Version 2.0 (the *
+ * "License"); you may not use this file except in compliance *
+ * with the License. You may obtain a copy of the License at *
+ * *
+ * http://www.apache.org/licenses/LICENSE-2.0 *
+ * *
+ * Unless required by applicable law or agreed to in writing, *
+ * software distributed under the License is distributed on an *
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY *
+ * KIND, either express or implied. See the License for the *
+ * specific language governing permissions and limitations *
+ * under the License. *
+ ****************************************************************/
+package org.apache.james.user.jpa.model;
+
+import org.assertj.core.api.Assertions;
+import org.junit.jupiter.api.Test;
+
+class JPAUserTest {
+
+ private static final String RANDOM_PASSWORD = "baeMiqu7";
+
+ @Test
+ void hashPasswordShouldBeNoopWhenNone() {
+ //I doubt the expected result was the author intent
+ Assertions.assertThat(JPAUser.hashPassword(RANDOM_PASSWORD, "NONE")).isEqualTo("password");
+ }
+
+ @Test
+ void hashPasswordShouldHashWhenMD5() {
+ Assertions.assertThat(JPAUser.hashPassword(RANDOM_PASSWORD, "MD5")).isEqualTo("702000e50c9fd3755b8fc20ecb07d1ac");
+ }
+
+ @Test
+ void hashPasswordShouldHashWhenSHA1() {
+ Assertions.assertThat(JPAUser.hashPassword(RANDOM_PASSWORD, "SHA1")).isEqualTo("05dbbaa7b4bcae245f14d19ae58ef1b80adf3363");
+ }
+
+ @Test
+ void hashPasswordShouldHashWhenSHA256() {
+ Assertions.assertThat(JPAUser.hashPassword(RANDOM_PASSWORD, "SHA-256")).isEqualTo("6d06c72a578fe0b78ede2393b07739831a287774dcad0b18bc4bde8b0c948b82");
+ }
+
+ @Test
+ void hashPasswordShouldHashWhenSHA512() {
+ Assertions.assertThat(JPAUser.hashPassword(RANDOM_PASSWORD, "SHA-512")).isEqualTo("f9cc82d1c04bb2ce0494a51f7a21d07ac60b6f79a8a55397f454603acac29d8589fdfd694d5c01ba01a346c76b090abca9ad855b5b0c92c6062ad6d93cdc0d03");
+ }
+
+ @Test
+ void hashPasswordShouldSha1WhenRandomString() {
+ Assertions.assertThat(JPAUser.hashPassword(RANDOM_PASSWORD, "random")).isEqualTo("05dbbaa7b4bcae245f14d19ae58ef1b80adf3363");
+ }
+
+ @Test
+ void hashPasswordShouldMD5WhenNull() {
+ Assertions.assertThat(JPAUser.hashPassword(RANDOM_PASSWORD, null)).isEqualTo("702000e50c9fd3755b8fc20ecb07d1ac");
+ }
+}
\ No newline at end of file
---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org