Search in sources :

Example 36 with HashedPassword

use of fr.xephi.authme.security.crypts.HashedPassword in project AuthMeReloaded by AuthMe.

the class SQLite method getPassword.

@Override
public HashedPassword getPassword(String user) {
    boolean useSalt = !col.SALT.isEmpty();
    String sql = "SELECT " + col.PASSWORD + (useSalt ? ", " + col.SALT : "") + " FROM " + tableName + " WHERE " + col.NAME + "=?";
    try (PreparedStatement pst = con.prepareStatement(sql)) {
        pst.setString(1, user);
        try (ResultSet rs = pst.executeQuery()) {
            if (rs.next()) {
                return new HashedPassword(rs.getString(col.PASSWORD), useSalt ? rs.getString(col.SALT) : null);
            }
        }
    } catch (SQLException ex) {
        logSqlException(ex);
    }
    return null;
}
Also used : SQLException(java.sql.SQLException) ResultSet(java.sql.ResultSet) PreparedStatement(java.sql.PreparedStatement) HashedPassword(fr.xephi.authme.security.crypts.HashedPassword)

Example 37 with HashedPassword

use of fr.xephi.authme.security.crypts.HashedPassword in project AuthMeReloaded by AuthMe.

the class AuthMeApiTest method shouldRegisterPlayer.

@Test
public void shouldRegisterPlayer() {
    // given
    String name = "Marco";
    String password = "myP4ss";
    HashedPassword hashedPassword = new HashedPassword("0395872SLKDFJOWEIUTEJSD");
    given(passwordSecurity.computeHash(password, name.toLowerCase())).willReturn(hashedPassword);
    given(dataSource.saveAuth(any(PlayerAuth.class))).willReturn(true);
    // when
    boolean result = api.registerPlayer(name, password);
    // then
    assertThat(result, equalTo(true));
    verify(passwordSecurity).computeHash(password, name.toLowerCase());
    ArgumentCaptor<PlayerAuth> authCaptor = ArgumentCaptor.forClass(PlayerAuth.class);
    verify(dataSource).saveAuth(authCaptor.capture());
    assertThat(authCaptor.getValue().getNickname(), equalTo(name.toLowerCase()));
    assertThat(authCaptor.getValue().getRealName(), equalTo(name));
    assertThat(authCaptor.getValue().getPassword(), equalTo(hashedPassword));
}
Also used : PlayerAuth(fr.xephi.authme.data.auth.PlayerAuth) HashedPassword(fr.xephi.authme.security.crypts.HashedPassword) Test(org.junit.Test)

Example 38 with HashedPassword

use of fr.xephi.authme.security.crypts.HashedPassword in project AuthMeReloaded by AuthMe.

the class EmailRegisterExecutorTest method shouldCreatePlayerAuth.

@Test
public void shouldCreatePlayerAuth() {
    // given
    given(commonService.getProperty(EmailSettings.RECOVERY_PASSWORD_LENGTH)).willReturn(12);
    given(passwordSecurity.computeHash(anyString(), anyString())).willAnswer(invocation -> new HashedPassword(invocation.getArgument(0)));
    Player player = mock(Player.class);
    TestHelper.mockPlayerIp(player, "123.45.67.89");
    given(player.getName()).willReturn("Veronica");
    EmailRegisterParams params = EmailRegisterParams.of(player, "test@example.com");
    // when
    PlayerAuth auth = executor.buildPlayerAuth(params);
    // then
    assertThat(auth, hasAuthBasicData("veronica", "Veronica", "test@example.com", null));
    assertThat(auth.getRegistrationIp(), equalTo("123.45.67.89"));
    assertIsCloseTo(auth.getRegistrationDate(), System.currentTimeMillis(), 1000);
    assertThat(auth.getPassword().getHash(), stringWithLength(12));
}
Also used : Player(org.bukkit.entity.Player) PlayerAuth(fr.xephi.authme.data.auth.PlayerAuth) HashedPassword(fr.xephi.authme.security.crypts.HashedPassword) Test(org.junit.Test)

Example 39 with HashedPassword

use of fr.xephi.authme.security.crypts.HashedPassword in project AuthMeReloaded by AuthMe.

the class HashAlgorithmIntegrationTest method shouldBeAbleToInstantiateEncryptionAlgorithms.

@Test
public void shouldBeAbleToInstantiateEncryptionAlgorithms() {
    // given / when / then
    for (HashAlgorithm algorithm : HashAlgorithm.values()) {
        if (!HashAlgorithm.CUSTOM.equals(algorithm) && !HashAlgorithm.PLAINTEXT.equals(algorithm)) {
            if (HashAlgorithm.ARGON2.equals(algorithm) && !Argon2.isLibraryLoaded()) {
                System.out.println("[WARNING] Cannot find argon2 library, skipping integration test");
                continue;
            }
            EncryptionMethod method = injector.createIfHasDependencies(algorithm.getClazz());
            if (method == null) {
                fail("Could not create '" + algorithm.getClazz() + "' - forgot to provide some class?");
            }
            HashedPassword hashedPassword = method.computeHash("pwd", "name");
            assertThat("Salt should not be null if method.hasSeparateSalt(), and vice versa. Method: '" + method + "'", StringUtils.isEmpty(hashedPassword.getSalt()), equalTo(!method.hasSeparateSalt()));
            assertThat("Hash should not be empty for method '" + method + "'", StringUtils.isEmpty(hashedPassword.getHash()), equalTo(false));
        }
    }
}
Also used : EncryptionMethod(fr.xephi.authme.security.crypts.EncryptionMethod) HashedPassword(fr.xephi.authme.security.crypts.HashedPassword) Test(org.junit.Test)

Example 40 with HashedPassword

use of fr.xephi.authme.security.crypts.HashedPassword in project AuthMeReloaded by AuthMe.

the class PasswordSecurityTest method shouldTryLegacyMethodsAndFail.

@Test
public void shouldTryLegacyMethodsAndFail() {
    // given
    HashedPassword password = new HashedPassword("hashNotMatchingAnyMethod", "someBogusSalt");
    String playerName = "asfd";
    String clearTextPass = "someInvalidPassword";
    given(dataSource.getPassword(playerName)).willReturn(password);
    given(method.comparePassword(clearTextPass, password, playerName)).willReturn(false);
    given(settings.getProperty(SecuritySettings.PASSWORD_HASH)).willReturn(HashAlgorithm.MD5);
    given(settings.getProperty(SecuritySettings.LEGACY_HASHES)).willReturn(newHashSet(HashAlgorithm.DOUBLEMD5, HashAlgorithm.JOOMLA, HashAlgorithm.SMF, HashAlgorithm.SHA256));
    passwordSecurity.reload();
    // when
    boolean result = passwordSecurity.comparePassword(clearTextPass, playerName);
    // then
    assertThat(result, equalTo(false));
    verify(dataSource, never()).updatePassword(anyString(), any(HashedPassword.class));
}
Also used : ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) HashedPassword(fr.xephi.authme.security.crypts.HashedPassword) Test(org.junit.Test)

Aggregations

HashedPassword (fr.xephi.authme.security.crypts.HashedPassword)55 Test (org.junit.Test)35 PlayerAuth (fr.xephi.authme.data.auth.PlayerAuth)22 Player (org.bukkit.entity.Player)14 ValidationResult (fr.xephi.authme.service.ValidationService.ValidationResult)9 CommandSender (org.bukkit.command.CommandSender)9 ArgumentMatchers.anyString (org.mockito.ArgumentMatchers.anyString)6 PasswordEncryptionEvent (fr.xephi.authme.events.PasswordEncryptionEvent)5 PreparedStatement (java.sql.PreparedStatement)4 ResultSet (java.sql.ResultSet)3 SQLException (java.sql.SQLException)3 ValidationService (fr.xephi.authme.service.ValidationService)2 Connection (java.sql.Connection)2 PotionEffect (org.bukkit.potion.PotionEffect)2 AuthMeMatchers.hasAuthLocation (fr.xephi.authme.AuthMeMatchers.hasAuthLocation)1 EncryptionMethod (fr.xephi.authme.security.crypts.EncryptionMethod)1 Joomla (fr.xephi.authme.security.crypts.Joomla)1 BufferedReader (java.io.BufferedReader)1 File (java.io.File)1 FileReader (java.io.FileReader)1