You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@streampipes.apache.org by bo...@apache.org on 2023/09/16 13:44:15 UTC

[streampipes] 01/02: chore: generate random passwords with suitable method

This is an automated email from the ASF dual-hosted git repository.

bossenti pushed a commit to branch chore/replace-random-ascii
in repository https://gitbox.apache.org/repos/asf/streampipes.git

commit 366b3e658b015e650634b93133c28180a11201b4
Author: bossenti <bo...@posteo.de>
AuthorDate: Sat Sep 16 15:43:23 2023 +0200

    chore: generate random passwords with suitable method
---
 streampipes-storage-couchdb/pom.xml                | 12 ++++---
 .../user/management/util/PasswordUtil.java         |  9 +++--
 .../user/management/util/TestPasswordUtil.java     | 40 ++++++++++++++++++++++
 3 files changed, 55 insertions(+), 6 deletions(-)

diff --git a/streampipes-storage-couchdb/pom.xml b/streampipes-storage-couchdb/pom.xml
index 30d1efb7b..ab4e99d95 100644
--- a/streampipes-storage-couchdb/pom.xml
+++ b/streampipes-storage-couchdb/pom.xml
@@ -60,16 +60,20 @@
             <artifactId>gson</artifactId>
         </dependency>
         <dependency>
-            <groupId>org.lightcouch</groupId>
-            <artifactId>lightcouch</artifactId>
+            <groupId>org.apache.commons</groupId>
+            <artifactId>commons-text</artifactId>
         </dependency>
         <dependency>
             <groupId>org.apache.httpcomponents</groupId>
-            <artifactId>httpclient</artifactId>
+            <artifactId>fluent-hc</artifactId>
         </dependency>
         <dependency>
             <groupId>org.apache.httpcomponents</groupId>
-            <artifactId>fluent-hc</artifactId>
+            <artifactId>httpclient</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.lightcouch</groupId>
+            <artifactId>lightcouch</artifactId>
         </dependency>
 
         <!-- Test dependencies -->
diff --git a/streampipes-user-management/src/main/java/org/apache/streampipes/user/management/util/PasswordUtil.java b/streampipes-user-management/src/main/java/org/apache/streampipes/user/management/util/PasswordUtil.java
index e09df355d..d7c7922f7 100644
--- a/streampipes-user-management/src/main/java/org/apache/streampipes/user/management/util/PasswordUtil.java
+++ b/streampipes-user-management/src/main/java/org/apache/streampipes/user/management/util/PasswordUtil.java
@@ -18,7 +18,7 @@
 
 package org.apache.streampipes.user.management.util;
 
-import org.apache.commons.lang3.RandomStringUtils;
+import org.apache.commons.text.RandomStringGenerator;
 
 import javax.crypto.SecretKeyFactory;
 import javax.crypto.spec.PBEKeySpec;
@@ -92,6 +92,11 @@ public class PasswordUtil {
 
 
   public static String generateRandomPassword() {
-    return RandomStringUtils.randomAscii(DEFAULT_PASSWORD_LENGTH);
+
+    // allowing all ASCII-characters from decimal id 33 to 125
+    // see https://www.cs.cmu.edu/~pattis/15-1XX/common/handouts/ascii.html for full list
+    var pwdGenerator = new RandomStringGenerator.Builder().withinRange(33, 125)
+            .build();
+    return pwdGenerator.generate(DEFAULT_PASSWORD_LENGTH);
   }
 }
diff --git a/streampipes-user-management/src/test/java/org/apache/streampipes/user/management/util/TestPasswordUtil.java b/streampipes-user-management/src/test/java/org/apache/streampipes/user/management/util/TestPasswordUtil.java
new file mode 100644
index 000000000..481e5d119
--- /dev/null
+++ b/streampipes-user-management/src/test/java/org/apache/streampipes/user/management/util/TestPasswordUtil.java
@@ -0,0 +1,40 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.streampipes.user.management.util;
+
+import com.google.common.base.CharMatcher;
+import org.junit.Test;
+
+import static org.apache.streampipes.user.management.util.PasswordUtil.generateRandomPassword;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertTrue;
+
+public class TestPasswordUtil {
+
+  @Test
+  public void testGenerateRandomPassword() {
+
+    String randomPassword = generateRandomPassword();
+
+    assertNotNull(randomPassword);
+    assertEquals(10, randomPassword.length());
+    assertTrue(CharMatcher.ascii().matchesAllOf(randomPassword));
+  }
+
+}