Search in sources :

Example 46 with HashedPassword

use of fr.xephi.authme.security.crypts.HashedPassword in project AuthMeReloaded by AuthMe.

the class PasswordSecurityTest method shouldTryLegacyMethodsAndFail.

@Test
public void shouldTryLegacyMethodsAndFail() {
    // given
    HashedPassword password = new HashedPassword("hashNotMatchingAnyMethod", "someBogusSalt");
    String playerName = "asfd";
    String clearTextPass = "someInvalidPassword";
    given(dataSource.getPassword(playerName)).willReturn(password);
    given(method.comparePassword(clearTextPass, password, playerName)).willReturn(false);
    given(settings.getProperty(SecuritySettings.PASSWORD_HASH)).willReturn(HashAlgorithm.MD5);
    given(settings.getProperty(SecuritySettings.LEGACY_HASHES)).willReturn(newHashSet(HashAlgorithm.DOUBLEMD5, HashAlgorithm.JOOMLA, HashAlgorithm.SMF, HashAlgorithm.SHA256));
    passwordSecurity.reload();
    // when
    boolean result = passwordSecurity.comparePassword(clearTextPass, playerName);
    // then
    assertThat(result, equalTo(false));
    verify(dataSource, never()).updatePassword(anyString(), any(HashedPassword.class));
}
Also used : ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) HashedPassword(fr.xephi.authme.security.crypts.HashedPassword) Test(org.junit.Test)

Example 47 with HashedPassword

use of fr.xephi.authme.security.crypts.HashedPassword in project AuthMeReloaded by AuthMe.

the class AsynchronousUnregisterTest method shouldNotApplyUnregisteredEffectsForNotForcedRegistration.

@Test
public void shouldNotApplyUnregisteredEffectsForNotForcedRegistration() {
    // given
    Player player = mock(Player.class);
    String name = "__FranK";
    given(player.getName()).willReturn(name);
    given(player.isOnline()).willReturn(true);
    String userPassword = "141$$5ad";
    HashedPassword password = new HashedPassword("ttt123");
    PlayerAuth auth = PlayerAuth.builder().name(name).password(password).build();
    given(playerCache.getAuth(name)).willReturn(auth);
    given(passwordSecurity.comparePassword(userPassword, password, name)).willReturn(true);
    given(dataSource.removeAuth(name)).willReturn(true);
    given(service.getProperty(RegistrationSettings.FORCE)).willReturn(false);
    setBukkitServiceToScheduleSyncTaskFromOptionallyAsyncTask(bukkitService);
    // when
    asynchronousUnregister.unregister(player, userPassword);
    // then
    verify(service).send(player, MessageKey.UNREGISTERED_SUCCESS);
    verify(passwordSecurity).comparePassword(userPassword, password, name);
    verify(dataSource).removeAuth(name);
    verify(playerCache).removePlayer(name);
    verifyNoInteractions(teleportationService, limboService);
    verifyCalledUnregisterEventFor(player);
    verify(bungeeSender).sendAuthMeBungeecordMessage(MessageType.UNREGISTER, name);
    verify(commandManager).runCommandsOnUnregister(player);
}
Also used : Player(org.bukkit.entity.Player) PlayerAuth(fr.xephi.authme.data.auth.PlayerAuth) HashedPassword(fr.xephi.authme.security.crypts.HashedPassword) Test(org.junit.Test)

Example 48 with HashedPassword

use of fr.xephi.authme.security.crypts.HashedPassword in project AuthMeReloaded by AuthMe.

the class AsynchronousUnregisterTest method shouldNotTeleportOfflinePlayer.

@Test
public void shouldNotTeleportOfflinePlayer() {
    // given
    Player player = mock(Player.class);
    String name = "Frank21";
    given(player.getName()).willReturn(name);
    given(player.isOnline()).willReturn(false);
    PlayerAuth auth = mock(PlayerAuth.class);
    given(playerCache.getAuth(name)).willReturn(auth);
    HashedPassword password = new HashedPassword("password", "in_auth_obj");
    given(auth.getPassword()).willReturn(password);
    String userPassword = "pass";
    given(passwordSecurity.comparePassword(userPassword, password, name)).willReturn(true);
    given(dataSource.removeAuth(name)).willReturn(true);
    // when
    asynchronousUnregister.unregister(player, userPassword);
    // then
    verify(passwordSecurity).comparePassword(userPassword, password, name);
    verify(dataSource).removeAuth(name);
    verify(playerCache).removePlayer(name);
    verifyNoInteractions(teleportationService);
    verifyCalledUnregisterEventFor(player);
    verify(bungeeSender).sendAuthMeBungeecordMessage(MessageType.UNREGISTER, name);
}
Also used : Player(org.bukkit.entity.Player) PlayerAuth(fr.xephi.authme.data.auth.PlayerAuth) HashedPassword(fr.xephi.authme.security.crypts.HashedPassword) Test(org.junit.Test)

Example 49 with HashedPassword

use of fr.xephi.authme.security.crypts.HashedPassword in project AuthMeReloaded by AuthMe.

the class AsynchronousUnregisterTest method shouldHandleDatabaseError.

@Test
public void shouldHandleDatabaseError() {
    // given
    Player player = mock(Player.class);
    String name = "Frank21";
    given(player.getName()).willReturn(name);
    PlayerAuth auth = mock(PlayerAuth.class);
    given(playerCache.getAuth(name)).willReturn(auth);
    HashedPassword password = new HashedPassword("password", "in_auth_obj");
    given(auth.getPassword()).willReturn(password);
    String userPassword = "pass";
    given(passwordSecurity.comparePassword(userPassword, password, name)).willReturn(true);
    given(dataSource.removeAuth(name)).willReturn(false);
    // when
    asynchronousUnregister.unregister(player, userPassword);
    // then
    verify(passwordSecurity).comparePassword(userPassword, password, name);
    verify(dataSource).removeAuth(name);
    verify(service).send(player, MessageKey.ERROR);
    verifyNoInteractions(teleportationService, bukkitService, bungeeSender);
}
Also used : Player(org.bukkit.entity.Player) PlayerAuth(fr.xephi.authme.data.auth.PlayerAuth) HashedPassword(fr.xephi.authme.security.crypts.HashedPassword) Test(org.junit.Test)

Example 50 with HashedPassword

use of fr.xephi.authme.security.crypts.HashedPassword in project AuthMeReloaded by AuthMe.

the class AsyncChangePasswordTest method shouldReportWhenSaveFailed.

@Test
public void shouldReportWhenSaveFailed() {
    // given
    CommandSender sender = mock(CommandSender.class);
    String player = "my_user12";
    String password = "passPass";
    given(playerCache.isAuthenticated(player)).willReturn(true);
    HashedPassword hashedPassword = mock(HashedPassword.class);
    given(passwordSecurity.computeHash(password, player)).willReturn(hashedPassword);
    given(dataSource.updatePassword(player, hashedPassword)).willReturn(false);
    // when
    asyncChangePassword.changePasswordAsAdmin(sender, player, password);
    // then
    verify(commonService).send(sender, MessageKey.ERROR);
    verify(passwordSecurity).computeHash(password, player);
    verify(dataSource).updatePassword(player, hashedPassword);
}
Also used : CommandSender(org.bukkit.command.CommandSender) HashedPassword(fr.xephi.authme.security.crypts.HashedPassword) Test(org.junit.Test)

Aggregations

HashedPassword (fr.xephi.authme.security.crypts.HashedPassword)55 Test (org.junit.Test)35 PlayerAuth (fr.xephi.authme.data.auth.PlayerAuth)22 Player (org.bukkit.entity.Player)14 ValidationResult (fr.xephi.authme.service.ValidationService.ValidationResult)9 CommandSender (org.bukkit.command.CommandSender)9 ArgumentMatchers.anyString (org.mockito.ArgumentMatchers.anyString)6 PasswordEncryptionEvent (fr.xephi.authme.events.PasswordEncryptionEvent)5 PreparedStatement (java.sql.PreparedStatement)4 ResultSet (java.sql.ResultSet)3 SQLException (java.sql.SQLException)3 ValidationService (fr.xephi.authme.service.ValidationService)2 Connection (java.sql.Connection)2 PotionEffect (org.bukkit.potion.PotionEffect)2 AuthMeMatchers.hasAuthLocation (fr.xephi.authme.AuthMeMatchers.hasAuthLocation)1 EncryptionMethod (fr.xephi.authme.security.crypts.EncryptionMethod)1 Joomla (fr.xephi.authme.security.crypts.Joomla)1 BufferedReader (java.io.BufferedReader)1 File (java.io.File)1 FileReader (java.io.FileReader)1