[james-project] branch master updated: MAILBOX-347 NONE Password hashing is actually replace the password with a fixed string (#641)

btellier Tue, 07 Sep 2021 20:13:57 -0700

This is an automated email from the ASF dual-hosted git repository.

btellier pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/james-project.git



The following commit(s) were added to refs/heads/master by this push:
     new 6431025  MAILBOX-347 NONE Password hashing is actually replace the 
password with a fixed string (#641)
6431025 is described below

commit 6431025fb89fc5a3fba845f9f6fc634e3cae69cc
Author: Benoit TELLIER <[email protected]>
AuthorDate: Wed Sep 8 10:12:49 2021 +0700

    MAILBOX-347 NONE Password hashing is actually replace the password with a 
fixed string (#641)
---
 .../src/main/java/org/apache/james/user/jpa/model/JPAUser.java        | 4 ++--
 .../src/test/java/org/apache/james/user/jpa/model/JPAUserTest.java    | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git 
a/server/data/data-jpa/src/main/java/org/apache/james/user/jpa/model/JPAUser.java
 
b/server/data/data-jpa/src/main/java/org/apache/james/user/jpa/model/JPAUser.java
index 44cbff5..985fece 100644
--- 
a/server/data/data-jpa/src/main/java/org/apache/james/user/jpa/model/JPAUser.java
+++ 
b/server/data/data-jpa/src/main/java/org/apache/james/user/jpa/model/JPAUser.java
@@ -67,9 +67,9 @@ public class JPAUser implements User {
         String algorithm = 
Optional.ofNullable(nullableAlgorithm).orElse("SHA-512");
         switch (algorithm) {
             case "NONE":
-                return (password) -> "password";
+                return password -> password;
             default:
-                return (password) -> 
chooseHashing(algorithm).hashString(password, 
StandardCharsets.UTF_8).toString();
+                return password -> 
chooseHashing(algorithm).hashString(password, 
StandardCharsets.UTF_8).toString();
         }
     }
 
diff --git 
a/server/data/data-jpa/src/test/java/org/apache/james/user/jpa/model/JPAUserTest.java
 
b/server/data/data-jpa/src/test/java/org/apache/james/user/jpa/model/JPAUserTest.java
index c09a292..85c8d15 100644
--- 
a/server/data/data-jpa/src/test/java/org/apache/james/user/jpa/model/JPAUserTest.java
+++ 
b/server/data/data-jpa/src/test/java/org/apache/james/user/jpa/model/JPAUserTest.java
@@ -28,7 +28,7 @@ class JPAUserTest {
     @Test
     void hashPasswordShouldBeNoopWhenNone() {
         //I doubt the expected result was the author intent
-        Assertions.assertThat(JPAUser.hashPassword(RANDOM_PASSWORD, 
"NONE")).isEqualTo("password");
+        Assertions.assertThat(JPAUser.hashPassword(RANDOM_PASSWORD, 
"NONE")).isEqualTo("baeMiqu7");
     }
 
     @Test

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[james-project] branch master updated: MAILBOX-347 NONE Password hashing is actually replace the password with a fixed string (#641)

Reply via email to