litvinovg/vitro
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Move the MD5 hashing algorithm into Authenticator where it belongs.

Browse source
This commit is contained in:
j2blake 2011-05-13 21:20:28 +00:00
parent 7cc000e674
commit 39622d8b2b
7 changed files with 37 additions and 30 deletions
Download patch file Download diff file Expand all files Collapse all files

25
webapp/src/edu/cornell/mannlib/vitro/webapp/controller/authenticate/Authenticator.java
View file

@ -2,10 +2,14 @@
package edu.cornell.mannlib.vitro.webapp.controller.authenticate; package edu.cornell.mannlib.vitro.webapp.controller.authenticate;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.List; import java.util.List;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import org.apache.commons.codec.binary.Hex;
import edu.cornell.mannlib.vedit.beans.LoginStatusBean.AuthenticationSource; import edu.cornell.mannlib.vedit.beans.LoginStatusBean.AuthenticationSource;
import edu.cornell.mannlib.vitro.webapp.beans.User; import edu.cornell.mannlib.vitro.webapp.beans.User;
@ -115,4 +119,25 @@ public abstract class Authenticator {
*/ */
public abstract void recordUserIsLoggedOut(); public abstract void recordUserIsLoggedOut();
// ----------------------------------------------------------------------
// Public utility methods.
// ----------------------------------------------------------------------
/**
* Apply MD5 to this string, and encode as a string of hex digits. Just
* right for storing passwords in the database, or hashing the password
* link.
*/
public static String applyMd5Encoding(String raw) {
try {
MessageDigest md = MessageDigest.getInstance("MD5");
byte[] digest = md.digest(raw.getBytes());
char[] hexChars = Hex.encodeHex(digest);
return new String(hexChars).toUpperCase();
} catch (NoSuchAlgorithmException e) {
// This can't happen with a normal Java runtime.
throw new RuntimeException(e);
}
}
} }

5
webapp/src/edu/cornell/mannlib/vitro/webapp/controller/authenticate/BasicAuthenticator.java
View file

@ -66,8 +66,7 @@ public class BasicAuthenticator extends Authenticator {
return false; return false;
} }
String md5NewPassword = Authenticate String md5NewPassword = applyMd5Encoding(clearTextPassword);
.applyMd5Encoding(clearTextPassword);
return md5NewPassword.equals(user.getMd5password()); return md5NewPassword.equals(user.getMd5password());
} }
@ -90,7 +89,7 @@ public class BasicAuthenticator extends Authenticator {
return; return;
} }
user.setOldPassword(user.getMd5password()); user.setOldPassword(user.getMd5password());
user.setMd5password(Authenticate.applyMd5Encoding(newClearTextPassword)); user.setMd5password(applyMd5Encoding(newClearTextPassword));
getUserDao().updateUser(user); getUserDao().updateUser(user);
} }

16
webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/Authenticate.java
View file

@ -493,22 +493,6 @@ public class Authenticate extends VitroHttpServlet {
// Public utility methods. // Public utility methods.
// ---------------------------------------------------------------------- // ----------------------------------------------------------------------
/**
* Encode this password for storage in the database. Apply an MD5 encoding,
* and store the result as a string of hex digits.
*/
public static String applyMd5Encoding(String password) {
try {
MessageDigest md = MessageDigest.getInstance("MD5");
byte[] digest = md.digest(password.getBytes());
char[] hexChars = Hex.encodeHex(digest);
return new String(hexChars).toUpperCase();
} catch (NoSuchAlgorithmException e) {
// This can't happen with a normal Java runtime.
throw new RuntimeException(e);
}
}
/** /**
* The servlet context should contain a map from User URIs to * The servlet context should contain a map from User URIs to
* {@link HttpSession}s. Get a reference to it, creating it if necessary. * {@link HttpSession}s. Get a reference to it, creating it if necessary.

3
webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/UserRetryController.java
View file

@ -33,6 +33,7 @@ import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.ManageUser
import edu.cornell.mannlib.vitro.webapp.beans.User; import edu.cornell.mannlib.vitro.webapp.beans.User;
import edu.cornell.mannlib.vitro.webapp.controller.Controllers; import edu.cornell.mannlib.vitro.webapp.controller.Controllers;
import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest; import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
import edu.cornell.mannlib.vitro.webapp.controller.authenticate.Authenticator;
import edu.cornell.mannlib.vitro.webapp.dao.UserDao; import edu.cornell.mannlib.vitro.webapp.dao.UserDao;
public class UserRetryController extends BaseEditController { public class UserRetryController extends BaseEditController {
@ -355,7 +356,7 @@ public class UserRetryController extends BaseEditController {
log.error("Can't encode a null password"); log.error("Can't encode a null password");
} }
String encodedPassword = Authenticate.applyMd5Encoding(rawPassword); String encodedPassword = Authenticator.applyMd5Encoding(rawPassword);
log.trace(action + ": Raw password '" + rawPassword log.trace(action + ": Raw password '" + rawPassword
+ "', encoded '" + encodedPassword + "'"); + "', encoded '" + encodedPassword + "'");

3
webapp/test/edu/cornell/mannlib/vitro/webapp/controller/authenticate/AuthenticatorStub.java
View file

@ -13,7 +13,6 @@ import javax.servlet.http.HttpServletRequest;
import edu.cornell.mannlib.vedit.beans.LoginStatusBean; import edu.cornell.mannlib.vedit.beans.LoginStatusBean;
import edu.cornell.mannlib.vedit.beans.LoginStatusBean.AuthenticationSource; import edu.cornell.mannlib.vedit.beans.LoginStatusBean.AuthenticationSource;
import edu.cornell.mannlib.vitro.webapp.beans.User; import edu.cornell.mannlib.vitro.webapp.beans.User;
import edu.cornell.mannlib.vitro.webapp.controller.edit.Authenticate;
/** /**
* A simple stub for unit tests that require an Authenticator. Call setup() to * A simple stub for unit tests that require an Authenticator. Call setup() to
@ -137,7 +136,7 @@ public class AuthenticatorStub extends Authenticator {
if (!isExistingUser(username)) { if (!isExistingUser(username)) {
return false; return false;
} }
String md5Password = Authenticate.applyMd5Encoding(clearTextPassword); String md5Password = applyMd5Encoding(clearTextPassword);
User user = getUserByUsername(username); User user = getUserByUsername(username);
return md5Password.equals(user.getMd5password()); return md5Password.equals(user.getMd5password());
} }

4
webapp/test/edu/cornell/mannlib/vitro/webapp/controller/authenticate/ProgramLoginTest.java
View file

@ -16,7 +16,6 @@ import javax.servlet.ServletException;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;
import org.apache.log4j.Level;
import org.junit.After; import org.junit.After;
import org.junit.Before; import org.junit.Before;
import org.junit.Test; import org.junit.Test;
@ -29,7 +28,6 @@ import stubs.javax.servlet.http.HttpSessionStub;
import edu.cornell.mannlib.vedit.beans.LoginStatusBean; import edu.cornell.mannlib.vedit.beans.LoginStatusBean;
import edu.cornell.mannlib.vitro.testing.AbstractTestClass; import edu.cornell.mannlib.vitro.testing.AbstractTestClass;
import edu.cornell.mannlib.vitro.webapp.beans.User; import edu.cornell.mannlib.vitro.webapp.beans.User;
import edu.cornell.mannlib.vitro.webapp.controller.edit.Authenticate;
/** /**
* Test the basic features of ProgramTest. * Test the basic features of ProgramTest.
@ -93,7 +91,7 @@ public class ProgramLoginTest extends AbstractTestClass {
user.setUsername(name); user.setUsername(name);
user.setURI(uri); user.setURI(uri);
user.setRoleURI(String.valueOf(50)); user.setRoleURI(String.valueOf(50));
user.setMd5password(Authenticate.applyMd5Encoding(password)); user.setMd5password(Authenticator.applyMd5Encoding(password));
user.setLoginCount(loginCount); user.setLoginCount(loginCount);
if (loginCount > 0) { if (loginCount > 0) {
user.setFirstTime(new Date(0)); user.setFirstTime(new Date(0));

3
webapp/test/edu/cornell/mannlib/vitro/webapp/controller/edit/AuthenticateTest.java
View file

@ -29,6 +29,7 @@ import edu.cornell.mannlib.vedit.beans.LoginStatusBean;
import edu.cornell.mannlib.vedit.beans.LoginStatusBean.AuthenticationSource; import edu.cornell.mannlib.vedit.beans.LoginStatusBean.AuthenticationSource;
import edu.cornell.mannlib.vitro.testing.AbstractTestClass; import edu.cornell.mannlib.vitro.testing.AbstractTestClass;
import edu.cornell.mannlib.vitro.webapp.beans.User; import edu.cornell.mannlib.vitro.webapp.beans.User;
import edu.cornell.mannlib.vitro.webapp.controller.authenticate.Authenticator;
import edu.cornell.mannlib.vitro.webapp.controller.authenticate.AuthenticatorStub; import edu.cornell.mannlib.vitro.webapp.controller.authenticate.AuthenticatorStub;
import edu.cornell.mannlib.vitro.webapp.controller.login.LoginProcessBean; import edu.cornell.mannlib.vitro.webapp.controller.login.LoginProcessBean;
import edu.cornell.mannlib.vitro.webapp.controller.login.LoginProcessBean.State; import edu.cornell.mannlib.vitro.webapp.controller.login.LoginProcessBean.State;
@ -133,7 +134,7 @@ public class AuthenticateTest extends AbstractTestClass {
user.setUsername(userInfo.username); user.setUsername(userInfo.username);
user.setURI(userInfo.uri); user.setURI(userInfo.uri);
user.setRoleURI(String.valueOf(userInfo.securityLevel)); user.setRoleURI(String.valueOf(userInfo.securityLevel));
user.setMd5password(Authenticate.applyMd5Encoding(userInfo.password)); user.setMd5password(Authenticator.applyMd5Encoding(userInfo.password));
user.setLoginCount(userInfo.loginCount); user.setLoginCount(userInfo.loginCount);
if (userInfo.loginCount > 0) { if (userInfo.loginCount > 0) {
user.setFirstTime(new Date(0)); user.setFirstTime(new Date(0));