use of fr.xephi.authme.security.crypts.HashedPassword in project AuthMeReloaded by AuthMe.
the class PasswordSecurityTest method shouldTryOtherMethodsForFailedPassword.
@Test
public void shouldTryOtherMethodsForFailedPassword() {
// given
// BCRYPT hash for "Test"
HashedPassword password = new HashedPassword("$2y$10$2e6d2193f43501c926e25elvWlPmWczmrfrnbZV0dUZGITjYjnkkW");
String playerName = "somePlayer";
String playerLowerCase = playerName.toLowerCase();
String clearTextPass = "Test";
// MD5 hash for "Test"
HashedPassword newPassword = new HashedPassword("0cbc6611f5540bd0809a388dc95a615b");
given(dataSource.getPassword(argThat(equalToIgnoringCase(playerName)))).willReturn(password);
given(method.comparePassword(clearTextPass, password, playerLowerCase)).willReturn(false);
given(method.computeHash(clearTextPass, playerLowerCase)).willReturn(newPassword);
given(settings.getProperty(SecuritySettings.PASSWORD_HASH)).willReturn(HashAlgorithm.MD5);
given(settings.getProperty(SecuritySettings.LEGACY_HASHES)).willReturn(newHashSet(HashAlgorithm.BCRYPT));
passwordSecurity.reload();
// when
boolean result = passwordSecurity.comparePassword(clearTextPass, playerName);
// then
assertThat(result, equalTo(true));
// Note ljacqu 20151230: We need to check the player name in a case-insensitive way because the methods within
// PasswordSecurity may convert the name into all lower-case. This is desired because EncryptionMethod methods
// should only be invoked with all lower-case names. Data source is case-insensitive itself, so this is fine.
verify(dataSource).getPassword(argThat(equalToIgnoringCase(playerName)));
verify(pluginManager, times(2)).callEvent(any(PasswordEncryptionEvent.class));
verify(method).comparePassword(clearTextPass, password, playerLowerCase);
verify(dataSource).updatePassword(playerLowerCase, newPassword);
}
use of fr.xephi.authme.security.crypts.HashedPassword in project AuthMeReloaded by AuthMe.
the class PasswordSecurityTest method shouldHashPassword.
@Test
public void shouldHashPassword() {
// given
String password = "MyP@ssword";
String username = "theUserInTest";
String usernameLowerCase = username.toLowerCase();
HashedPassword hashedPassword = new HashedPassword("$T$est#Hash", "__someSalt__");
given(method.computeHash(password, usernameLowerCase)).willReturn(hashedPassword);
given(settings.getProperty(SecuritySettings.PASSWORD_HASH)).willReturn(HashAlgorithm.JOOMLA);
passwordSecurity.reload();
// when
HashedPassword result = passwordSecurity.computeHash(password, username);
// then
assertThat(result, equalTo(hashedPassword));
// Check that an event was fired twice: once on test setup, and once because we called reload()
verify(pluginManager, times(2)).callEvent(any(PasswordEncryptionEvent.class));
assertThat(Joomla.class.equals(caughtClassInEvent), equalTo(true));
}
use of fr.xephi.authme.security.crypts.HashedPassword in project AuthMeReloaded by AuthMe.
the class AsyncChangePasswordTest method shouldUpdatePasswordOfLoggedInUser.
@Test
public void shouldUpdatePasswordOfLoggedInUser() {
// given
CommandSender sender = mock(CommandSender.class);
String player = "my_user12";
String password = "passPass";
given(playerCache.isAuthenticated(player)).willReturn(true);
HashedPassword hashedPassword = mock(HashedPassword.class);
given(passwordSecurity.computeHash(password, player)).willReturn(hashedPassword);
given(dataSource.updatePassword(player, hashedPassword)).willReturn(true);
// when
asyncChangePassword.changePasswordAsAdmin(sender, player, password);
// then
verify(commonService).send(sender, MessageKey.PASSWORD_CHANGED_SUCCESS);
verify(passwordSecurity).computeHash(password, player);
verify(dataSource).updatePassword(player, hashedPassword);
}
use of fr.xephi.authme.security.crypts.HashedPassword in project AuthMeReloaded by AuthMe.
the class SetPasswordCommand method runCommand.
@Override
protected void runCommand(Player player, List<String> arguments) {
if (recoveryService.canChangePassword(player)) {
String name = player.getName();
String password = arguments.get(0);
ValidationResult result = validationService.validatePassword(password, name);
if (!result.hasError()) {
HashedPassword hashedPassword = passwordSecurity.computeHash(password, name);
dataSource.updatePassword(name, hashedPassword);
ConsoleLogger.info("Player '" + name + "' has changed their password from recovery");
commonService.send(player, MessageKey.PASSWORD_CHANGED_SUCCESS);
} else {
commonService.send(player, result.getMessageKey(), result.getArgs());
}
}
}
use of fr.xephi.authme.security.crypts.HashedPassword in project AuthMeReloaded by AuthMe.
the class MySQL method getPassword.
@Override
public HashedPassword getPassword(String user) {
boolean useSalt = !col.SALT.isEmpty();
String sql = "SELECT " + col.PASSWORD + (useSalt ? ", " + col.SALT : "") + " FROM " + tableName + " WHERE " + col.NAME + "=?;";
try (Connection con = getConnection();
PreparedStatement pst = con.prepareStatement(sql)) {
pst.setString(1, user.toLowerCase());
try (ResultSet rs = pst.executeQuery()) {
if (rs.next()) {
return new HashedPassword(rs.getString(col.PASSWORD), useSalt ? rs.getString(col.SALT) : null);
}
}
} catch (SQLException ex) {
logSqlException(ex);
}
return null;
}
Aggregations