litvinovg/vitro
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Removed the overloaded Argon2Encoding methods in Authenticator and moved the Argon2StubEncoding method to AuthenticatorStub

Browse source
This commit is contained in:
AsimA 2018-05-22 13:41:26 +02:00
parent aeb9754500
commit 96388c0951
5 changed files with 43 additions and 70 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/RootUserPolicy.java
View file

@ -150,7 +150,7 @@ public class RootUserPolicy implements PolicyIface {
ua.setEmailAddress(configuredRootUser);
ua.setFirstName("root");
ua.setLastName("user");
ua.setArgon2Password(Authenticator.applyArgon2iEncoding(cp,
ua.setArgon2Password(Authenticator.applyArgon2iEncoding(
ROOT_USER_INITIAL_PASSWORD));
ua.setMd5Password("");
ua.setPasswordChangeRequired(true);

89
api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/authenticate/Authenticator.java
View file

@ -10,7 +10,7 @@ import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
import edu.cornell.mannlib.vitro.webapp.beans.UserAccount;
import edu.cornell.mannlib.vitro.webapp.config.ConfigurationProperties;
import org.apache.commons.codec.binary.Hex;
import edu.cornell.mannlib.vitro.webapp.application.ApplicationUtils;
import javax.mail.internet.AddressException;
import javax.mail.internet.InternetAddress;
import javax.servlet.ServletContext;
@ -57,7 +57,7 @@ public abstract class Authenticator {
*
* If there is no factory, configure a Basic one.
*/
private static ConfigurationProperties cp;
public static Authenticator getInstance(HttpServletRequest request) {
ServletContext ctx = request.getSession().getServletContext();
Object attribute = ctx.getAttribute(FACTORY_ATTRIBUTE_NAME);
@ -66,7 +66,6 @@ public abstract class Authenticator {
attribute = ctx.getAttribute(FACTORY_ATTRIBUTE_NAME);
}
AuthenticatorFactory factory = (AuthenticatorFactory) attribute;
cp = ConfigurationProperties.getBean(ctx);
return factory.getInstance(request);
}
@ -200,80 +199,36 @@ public abstract class Authenticator {
}
}
/**
* Applies Argon2i hashing on a string.
* Used by tests only with pre-specified values because the configuration
* properties (runtime.properties) is not set at compile time.
**/
public static String applyArgon2iEncodingStub(String raw) {
Argon2 argon2 = Argon2Factory.create();
try {
return argon2.hash(200, 500, 1, raw);
} catch (Exception e) {
// This can't happen with a normal Java runtime.
throw new RuntimeException(e);
}
}
/**
* Applies Argon2i hashing on a string. Obtains the argon2i parameters
* from the configuration properties specified in the runtime.properties
* through this class "Authenticator".
**/
/**
* Applies Argon2i hashing on a string. Obtains the argon2i parameters
* from the configuration properties specified in the runtime.properties
* through this class "Authenticator".
**/
public static String applyArgon2iEncoding(String raw) {
ServletContext ctx = ApplicationUtils.instance().getServletContext();
ConfigurationProperties configProp = ConfigurationProperties.getBean(ctx);
Argon2 argon2 = Argon2Factory.create();
try {
if(cp.getProperty("argon2.time") != null && cp.getProperty("argon2.memory") !=null
&& cp.getProperty("argon2.parallelism")!=null) {
return argon2.hash(Integer.parseInt(cp.getProperty("argon2.time")),
Integer.parseInt(cp.getProperty("argon2.memory")),
Integer.parseInt(cp.getProperty("argon2.parallelism")), raw);
}
else {
throw new RuntimeException("Parameters \"argon2.time\", \"argon2.memory\" " +
"and \"argon2.parallelism\" are either missing in the \"runtime.properties\"" +
" file or are not defined correctly");
}
}
catch (Exception e) {
// This can't happen with a normal Java runtime.
throw new RuntimeException(e);
if (configProp.getProperty("argon2.time") != null
&& configProp.getProperty("argon2.memory") != null
&& configProp.getProperty("argon2.parallelism") != null) {
return argon2.hash(
Integer.parseInt(configProp.getProperty("argon2.time")),
Integer.parseInt(configProp.getProperty("argon2.memory")),
Integer.parseInt(configProp.getProperty("argon2.parallelism")), raw);
} else {
throw new RuntimeException(
"Parameters \"argon2.time\", \"argon2.memory\" and "
+ "\"argon2.parallelism\" are either missing in the "
+ "\"runtime.properties\" file or are not defined correctly");
}
}
/**
* Applies Argon2i hashing on a string.
* When Vivo/Vitro is run for the first time the application needs to set
* the "root" account before a call is made to this class (Authenticator).
* In that case the configuration properties are passed along with the
* password string to this method.
**/
public static String applyArgon2iEncoding(ConfigurationProperties configProp, String raw) {
Argon2 argon2 = Argon2Factory.create();
try {
if(configProp.getProperty("argon2.time") != null && configProp.getProperty("argon2.memory") !=null
&& configProp.getProperty("argon2.parallelism")!=null) {
return argon2.hash(Integer.parseInt(configProp.getProperty("argon2.time")),
Integer.parseInt(configProp.getProperty("argon2.memory")),
Integer.parseInt(configProp.getProperty("argon2.parallelism")), raw);
}
else {
throw new RuntimeException("Parameters \"argon2.time\", \"argon2.memory\" " +
"and \"argon2.parallelism\" are either missing in the \"runtime.properties\"" +
" file or are not defined correctly");
}
}
catch (Exception e) {
// This can't happen with a normal Java runtime.
throw new RuntimeException(e);
}
}
/**
Verifies the string against the Argon2i hash stored for a user account
*/

18
api/src/test/java/edu/cornell/mannlib/vitro/webapp/controller/authenticate/AuthenticatorStub.java
View file

@ -9,6 +9,8 @@ import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import de.mkammerer.argon2.Argon2;
import de.mkammerer.argon2.Argon2Factory;
import edu.cornell.mannlib.vedit.beans.LoginStatusBean;
import edu.cornell.mannlib.vedit.beans.LoginStatusBean.AuthenticationSource;
import edu.cornell.mannlib.vitro.webapp.beans.UserAccount;
@ -114,6 +116,22 @@ public class AuthenticatorStub extends Authenticator {
return false;
}
/**
* Applies Argon2i hashing on a string.
* Used by tests only with pre-specified values because the configuration
* properties (runtime.properties) is not set at compile time.
**/
public static String applyArgon2iEncodingStub(String raw) {
Argon2 argon2 = Argon2Factory.create();
try {
return argon2.hash(200, 500, 1, raw);
} catch (Exception e) {
// This can't happen with a normal Java runtime.
throw new RuntimeException(e);
}
}
@Override
public boolean isCurrentPasswordArgon2(UserAccount userAccount,

2
api/src/test/java/edu/cornell/mannlib/vitro/webapp/controller/authenticate/ProgramLoginTest.java
View file

@ -98,7 +98,7 @@ public class ProgramLoginTest extends AbstractTestClass {
user.setUri(uri);
user.setPermissionSetUris(Collections
.singleton(PermissionSets.URI_DBA));
user.setArgon2Password(Authenticator.applyArgon2iEncodingStub(password));
user.setArgon2Password(AuthenticatorStub.applyArgon2iEncodingStub(password));
user.setMd5Password("");
user.setLoginCount(loginCount);
user.setPasswordChangeRequired(loginCount == 0);

2
api/src/test/java/edu/cornell/mannlib/vitro/webapp/controller/edit/AuthenticateTest.java
View file

@ -191,7 +191,7 @@ public class AuthenticateTest extends AbstractTestClass {
user.setEmailAddress(userInfo.username);
user.setUri(userInfo.uri);
user.setPermissionSetUris(userInfo.permissionSetUris);
user.setArgon2Password(Authenticator.applyArgon2iEncodingStub(userInfo.password));
user.setArgon2Password(AuthenticatorStub.applyArgon2iEncodingStub(userInfo.password));
user.setMd5Password("");
user.setLoginCount(userInfo.loginCount);
user.setPasswordChangeRequired(userInfo.loginCount == 0);