Removed the overloaded Argon2Encoding methods in Authenticator and moved the Argon2StubEncoding method to AuthenticatorStub
This commit is contained in:
AsimA
parent
aeb9754500
commit
96388c0951
5 changed files with 43 additions and 70 deletions
|
|
@ -150,7 +150,7 @@ public class RootUserPolicy implements PolicyIface {
|
|||
ua.setEmailAddress(configuredRootUser);
|
||||
ua.setFirstName("root");
|
||||
ua.setLastName("user");
|
||||
ua.setArgon2Password(Authenticator.applyArgon2iEncoding(cp,
|
||||
ua.setArgon2Password(Authenticator.applyArgon2iEncoding(
|
||||
ROOT_USER_INITIAL_PASSWORD));
|
||||
ua.setMd5Password("");
|
||||
ua.setPasswordChangeRequired(true);
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@ import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
|
|||
import edu.cornell.mannlib.vitro.webapp.beans.UserAccount;
|
||||
import edu.cornell.mannlib.vitro.webapp.config.ConfigurationProperties;
|
||||
import org.apache.commons.codec.binary.Hex;
|
||||
|
||||
import edu.cornell.mannlib.vitro.webapp.application.ApplicationUtils;
|
||||
import javax.mail.internet.AddressException;
|
||||
import javax.mail.internet.InternetAddress;
|
||||
import javax.servlet.ServletContext;
|
||||
|
|
@ -57,7 +57,7 @@ public abstract class Authenticator {
|
|||
*
|
||||
* If there is no factory, configure a Basic one.
|
||||
*/
|
||||
private static ConfigurationProperties cp;
|
||||
|
||||
public static Authenticator getInstance(HttpServletRequest request) {
|
||||
ServletContext ctx = request.getSession().getServletContext();
|
||||
Object attribute = ctx.getAttribute(FACTORY_ATTRIBUTE_NAME);
|
||||
|
|
@ -66,7 +66,6 @@ public abstract class Authenticator {
|
|||
attribute = ctx.getAttribute(FACTORY_ATTRIBUTE_NAME);
|
||||
}
|
||||
AuthenticatorFactory factory = (AuthenticatorFactory) attribute;
|
||||
cp = ConfigurationProperties.getBean(ctx);
|
||||
|
||||
return factory.getInstance(request);
|
||||
}
|
||||
|
|
@ -200,21 +199,6 @@ public abstract class Authenticator {
|
|||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Applies Argon2i hashing on a string.
|
||||
* Used by tests only with pre-specified values because the configuration
|
||||
* properties (runtime.properties) is not set at compile time.
|
||||
**/
|
||||
|
||||
public static String applyArgon2iEncodingStub(String raw) {
|
||||
Argon2 argon2 = Argon2Factory.create();
|
||||
try {
|
||||
return argon2.hash(200, 500, 1, raw);
|
||||
} catch (Exception e) {
|
||||
// This can't happen with a normal Java runtime.
|
||||
throw new RuntimeException(e);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Applies Argon2i hashing on a string. Obtains the argon2i parameters
|
||||
|
|
@ -222,58 +206,29 @@ public abstract class Authenticator {
|
|||
* through this class "Authenticator".
|
||||
**/
|
||||
|
||||
|
||||
public static String applyArgon2iEncoding(String raw) {
|
||||
ServletContext ctx = ApplicationUtils.instance().getServletContext();
|
||||
ConfigurationProperties configProp = ConfigurationProperties.getBean(ctx);
|
||||
|
||||
Argon2 argon2 = Argon2Factory.create();
|
||||
try {
|
||||
if(cp.getProperty("argon2.time") != null && cp.getProperty("argon2.memory") !=null
|
||||
&& cp.getProperty("argon2.parallelism")!=null) {
|
||||
return argon2.hash(Integer.parseInt(cp.getProperty("argon2.time")),
|
||||
Integer.parseInt(cp.getProperty("argon2.memory")),
|
||||
Integer.parseInt(cp.getProperty("argon2.parallelism")), raw);
|
||||
}
|
||||
else {
|
||||
throw new RuntimeException("Parameters \"argon2.time\", \"argon2.memory\" " +
|
||||
"and \"argon2.parallelism\" are either missing in the \"runtime.properties\"" +
|
||||
" file or are not defined correctly");
|
||||
}
|
||||
}
|
||||
catch (Exception e) {
|
||||
// This can't happen with a normal Java runtime.
|
||||
throw new RuntimeException(e);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
/**
|
||||
* Applies Argon2i hashing on a string.
|
||||
* When Vivo/Vitro is run for the first time the application needs to set
|
||||
* the "root" account before a call is made to this class (Authenticator).
|
||||
* In that case the configuration properties are passed along with the
|
||||
* password string to this method.
|
||||
**/
|
||||
|
||||
public static String applyArgon2iEncoding(ConfigurationProperties configProp, String raw) {
|
||||
Argon2 argon2 = Argon2Factory.create();
|
||||
try {
|
||||
if(configProp.getProperty("argon2.time") != null && configProp.getProperty("argon2.memory") !=null
|
||||
&& configProp.getProperty("argon2.parallelism")!=null) {
|
||||
return argon2.hash(Integer.parseInt(configProp.getProperty("argon2.time")),
|
||||
if (configProp.getProperty("argon2.time") != null
|
||||
&& configProp.getProperty("argon2.memory") != null
|
||||
&& configProp.getProperty("argon2.parallelism") != null) {
|
||||
return argon2.hash(
|
||||
Integer.parseInt(configProp.getProperty("argon2.time")),
|
||||
Integer.parseInt(configProp.getProperty("argon2.memory")),
|
||||
Integer.parseInt(configProp.getProperty("argon2.parallelism")), raw);
|
||||
}
|
||||
else {
|
||||
throw new RuntimeException("Parameters \"argon2.time\", \"argon2.memory\" " +
|
||||
"and \"argon2.parallelism\" are either missing in the \"runtime.properties\"" +
|
||||
" file or are not defined correctly");
|
||||
}
|
||||
}
|
||||
catch (Exception e) {
|
||||
// This can't happen with a normal Java runtime.
|
||||
throw new RuntimeException(e);
|
||||
} else {
|
||||
throw new RuntimeException(
|
||||
"Parameters \"argon2.time\", \"argon2.memory\" and "
|
||||
+ "\"argon2.parallelism\" are either missing in the "
|
||||
+ "\"runtime.properties\" file or are not defined correctly");
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
/**
|
||||
Verifies the string against the Argon2i hash stored for a user account
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -9,6 +9,8 @@ import java.util.Map;
|
|||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
|
||||
import de.mkammerer.argon2.Argon2;
|
||||
import de.mkammerer.argon2.Argon2Factory;
|
||||
import edu.cornell.mannlib.vedit.beans.LoginStatusBean;
|
||||
import edu.cornell.mannlib.vedit.beans.LoginStatusBean.AuthenticationSource;
|
||||
import edu.cornell.mannlib.vitro.webapp.beans.UserAccount;
|
||||
|
|
@ -114,6 +116,22 @@ public class AuthenticatorStub extends Authenticator {
|
|||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* Applies Argon2i hashing on a string.
|
||||
* Used by tests only with pre-specified values because the configuration
|
||||
* properties (runtime.properties) is not set at compile time.
|
||||
**/
|
||||
|
||||
public static String applyArgon2iEncodingStub(String raw) {
|
||||
Argon2 argon2 = Argon2Factory.create();
|
||||
try {
|
||||
return argon2.hash(200, 500, 1, raw);
|
||||
} catch (Exception e) {
|
||||
// This can't happen with a normal Java runtime.
|
||||
throw new RuntimeException(e);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@Override
|
||||
public boolean isCurrentPasswordArgon2(UserAccount userAccount,
|
||||
|
|
|
|||
|
|
@ -98,7 +98,7 @@ public class ProgramLoginTest extends AbstractTestClass {
|
|||
user.setUri(uri);
|
||||
user.setPermissionSetUris(Collections
|
||||
.singleton(PermissionSets.URI_DBA));
|
||||
user.setArgon2Password(Authenticator.applyArgon2iEncodingStub(password));
|
||||
user.setArgon2Password(AuthenticatorStub.applyArgon2iEncodingStub(password));
|
||||
user.setMd5Password("");
|
||||
user.setLoginCount(loginCount);
|
||||
user.setPasswordChangeRequired(loginCount == 0);
|
||||
|
|
|
|||
|
|
@ -191,7 +191,7 @@ public class AuthenticateTest extends AbstractTestClass {
|
|||
user.setEmailAddress(userInfo.username);
|
||||
user.setUri(userInfo.uri);
|
||||
user.setPermissionSetUris(userInfo.permissionSetUris);
|
||||
user.setArgon2Password(Authenticator.applyArgon2iEncodingStub(userInfo.password));
|
||||
user.setArgon2Password(AuthenticatorStub.applyArgon2iEncodingStub(userInfo.password));
|
||||
user.setMd5Password("");
|
||||
user.setLoginCount(userInfo.loginCount);
|
||||
user.setPasswordChangeRequired(userInfo.loginCount == 0);
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue