Examples with Password com.emc.storageos.security.password.Password used on opensource projects

Example 1 with Password

use of com.emc.storageos.security.password.Password in project coprhd-controller by CoprHD.

the class AuthenticationResource method validateLocalUserExpiration.

/**
 * validate if local user's password expired
 *
 * @param credentials
 */
private void validateLocalUserExpiration(UsernamePasswordCredentials credentials) {
    // skip validation, if user is not a local one.
    if (!_passwordUtils.isLocalUser(credentials.getUserName())) {
        return;
    }
    PasswordValidator validator = ValidatorFactory.buildExpireValidator(_passwordUtils.getConfigProperties());
    Password password = new Password(credentials.getUserName(), credentials.getPassword(), null);
    password.setPasswordHistory(_passwordUtils.getPasswordHistory(credentials.getUserName()));
    validator.validate(password);
}

Example 2 with Password

use of com.emc.storageos.security.password.Password in project coprhd-controller by CoprHD.

the class PasswordValidationUnitTest method testExpireRule.

@Test
public void testExpireRule() {
    ExpireRule expireRule = new ExpireRule(1);
    long current = System.currentTimeMillis();
    long twoDaysAgo = current - 2 * 24 * 60 * 60 * 1000;
    Password password = new Password("svcuser", "oldpassword", "password");
    PasswordHistory passwordHistory = new PasswordHistory();
    LongMap map = new LongMap();
    map.put("hashedPassword", twoDaysAgo);
    passwordHistory.setUserPasswordHash(map);
    password.setPasswordHistory(passwordHistory);
    logger.info("current=" + current + ", 2daysAgo = " + twoDaysAgo);
    try {
        expireRule.validate(password);
        Assert.fail("password already expired, should fail");
    } catch (BadRequestException e) {
        logger.info(e.getServiceCode().toString());
        logger.info(e.getMessage());
    }
}

Example 3 with Password

use of com.emc.storageos.security.password.Password in project coprhd-controller by CoprHD.

the class PasswordValidationUnitTest method changedNumberRule.

@Test
public void changedNumberRule() {
    ChangedNumberRule rule = new ChangedNumberRule(4);
    Password password = new Password("1122334455", "1122334455");
    try {
        rule.validate(password);
        Assert.fail("old password same as new password, should fail");
    } catch (BadRequestException e) {
        logger.info(e.getServiceCode().toString());
        logger.info(e.getMessage());
        Assert.assertTrue(e.getMessage().contains("characters be changed between the old and new passwords"));
    }
    try {
        password = new Password("aab2334455", "1122334455");
        rule.validate(password);
        Assert.fail("old password 3 characters differ than new password, should fail");
    } catch (BadRequestException e) {
        logger.info(e.getServiceCode().toString());
        logger.info(e.getMessage());
        Assert.assertTrue(e.getMessage().contains("characters be changed between the old and new passwords"));
    }
    // test change number of characters between passwords applies Levenshtein Distance
    try {
        password = new Password("ChangeMe", "hangeMe");
        rule.validate(password);
        Assert.fail("only remove 1 character from front, should fail");
    } catch (BadRequestException e) {
        logger.info(e.getServiceCode().toString());
        logger.info(e.getMessage());
        Assert.assertTrue(e.getMessage().contains("characters be changed between the old and new passwords"));
    }
    try {
        password = new Password("ChangeMe", "ChIangeMe");
        rule.validate(password);
        Assert.fail("only insert 1 character in the middle, should fail");
    } catch (BadRequestException e) {
        logger.info(e.getServiceCode().toString());
        logger.info(e.getMessage());
        Assert.assertTrue(e.getMessage().contains("characters be changed between the old and new passwords"));
    }
    password = new Password("aabb334455", "1122334455");
    rule.validate(password);
}

Example 4 with Password

use of com.emc.storageos.security.password.Password in project coprhd-controller by CoprHD.

the class PasswordValidationUnitTest method testPasswordHistorySort.

@Test
public void testPasswordHistorySort() {
    long current = System.currentTimeMillis();
    long oneDayAgo = current - 1 * 24 * 60 * 60 * 1000;
    long twoDaysAgo = current - 2 * 24 * 60 * 60 * 1000;
    long threeDaysAgo = current - 3 * 24 * 60 * 60 * 1000;
    logger.info("oneDayAgo = " + oneDayAgo);
    logger.info("twoDaysAgo = " + twoDaysAgo);
    logger.info("threeDaysAgo = " + threeDaysAgo);
    Password password = new Password("svcuser", "oldpassword", "password");
    PasswordHistory passwordHistory = new PasswordHistory();
    LongMap map = new LongMap();
    map.put("hashedPassword1", oneDayAgo);
    map.put("hashedPassword3", threeDaysAgo);
    map.put("hashedPassword2", twoDaysAgo);
    passwordHistory.setUserPasswordHash(map);
    password.setPasswordHistory(passwordHistory);
    long latestChangedTime = password.getLatestChangedTime();
    logger.info("latestChangedTime = " + latestChangedTime);
    Assert.assertEquals(latestChangedTime, oneDayAgo);
    List<String> passwords = password.getPreviousPasswords(3);
    logger.info("password sorted:");
    for (String p : passwords) {
        logger.info(p);
    }
    Assert.assertTrue(passwords.get(0).equals("hashedPassword1"));
    Assert.assertTrue(passwords.get(1).equals("hashedPassword2"));
    Assert.assertTrue(passwords.get(2).equals("hashedPassword3"));
}