You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@streampipes.apache.org by bo...@apache.org on 2023/09/16 13:44:15 UTC
[streampipes] 01/02: chore: generate random passwords with suitable method
This is an automated email from the ASF dual-hosted git repository.
bossenti pushed a commit to branch chore/replace-random-ascii
in repository https://gitbox.apache.org/repos/asf/streampipes.git
commit 366b3e658b015e650634b93133c28180a11201b4
Author: bossenti <bo...@posteo.de>
AuthorDate: Sat Sep 16 15:43:23 2023 +0200
chore: generate random passwords with suitable method
---
streampipes-storage-couchdb/pom.xml | 12 ++++---
.../user/management/util/PasswordUtil.java | 9 +++--
.../user/management/util/TestPasswordUtil.java | 40 ++++++++++++++++++++++
3 files changed, 55 insertions(+), 6 deletions(-)
diff --git a/streampipes-storage-couchdb/pom.xml b/streampipes-storage-couchdb/pom.xml
index 30d1efb7b..ab4e99d95 100644
--- a/streampipes-storage-couchdb/pom.xml
+++ b/streampipes-storage-couchdb/pom.xml
@@ -60,16 +60,20 @@
<artifactId>gson</artifactId>
</dependency>
<dependency>
- <groupId>org.lightcouch</groupId>
- <artifactId>lightcouch</artifactId>
+ <groupId>org.apache.commons</groupId>
+ <artifactId>commons-text</artifactId>
</dependency>
<dependency>
<groupId>org.apache.httpcomponents</groupId>
- <artifactId>httpclient</artifactId>
+ <artifactId>fluent-hc</artifactId>
</dependency>
<dependency>
<groupId>org.apache.httpcomponents</groupId>
- <artifactId>fluent-hc</artifactId>
+ <artifactId>httpclient</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.lightcouch</groupId>
+ <artifactId>lightcouch</artifactId>
</dependency>
<!-- Test dependencies -->
diff --git a/streampipes-user-management/src/main/java/org/apache/streampipes/user/management/util/PasswordUtil.java b/streampipes-user-management/src/main/java/org/apache/streampipes/user/management/util/PasswordUtil.java
index e09df355d..d7c7922f7 100644
--- a/streampipes-user-management/src/main/java/org/apache/streampipes/user/management/util/PasswordUtil.java
+++ b/streampipes-user-management/src/main/java/org/apache/streampipes/user/management/util/PasswordUtil.java
@@ -18,7 +18,7 @@
package org.apache.streampipes.user.management.util;
-import org.apache.commons.lang3.RandomStringUtils;
+import org.apache.commons.text.RandomStringGenerator;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
@@ -92,6 +92,11 @@ public class PasswordUtil {
public static String generateRandomPassword() {
- return RandomStringUtils.randomAscii(DEFAULT_PASSWORD_LENGTH);
+
+ // allowing all ASCII-characters from decimal id 33 to 125
+ // see https://www.cs.cmu.edu/~pattis/15-1XX/common/handouts/ascii.html for full list
+ var pwdGenerator = new RandomStringGenerator.Builder().withinRange(33, 125)
+ .build();
+ return pwdGenerator.generate(DEFAULT_PASSWORD_LENGTH);
}
}
diff --git a/streampipes-user-management/src/test/java/org/apache/streampipes/user/management/util/TestPasswordUtil.java b/streampipes-user-management/src/test/java/org/apache/streampipes/user/management/util/TestPasswordUtil.java
new file mode 100644
index 000000000..481e5d119
--- /dev/null
+++ b/streampipes-user-management/src/test/java/org/apache/streampipes/user/management/util/TestPasswordUtil.java
@@ -0,0 +1,40 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.streampipes.user.management.util;
+
+import com.google.common.base.CharMatcher;
+import org.junit.Test;
+
+import static org.apache.streampipes.user.management.util.PasswordUtil.generateRandomPassword;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertTrue;
+
+public class TestPasswordUtil {
+
+ @Test
+ public void testGenerateRandomPassword() {
+
+ String randomPassword = generateRandomPassword();
+
+ assertNotNull(randomPassword);
+ assertEquals(10, randomPassword.length());
+ assertTrue(CharMatcher.ascii().matchesAllOf(randomPassword));
+ }
+
+}