Author: ajaquith
Date: Wed May 14 13:01:19 2008
New Revision: 656391
URL: http://svn.apache.org/viewvc?rev=656391&view=rev
Log:
Passwords are now salted and hashed per RFC 2307. Every password is salted with
a 8-byte random salt.
Modified:
incubator/jspwiki/trunk/tests/com/ecyrd/jspwiki/auth/user/JDBCUserDatabaseTest.java
incubator/jspwiki/trunk/tests/com/ecyrd/jspwiki/auth/user/XMLUserDatabaseTest.java
Modified:
incubator/jspwiki/trunk/tests/com/ecyrd/jspwiki/auth/user/JDBCUserDatabaseTest.java
URL:
http://svn.apache.org/viewvc/incubator/jspwiki/trunk/tests/com/ecyrd/jspwiki/auth/user/JDBCUserDatabaseTest.java?rev=656391&r1=656390&r2=656391&view=diff
==============================================================================
---
incubator/jspwiki/trunk/tests/com/ecyrd/jspwiki/auth/user/JDBCUserDatabaseTest.java
(original)
+++
incubator/jspwiki/trunk/tests/com/ecyrd/jspwiki/auth/user/JDBCUserDatabaseTest.java
Wed May 14 13:01:19 2008
@@ -18,6 +18,7 @@
import com.ecyrd.jspwiki.TestJNDIContext;
import com.ecyrd.jspwiki.auth.NoSuchPrincipalException;
import com.ecyrd.jspwiki.auth.WikiSecurityException;
+import com.ecyrd.jspwiki.util.CryptoUtil;
/**
* @author Andrew Jaquith
@@ -294,13 +295,13 @@
assertEquals( "[EMAIL PROTECTED]", profile.getEmail() );
assertEquals( "Renamed User", profile.getFullname() );
assertEquals( "renameduser", profile.getLoginName() );
- assertEquals( "{SHA}5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8",
profile.getPassword() );
+ assertTrue( CryptoUtil.verifySaltedPassword( "password".getBytes(),
profile.getPassword() ) );
// Delete the user
m_db.deleteByLoginName( "renameduser" );
}
- public void testSave()
+ public void testSave() throws Exception
{
try
{
@@ -315,7 +316,7 @@
assertEquals( "[EMAIL PROTECTED]", profile.getEmail() );
assertEquals( "Test User", profile.getFullname() );
assertEquals( "user", profile.getLoginName() );
- assertEquals( "{SHA}5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8",
profile.getPassword() );
+ assertTrue( CryptoUtil.verifySaltedPassword(
"password".getBytes(), profile.getPassword() ) );
assertEquals( "TestUser", profile.getWikiName() );
assertNotNull( profile.getCreated() );
assertNotNull( profile.getLastModified() );
@@ -332,7 +333,7 @@
assertEquals( "[EMAIL PROTECTED]", profile.getEmail() );
assertEquals( "Test User 2", profile.getFullname() );
assertEquals( "user2", profile.getLoginName() );
- assertEquals( "{SHA}5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8",
profile.getPassword() );
+ assertTrue( CryptoUtil.verifySaltedPassword(
"password".getBytes(), profile.getPassword() ) );
assertEquals( "TestUser2", profile.getWikiName() );
assertNotNull( profile.getCreated() );
assertNotNull( profile.getLastModified() );
Modified:
incubator/jspwiki/trunk/tests/com/ecyrd/jspwiki/auth/user/XMLUserDatabaseTest.java
URL:
http://svn.apache.org/viewvc/incubator/jspwiki/trunk/tests/com/ecyrd/jspwiki/auth/user/XMLUserDatabaseTest.java?rev=656391&r1=656390&r2=656391&view=diff
==============================================================================
---
incubator/jspwiki/trunk/tests/com/ecyrd/jspwiki/auth/user/XMLUserDatabaseTest.java
(original)
+++
incubator/jspwiki/trunk/tests/com/ecyrd/jspwiki/auth/user/XMLUserDatabaseTest.java
Wed May 14 13:01:19 2008
@@ -12,6 +12,7 @@
import com.ecyrd.jspwiki.auth.Users;
import com.ecyrd.jspwiki.auth.WikiPrincipal;
import com.ecyrd.jspwiki.auth.WikiSecurityException;
+import com.ecyrd.jspwiki.util.CryptoUtil;
@@ -69,7 +70,7 @@
assertEquals("janne", profile.getLoginName());
assertEquals("Janne Jalkanen", profile.getFullname());
assertEquals("JanneJalkanen", profile.getWikiName());
- assertEquals("{SHA}457b08e825da547c3b77fbc1ff906a1d00a7daee",
profile.getPassword());
+ assertEquals("{SSHA}1WFv9OV11pD5IySgVH3sFa2VlCyYjbLrcVT/qw==",
profile.getPassword());
assertEquals("[EMAIL PROTECTED]", profile.getEmail());
}
catch (NoSuchPrincipalException e)
@@ -96,7 +97,7 @@
assertEquals("janne", profile.getLoginName());
assertEquals("Janne Jalkanen", profile.getFullname());
assertEquals("JanneJalkanen", profile.getWikiName());
- assertEquals("{SHA}457b08e825da547c3b77fbc1ff906a1d00a7daee",
profile.getPassword());
+ assertEquals("{SSHA}1WFv9OV11pD5IySgVH3sFa2VlCyYjbLrcVT/qw==",
profile.getPassword());
assertEquals("[EMAIL PROTECTED]", profile.getEmail());
}
catch (NoSuchPrincipalException e)
@@ -123,7 +124,7 @@
assertEquals("janne", profile.getLoginName());
assertEquals("Janne Jalkanen", profile.getFullname());
assertEquals("JanneJalkanen", profile.getWikiName());
- assertEquals("{SHA}457b08e825da547c3b77fbc1ff906a1d00a7daee",
profile.getPassword());
+ assertEquals("{SSHA}1WFv9OV11pD5IySgVH3sFa2VlCyYjbLrcVT/qw==",
profile.getPassword());
assertEquals("[EMAIL PROTECTED]", profile.getEmail());
}
catch (NoSuchPrincipalException e)
@@ -210,13 +211,13 @@
assertEquals( "[EMAIL PROTECTED]", profile.getEmail() );
assertEquals( "Renamed User", profile.getFullname() );
assertEquals( "renameduser", profile.getLoginName() );
- assertEquals( "{SHA}5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8",
profile.getPassword() );
+ assertTrue( CryptoUtil.verifySaltedPassword( "password".getBytes(),
profile.getPassword() ) );
// Delete the user
m_db.deleteByLoginName( "renameduser" );
}
- public void testSave()
+ public void testSave() throws Exception
{
try
{
@@ -227,7 +228,7 @@
m_db.save(profile);
profile = m_db.findByEmail("[EMAIL PROTECTED]");
assertEquals("[EMAIL PROTECTED]", profile.getEmail());
- assertEquals("{SHA}5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8",
profile.getPassword());
+ assertTrue( CryptoUtil.verifySaltedPassword( "password".getBytes(),
profile.getPassword() ) );
}
catch (NoSuchPrincipalException e)
{
