use of fr.xephi.authme.security.crypts.HashedPassword in project AuthMeReloaded by AuthMe.
the class SQLite method getPassword.
@Override
public HashedPassword getPassword(String user) {
boolean useSalt = !col.SALT.isEmpty();
String sql = "SELECT " + col.PASSWORD + (useSalt ? ", " + col.SALT : "") + " FROM " + tableName + " WHERE " + col.NAME + "=?";
try (PreparedStatement pst = con.prepareStatement(sql)) {
pst.setString(1, user);
try (ResultSet rs = pst.executeQuery()) {
if (rs.next()) {
return new HashedPassword(rs.getString(col.PASSWORD), useSalt ? rs.getString(col.SALT) : null);
}
}
} catch (SQLException ex) {
logSqlException(ex);
}
return null;
}
use of fr.xephi.authme.security.crypts.HashedPassword in project AuthMeReloaded by AuthMe.
the class AuthMeApiTest method shouldRegisterPlayer.
@Test
public void shouldRegisterPlayer() {
// given
String name = "Marco";
String password = "myP4ss";
HashedPassword hashedPassword = new HashedPassword("0395872SLKDFJOWEIUTEJSD");
given(passwordSecurity.computeHash(password, name.toLowerCase())).willReturn(hashedPassword);
given(dataSource.saveAuth(any(PlayerAuth.class))).willReturn(true);
// when
boolean result = api.registerPlayer(name, password);
// then
assertThat(result, equalTo(true));
verify(passwordSecurity).computeHash(password, name.toLowerCase());
ArgumentCaptor<PlayerAuth> authCaptor = ArgumentCaptor.forClass(PlayerAuth.class);
verify(dataSource).saveAuth(authCaptor.capture());
assertThat(authCaptor.getValue().getNickname(), equalTo(name.toLowerCase()));
assertThat(authCaptor.getValue().getRealName(), equalTo(name));
assertThat(authCaptor.getValue().getPassword(), equalTo(hashedPassword));
}
use of fr.xephi.authme.security.crypts.HashedPassword in project AuthMeReloaded by AuthMe.
the class EmailRegisterExecutorTest method shouldCreatePlayerAuth.
@Test
public void shouldCreatePlayerAuth() {
// given
given(commonService.getProperty(EmailSettings.RECOVERY_PASSWORD_LENGTH)).willReturn(12);
given(passwordSecurity.computeHash(anyString(), anyString())).willAnswer(invocation -> new HashedPassword(invocation.getArgument(0)));
Player player = mock(Player.class);
TestHelper.mockPlayerIp(player, "123.45.67.89");
given(player.getName()).willReturn("Veronica");
EmailRegisterParams params = EmailRegisterParams.of(player, "test@example.com");
// when
PlayerAuth auth = executor.buildPlayerAuth(params);
// then
assertThat(auth, hasAuthBasicData("veronica", "Veronica", "test@example.com", null));
assertThat(auth.getRegistrationIp(), equalTo("123.45.67.89"));
assertIsCloseTo(auth.getRegistrationDate(), System.currentTimeMillis(), 1000);
assertThat(auth.getPassword().getHash(), stringWithLength(12));
}
use of fr.xephi.authme.security.crypts.HashedPassword in project AuthMeReloaded by AuthMe.
the class HashAlgorithmIntegrationTest method shouldBeAbleToInstantiateEncryptionAlgorithms.
@Test
public void shouldBeAbleToInstantiateEncryptionAlgorithms() {
// given / when / then
for (HashAlgorithm algorithm : HashAlgorithm.values()) {
if (!HashAlgorithm.CUSTOM.equals(algorithm) && !HashAlgorithm.PLAINTEXT.equals(algorithm)) {
if (HashAlgorithm.ARGON2.equals(algorithm) && !Argon2.isLibraryLoaded()) {
System.out.println("[WARNING] Cannot find argon2 library, skipping integration test");
continue;
}
EncryptionMethod method = injector.createIfHasDependencies(algorithm.getClazz());
if (method == null) {
fail("Could not create '" + algorithm.getClazz() + "' - forgot to provide some class?");
}
HashedPassword hashedPassword = method.computeHash("pwd", "name");
assertThat("Salt should not be null if method.hasSeparateSalt(), and vice versa. Method: '" + method + "'", StringUtils.isEmpty(hashedPassword.getSalt()), equalTo(!method.hasSeparateSalt()));
assertThat("Hash should not be empty for method '" + method + "'", StringUtils.isEmpty(hashedPassword.getHash()), equalTo(false));
}
}
}
use of fr.xephi.authme.security.crypts.HashedPassword in project AuthMeReloaded by AuthMe.
the class PasswordSecurityTest method shouldTryLegacyMethodsAndFail.
@Test
public void shouldTryLegacyMethodsAndFail() {
// given
HashedPassword password = new HashedPassword("hashNotMatchingAnyMethod", "someBogusSalt");
String playerName = "asfd";
String clearTextPass = "someInvalidPassword";
given(dataSource.getPassword(playerName)).willReturn(password);
given(method.comparePassword(clearTextPass, password, playerName)).willReturn(false);
given(settings.getProperty(SecuritySettings.PASSWORD_HASH)).willReturn(HashAlgorithm.MD5);
given(settings.getProperty(SecuritySettings.LEGACY_HASHES)).willReturn(newHashSet(HashAlgorithm.DOUBLEMD5, HashAlgorithm.JOOMLA, HashAlgorithm.SMF, HashAlgorithm.SHA256));
passwordSecurity.reload();
// when
boolean result = passwordSecurity.comparePassword(clearTextPass, playerName);
// then
assertThat(result, equalTo(false));
verify(dataSource, never()).updatePassword(anyString(), any(HashedPassword.class));
}
Aggregations