From 39622d8b2bff05744ad36148d5ff276ecca58756 Mon Sep 17 00:00:00 2001 From: j2blake Date: Fri, 13 May 2011 21:20:28 +0000 Subject: [PATCH] Move the MD5 hashing algorithm into Authenticator where it belongs. --- .../authenticate/Authenticator.java | 25 +++++++++++++++++++ .../authenticate/BasicAuthenticator.java | 13 +++++----- .../webapp/controller/edit/Authenticate.java | 16 ------------ .../controller/edit/UserRetryController.java | 3 ++- .../authenticate/AuthenticatorStub.java | 3 +-- .../authenticate/ProgramLoginTest.java | 4 +-- .../controller/edit/AuthenticateTest.java | 3 ++- 7 files changed, 37 insertions(+), 30 deletions(-) diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/authenticate/Authenticator.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/authenticate/Authenticator.java index 15df5bb25..a212fbe1a 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/authenticate/Authenticator.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/authenticate/Authenticator.java @@ -2,10 +2,14 @@ package edu.cornell.mannlib.vitro.webapp.controller.authenticate; +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; import java.util.List; import javax.servlet.http.HttpServletRequest; +import org.apache.commons.codec.binary.Hex; + import edu.cornell.mannlib.vedit.beans.LoginStatusBean.AuthenticationSource; import edu.cornell.mannlib.vitro.webapp.beans.User; @@ -115,4 +119,25 @@ public abstract class Authenticator { */ public abstract void recordUserIsLoggedOut(); + // ---------------------------------------------------------------------- + // Public utility methods. + // ---------------------------------------------------------------------- + + /** + * Apply MD5 to this string, and encode as a string of hex digits. Just + * right for storing passwords in the database, or hashing the password + * link. + */ + public static String applyMd5Encoding(String raw) { + try { + MessageDigest md = MessageDigest.getInstance("MD5"); + byte[] digest = md.digest(raw.getBytes()); + char[] hexChars = Hex.encodeHex(digest); + return new String(hexChars).toUpperCase(); + } catch (NoSuchAlgorithmException e) { + // This can't happen with a normal Java runtime. + throw new RuntimeException(e); + } + } + } diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/authenticate/BasicAuthenticator.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/authenticate/BasicAuthenticator.java index ebbd5a09c..a24f5bf45 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/authenticate/BasicAuthenticator.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/authenticate/BasicAuthenticator.java @@ -66,8 +66,7 @@ public class BasicAuthenticator extends Authenticator { return false; } - String md5NewPassword = Authenticate - .applyMd5Encoding(clearTextPassword); + String md5NewPassword = applyMd5Encoding(clearTextPassword); return md5NewPassword.equals(user.getMd5password()); } @@ -90,7 +89,7 @@ public class BasicAuthenticator extends Authenticator { return; } user.setOldPassword(user.getMd5password()); - user.setMd5password(Authenticate.applyMd5Encoding(newClearTextPassword)); + user.setMd5password(applyMd5Encoding(newClearTextPassword)); getUserDao().updateUser(user); } @@ -226,7 +225,7 @@ public class BasicAuthenticator extends Authenticator { if (iDao == null) { return Collections.emptyList(); } - + String selfEditorUri = SelfEditingConfiguration.getBean(request) .getIndividualUriFromUsername(iDao, username); if (selfEditorUri == null) { @@ -313,15 +312,15 @@ public class BasicAuthenticator extends Authenticator { if (wadf == null) { return null; } - + IndividualDao individualDao = wadf.getIndividualDao(); if (individualDao == null) { log.error("getIndividualDao: no IndividualDao"); } - + return individualDao; } - + /** * Get a reference to the WebappDaoFactory, or null. */ diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/Authenticate.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/Authenticate.java index 34913c4c2..f91d3be49 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/Authenticate.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/Authenticate.java @@ -493,22 +493,6 @@ public class Authenticate extends VitroHttpServlet { // Public utility methods. // ---------------------------------------------------------------------- - /** - * Encode this password for storage in the database. Apply an MD5 encoding, - * and store the result as a string of hex digits. - */ - public static String applyMd5Encoding(String password) { - try { - MessageDigest md = MessageDigest.getInstance("MD5"); - byte[] digest = md.digest(password.getBytes()); - char[] hexChars = Hex.encodeHex(digest); - return new String(hexChars).toUpperCase(); - } catch (NoSuchAlgorithmException e) { - // This can't happen with a normal Java runtime. - throw new RuntimeException(e); - } - } - /** * The servlet context should contain a map from User URIs to * {@link HttpSession}s. Get a reference to it, creating it if necessary. diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/UserRetryController.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/UserRetryController.java index 63eacb371..221270593 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/UserRetryController.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/UserRetryController.java @@ -33,6 +33,7 @@ import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.ManageUser import edu.cornell.mannlib.vitro.webapp.beans.User; import edu.cornell.mannlib.vitro.webapp.controller.Controllers; import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest; +import edu.cornell.mannlib.vitro.webapp.controller.authenticate.Authenticator; import edu.cornell.mannlib.vitro.webapp.dao.UserDao; public class UserRetryController extends BaseEditController { @@ -355,7 +356,7 @@ public class UserRetryController extends BaseEditController { log.error("Can't encode a null password"); } - String encodedPassword = Authenticate.applyMd5Encoding(rawPassword); + String encodedPassword = Authenticator.applyMd5Encoding(rawPassword); log.trace(action + ": Raw password '" + rawPassword + "', encoded '" + encodedPassword + "'"); diff --git a/webapp/test/edu/cornell/mannlib/vitro/webapp/controller/authenticate/AuthenticatorStub.java b/webapp/test/edu/cornell/mannlib/vitro/webapp/controller/authenticate/AuthenticatorStub.java index 5488d91fb..4d5c1e09a 100644 --- a/webapp/test/edu/cornell/mannlib/vitro/webapp/controller/authenticate/AuthenticatorStub.java +++ b/webapp/test/edu/cornell/mannlib/vitro/webapp/controller/authenticate/AuthenticatorStub.java @@ -13,7 +13,6 @@ import javax.servlet.http.HttpServletRequest; import edu.cornell.mannlib.vedit.beans.LoginStatusBean; import edu.cornell.mannlib.vedit.beans.LoginStatusBean.AuthenticationSource; import edu.cornell.mannlib.vitro.webapp.beans.User; -import edu.cornell.mannlib.vitro.webapp.controller.edit.Authenticate; /** * A simple stub for unit tests that require an Authenticator. Call setup() to @@ -137,7 +136,7 @@ public class AuthenticatorStub extends Authenticator { if (!isExistingUser(username)) { return false; } - String md5Password = Authenticate.applyMd5Encoding(clearTextPassword); + String md5Password = applyMd5Encoding(clearTextPassword); User user = getUserByUsername(username); return md5Password.equals(user.getMd5password()); } diff --git a/webapp/test/edu/cornell/mannlib/vitro/webapp/controller/authenticate/ProgramLoginTest.java b/webapp/test/edu/cornell/mannlib/vitro/webapp/controller/authenticate/ProgramLoginTest.java index f9a6c5f6e..871ae5928 100644 --- a/webapp/test/edu/cornell/mannlib/vitro/webapp/controller/authenticate/ProgramLoginTest.java +++ b/webapp/test/edu/cornell/mannlib/vitro/webapp/controller/authenticate/ProgramLoginTest.java @@ -16,7 +16,6 @@ import javax.servlet.ServletException; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.apache.log4j.Level; import org.junit.After; import org.junit.Before; import org.junit.Test; @@ -29,7 +28,6 @@ import stubs.javax.servlet.http.HttpSessionStub; import edu.cornell.mannlib.vedit.beans.LoginStatusBean; import edu.cornell.mannlib.vitro.testing.AbstractTestClass; import edu.cornell.mannlib.vitro.webapp.beans.User; -import edu.cornell.mannlib.vitro.webapp.controller.edit.Authenticate; /** * Test the basic features of ProgramTest. @@ -93,7 +91,7 @@ public class ProgramLoginTest extends AbstractTestClass { user.setUsername(name); user.setURI(uri); user.setRoleURI(String.valueOf(50)); - user.setMd5password(Authenticate.applyMd5Encoding(password)); + user.setMd5password(Authenticator.applyMd5Encoding(password)); user.setLoginCount(loginCount); if (loginCount > 0) { user.setFirstTime(new Date(0)); diff --git a/webapp/test/edu/cornell/mannlib/vitro/webapp/controller/edit/AuthenticateTest.java b/webapp/test/edu/cornell/mannlib/vitro/webapp/controller/edit/AuthenticateTest.java index c3d94254d..1e5bc810f 100644 --- a/webapp/test/edu/cornell/mannlib/vitro/webapp/controller/edit/AuthenticateTest.java +++ b/webapp/test/edu/cornell/mannlib/vitro/webapp/controller/edit/AuthenticateTest.java @@ -29,6 +29,7 @@ import edu.cornell.mannlib.vedit.beans.LoginStatusBean; import edu.cornell.mannlib.vedit.beans.LoginStatusBean.AuthenticationSource; import edu.cornell.mannlib.vitro.testing.AbstractTestClass; import edu.cornell.mannlib.vitro.webapp.beans.User; +import edu.cornell.mannlib.vitro.webapp.controller.authenticate.Authenticator; import edu.cornell.mannlib.vitro.webapp.controller.authenticate.AuthenticatorStub; import edu.cornell.mannlib.vitro.webapp.controller.login.LoginProcessBean; import edu.cornell.mannlib.vitro.webapp.controller.login.LoginProcessBean.State; @@ -133,7 +134,7 @@ public class AuthenticateTest extends AbstractTestClass { user.setUsername(userInfo.username); user.setURI(userInfo.uri); user.setRoleURI(String.valueOf(userInfo.securityLevel)); - user.setMd5password(Authenticate.applyMd5Encoding(userInfo.password)); + user.setMd5password(Authenticator.applyMd5Encoding(userInfo.password)); user.setLoginCount(userInfo.loginCount); if (userInfo.loginCount > 0) { user.setFirstTime(new Date(0));