Search in sources :

Example 26 with HashedPassword

use of fr.xephi.authme.security.crypts.HashedPassword in project AuthMeReloaded by AuthMe.

the class PasswordSecurityTest method shouldTryOtherMethodsForFailedPassword.

@Test
public void shouldTryOtherMethodsForFailedPassword() {
    // given
    // BCRYPT hash for "Test"
    HashedPassword password = new HashedPassword("$2y$10$2e6d2193f43501c926e25elvWlPmWczmrfrnbZV0dUZGITjYjnkkW");
    String playerName = "somePlayer";
    String playerLowerCase = playerName.toLowerCase();
    String clearTextPass = "Test";
    // MD5 hash for "Test"
    HashedPassword newPassword = new HashedPassword("0cbc6611f5540bd0809a388dc95a615b");
    given(dataSource.getPassword(argThat(equalToIgnoringCase(playerName)))).willReturn(password);
    given(method.comparePassword(clearTextPass, password, playerLowerCase)).willReturn(false);
    given(method.computeHash(clearTextPass, playerLowerCase)).willReturn(newPassword);
    given(settings.getProperty(SecuritySettings.PASSWORD_HASH)).willReturn(HashAlgorithm.MD5);
    given(settings.getProperty(SecuritySettings.LEGACY_HASHES)).willReturn(newHashSet(HashAlgorithm.BCRYPT));
    passwordSecurity.reload();
    // when
    boolean result = passwordSecurity.comparePassword(clearTextPass, playerName);
    // then
    assertThat(result, equalTo(true));
    // Note ljacqu 20151230: We need to check the player name in a case-insensitive way because the methods within
    // PasswordSecurity may convert the name into all lower-case. This is desired because EncryptionMethod methods
    // should only be invoked with all lower-case names. Data source is case-insensitive itself, so this is fine.
    verify(dataSource).getPassword(argThat(equalToIgnoringCase(playerName)));
    verify(pluginManager, times(2)).callEvent(any(PasswordEncryptionEvent.class));
    verify(method).comparePassword(clearTextPass, password, playerLowerCase);
    verify(dataSource).updatePassword(playerLowerCase, newPassword);
}
Also used : PasswordEncryptionEvent(fr.xephi.authme.events.PasswordEncryptionEvent) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) HashedPassword(fr.xephi.authme.security.crypts.HashedPassword) Test(org.junit.Test)

Example 27 with HashedPassword

use of fr.xephi.authme.security.crypts.HashedPassword in project AuthMeReloaded by AuthMe.

the class PasswordSecurityTest method shouldHashPassword.

@Test
public void shouldHashPassword() {
    // given
    String password = "MyP@ssword";
    String username = "theUserInTest";
    String usernameLowerCase = username.toLowerCase();
    HashedPassword hashedPassword = new HashedPassword("$T$est#Hash", "__someSalt__");
    given(method.computeHash(password, usernameLowerCase)).willReturn(hashedPassword);
    given(settings.getProperty(SecuritySettings.PASSWORD_HASH)).willReturn(HashAlgorithm.JOOMLA);
    passwordSecurity.reload();
    // when
    HashedPassword result = passwordSecurity.computeHash(password, username);
    // then
    assertThat(result, equalTo(hashedPassword));
    // Check that an event was fired twice: once on test setup, and once because we called reload()
    verify(pluginManager, times(2)).callEvent(any(PasswordEncryptionEvent.class));
    assertThat(Joomla.class.equals(caughtClassInEvent), equalTo(true));
}
Also used : PasswordEncryptionEvent(fr.xephi.authme.events.PasswordEncryptionEvent) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) HashedPassword(fr.xephi.authme.security.crypts.HashedPassword) Joomla(fr.xephi.authme.security.crypts.Joomla) Test(org.junit.Test)

Example 28 with HashedPassword

use of fr.xephi.authme.security.crypts.HashedPassword in project AuthMeReloaded by AuthMe.

the class AsyncChangePasswordTest method shouldUpdatePasswordOfLoggedInUser.

@Test
public void shouldUpdatePasswordOfLoggedInUser() {
    // given
    CommandSender sender = mock(CommandSender.class);
    String player = "my_user12";
    String password = "passPass";
    given(playerCache.isAuthenticated(player)).willReturn(true);
    HashedPassword hashedPassword = mock(HashedPassword.class);
    given(passwordSecurity.computeHash(password, player)).willReturn(hashedPassword);
    given(dataSource.updatePassword(player, hashedPassword)).willReturn(true);
    // when
    asyncChangePassword.changePasswordAsAdmin(sender, player, password);
    // then
    verify(commonService).send(sender, MessageKey.PASSWORD_CHANGED_SUCCESS);
    verify(passwordSecurity).computeHash(password, player);
    verify(dataSource).updatePassword(player, hashedPassword);
}
Also used : CommandSender(org.bukkit.command.CommandSender) HashedPassword(fr.xephi.authme.security.crypts.HashedPassword) Test(org.junit.Test)

Example 29 with HashedPassword

use of fr.xephi.authme.security.crypts.HashedPassword in project AuthMeReloaded by AuthMe.

the class SetPasswordCommand method runCommand.

@Override
protected void runCommand(Player player, List<String> arguments) {
    if (recoveryService.canChangePassword(player)) {
        String name = player.getName();
        String password = arguments.get(0);
        ValidationResult result = validationService.validatePassword(password, name);
        if (!result.hasError()) {
            HashedPassword hashedPassword = passwordSecurity.computeHash(password, name);
            dataSource.updatePassword(name, hashedPassword);
            ConsoleLogger.info("Player '" + name + "' has changed their password from recovery");
            commonService.send(player, MessageKey.PASSWORD_CHANGED_SUCCESS);
        } else {
            commonService.send(player, result.getMessageKey(), result.getArgs());
        }
    }
}
Also used : ValidationResult(fr.xephi.authme.service.ValidationService.ValidationResult) HashedPassword(fr.xephi.authme.security.crypts.HashedPassword)

Example 30 with HashedPassword

use of fr.xephi.authme.security.crypts.HashedPassword in project AuthMeReloaded by AuthMe.

the class MySQL method getPassword.

@Override
public HashedPassword getPassword(String user) {
    boolean useSalt = !col.SALT.isEmpty();
    String sql = "SELECT " + col.PASSWORD + (useSalt ? ", " + col.SALT : "") + " FROM " + tableName + " WHERE " + col.NAME + "=?;";
    try (Connection con = getConnection();
        PreparedStatement pst = con.prepareStatement(sql)) {
        pst.setString(1, user.toLowerCase());
        try (ResultSet rs = pst.executeQuery()) {
            if (rs.next()) {
                return new HashedPassword(rs.getString(col.PASSWORD), useSalt ? rs.getString(col.SALT) : null);
            }
        }
    } catch (SQLException ex) {
        logSqlException(ex);
    }
    return null;
}
Also used : SQLException(java.sql.SQLException) Connection(java.sql.Connection) ResultSet(java.sql.ResultSet) PreparedStatement(java.sql.PreparedStatement) HashedPassword(fr.xephi.authme.security.crypts.HashedPassword)

Aggregations

HashedPassword (fr.xephi.authme.security.crypts.HashedPassword)55 Test (org.junit.Test)35 PlayerAuth (fr.xephi.authme.data.auth.PlayerAuth)22 Player (org.bukkit.entity.Player)14 ValidationResult (fr.xephi.authme.service.ValidationService.ValidationResult)9 CommandSender (org.bukkit.command.CommandSender)9 ArgumentMatchers.anyString (org.mockito.ArgumentMatchers.anyString)6 PasswordEncryptionEvent (fr.xephi.authme.events.PasswordEncryptionEvent)5 PreparedStatement (java.sql.PreparedStatement)4 ResultSet (java.sql.ResultSet)3 SQLException (java.sql.SQLException)3 ValidationService (fr.xephi.authme.service.ValidationService)2 Connection (java.sql.Connection)2 PotionEffect (org.bukkit.potion.PotionEffect)2 AuthMeMatchers.hasAuthLocation (fr.xephi.authme.AuthMeMatchers.hasAuthLocation)1 EncryptionMethod (fr.xephi.authme.security.crypts.EncryptionMethod)1 Joomla (fr.xephi.authme.security.crypts.Joomla)1 BufferedReader (java.io.BufferedReader)1 File (java.io.File)1 FileReader (java.io.FileReader)1