JAMES-2472 implement tests for password hashing
Project: http://git-wip-us.apache.org/repos/asf/james-project/repo Commit: http://git-wip-us.apache.org/repos/asf/james-project/commit/c1403407 Tree: http://git-wip-us.apache.org/repos/asf/james-project/tree/c1403407 Diff: http://git-wip-us.apache.org/repos/asf/james-project/diff/c1403407 Branch: refs/heads/master Commit: c1403407a35ba2a2a06e8c99804a2e2fa748c26e Parents: 3a800d2 Author: Matthieu Baechler <[email protected]> Authored: Tue Jul 17 16:00:55 2018 +0200 Committer: Matthieu Baechler <[email protected]> Committed: Fri Jul 20 10:03:52 2018 +0200 ---------------------------------------------------------------------- .../apache/james/user/jpa/model/JPAUser.java | 13 ++-- .../james/user/jpa/model/JPAUserTest.java | 63 ++++++++++++++++++++ 2 files changed, 70 insertions(+), 6 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/james-project/blob/c1403407/server/data/data-jpa/src/main/java/org/apache/james/user/jpa/model/JPAUser.java ---------------------------------------------------------------------- diff --git a/server/data/data-jpa/src/main/java/org/apache/james/user/jpa/model/JPAUser.java b/server/data/data-jpa/src/main/java/org/apache/james/user/jpa/model/JPAUser.java index c7bca5d..5e2c1f1 100644 --- a/server/data/data-jpa/src/main/java/org/apache/james/user/jpa/model/JPAUser.java +++ b/server/data/data-jpa/src/main/java/org/apache/james/user/jpa/model/JPAUser.java @@ -31,6 +31,8 @@ import javax.persistence.Version; import org.apache.commons.codec.digest.DigestUtils; import org.apache.james.user.api.model.User; +import com.google.common.annotations.VisibleForTesting; + @Entity(name = "JamesUser") @Table(name = "JAMES_USER") @NamedQueries({ @@ -44,13 +46,12 @@ public class JPAUser implements User { /** * Hash password. * - * @param username - * not null * @param password * not null * @return not null */ - private static String hashPassword(String username, String password, String alg) { + @VisibleForTesting + static String hashPassword(String password, String alg) { String newPass; if (alg == null || alg.equals("MD5")) { newPass = DigestUtils.md5Hex(password); @@ -91,7 +92,7 @@ public class JPAUser implements User { super(); this.name = userName; this.alg = alg; - this.password = hashPassword(userName, password, alg); + this.password = hashPassword(password, alg); } @Override @@ -105,7 +106,7 @@ public class JPAUser implements User { if (newPass == null) { result = false; } else { - password = hashPassword(name, newPass, alg); + password = hashPassword(newPass, alg); result = true; } return result; @@ -117,7 +118,7 @@ public class JPAUser implements User { if (pass == null) { result = password == null; } else { - result = password != null && password.equals(hashPassword(name, pass, alg)); + result = password != null && password.equals(hashPassword(pass, alg)); } return result; } http://git-wip-us.apache.org/repos/asf/james-project/blob/c1403407/server/data/data-jpa/src/test/java/org/apache/james/user/jpa/model/JPAUserTest.java ---------------------------------------------------------------------- diff --git a/server/data/data-jpa/src/test/java/org/apache/james/user/jpa/model/JPAUserTest.java b/server/data/data-jpa/src/test/java/org/apache/james/user/jpa/model/JPAUserTest.java new file mode 100644 index 0000000..2e087aa --- /dev/null +++ b/server/data/data-jpa/src/test/java/org/apache/james/user/jpa/model/JPAUserTest.java @@ -0,0 +1,63 @@ +/**************************************************************** + * Licensed to the Apache Software Foundation (ASF) under one * + * or more contributor license agreements. See the NOTICE file * + * distributed with this work for additional information * + * regarding copyright ownership. The ASF licenses this file * + * to you under the Apache License, Version 2.0 (the * + * "License"); you may not use this file except in compliance * + * with the License. You may obtain a copy of the License at * + * * + * http://www.apache.org/licenses/LICENSE-2.0 * + * * + * Unless required by applicable law or agreed to in writing, * + * software distributed under the License is distributed on an * + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * + * KIND, either express or implied. See the License for the * + * specific language governing permissions and limitations * + * under the License. * + ****************************************************************/ +package org.apache.james.user.jpa.model; + +import org.assertj.core.api.Assertions; +import org.junit.jupiter.api.Test; + +class JPAUserTest { + + private static final String RANDOM_PASSWORD = "baeMiqu7"; + + @Test + void hashPasswordShouldBeNoopWhenNone() { + //I doubt the expected result was the author intent + Assertions.assertThat(JPAUser.hashPassword(RANDOM_PASSWORD, "NONE")).isEqualTo("password"); + } + + @Test + void hashPasswordShouldHashWhenMD5() { + Assertions.assertThat(JPAUser.hashPassword(RANDOM_PASSWORD, "MD5")).isEqualTo("702000e50c9fd3755b8fc20ecb07d1ac"); + } + + @Test + void hashPasswordShouldHashWhenSHA1() { + Assertions.assertThat(JPAUser.hashPassword(RANDOM_PASSWORD, "SHA1")).isEqualTo("05dbbaa7b4bcae245f14d19ae58ef1b80adf3363"); + } + + @Test + void hashPasswordShouldHashWhenSHA256() { + Assertions.assertThat(JPAUser.hashPassword(RANDOM_PASSWORD, "SHA-256")).isEqualTo("6d06c72a578fe0b78ede2393b07739831a287774dcad0b18bc4bde8b0c948b82"); + } + + @Test + void hashPasswordShouldHashWhenSHA512() { + Assertions.assertThat(JPAUser.hashPassword(RANDOM_PASSWORD, "SHA-512")).isEqualTo("f9cc82d1c04bb2ce0494a51f7a21d07ac60b6f79a8a55397f454603acac29d8589fdfd694d5c01ba01a346c76b090abca9ad855b5b0c92c6062ad6d93cdc0d03"); + } + + @Test + void hashPasswordShouldSha1WhenRandomString() { + Assertions.assertThat(JPAUser.hashPassword(RANDOM_PASSWORD, "random")).isEqualTo("05dbbaa7b4bcae245f14d19ae58ef1b80adf3363"); + } + + @Test + void hashPasswordShouldMD5WhenNull() { + Assertions.assertThat(JPAUser.hashPassword(RANDOM_PASSWORD, null)).isEqualTo("702000e50c9fd3755b8fc20ecb07d1ac"); + } +} \ No newline at end of file --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
