diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/RootUserPolicy.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/RootUserPolicy.java index b18022657..62495e475 100644 --- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/RootUserPolicy.java +++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/RootUserPolicy.java @@ -150,7 +150,8 @@ public class RootUserPolicy implements PolicyIface { ua.setEmailAddress(configuredRootUser); ua.setFirstName("root"); ua.setLastName("user"); - ua.setArgon2Password(Authenticator.applyArgon2iEncoding(cp,ROOT_USER_INITIAL_PASSWORD)); + ua.setArgon2Password(Authenticator.applyArgon2iEncoding(cp, + ROOT_USER_INITIAL_PASSWORD)); ua.setMd5Password(""); ua.setPasswordChangeRequired(true); ua.setStatus(Status.ACTIVE); diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/beans/UserAccount.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/beans/UserAccount.java index 0bbe08fa2..d5c153af8 100644 --- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/beans/UserAccount.java +++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/beans/UserAccount.java @@ -136,7 +136,6 @@ public class UserAccount { public String getPasswordLinkExpiresHash() { return limitStringLength(8, Authenticator.applyArgon2iEncoding(String .valueOf(passwordLinkExpires))); - //applyMd5Encoding } public void setPasswordLinkExpires(long passwordLinkExpires) { @@ -246,6 +245,7 @@ public class UserAccount { + (", firstName=" + firstName) + (", lastName=" + lastName) + (", md5password=" + md5Password) + (", oldPassword=" + oldPassword) + + (", argon2password=" + argon2Password) + (", passwordLinkExpires=" + passwordLinkExpires) + (", passwordChangeRequired=" + passwordChangeRequired) + (", externalAuthOnly=" + externalAuthOnly) diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/authenticate/Authenticator.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/authenticate/Authenticator.java index 1b9e891ae..69242cc6f 100644 --- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/authenticate/Authenticator.java +++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/authenticate/Authenticator.java @@ -59,7 +59,7 @@ public abstract class Authenticator { */ private static ConfigurationProperties cp; public static Authenticator getInstance(HttpServletRequest request) { - ServletContext ctx = request.getSession().getServletContext(); + ServletContext ctx = request.getSession().getServletContext(); Object attribute = ctx.getAttribute(FACTORY_ATTRIBUTE_NAME); if (!(attribute instanceof AuthenticatorFactory)) { setAuthenticatorFactory(new BasicAuthenticator.Factory(), ctx); @@ -117,6 +117,11 @@ public abstract class Authenticator { String clearTextPassword); + + /** + * Does this UserAccount have this Argon2 password? False if the + * userAccount is null. + */ public abstract boolean isCurrentPasswordArgon2(UserAccount userAccount, String clearTextPassword); @@ -220,13 +225,19 @@ public abstract class Authenticator { public static String applyArgon2iEncoding(String raw) { Argon2 argon2 = Argon2Factory.create(); try { - if(cp.getProperty("argon2.time") != null && cp.getProperty("argon2.memory") !=null && cp.getProperty("argon2.parallelism")!=null) - return argon2.hash(Integer.parseInt(cp.getProperty("argon2.time")), - Integer.parseInt(cp.getProperty("argon2.memory")), - Integer.parseInt(cp.getProperty("argon2.parallelism")), raw); - else - throw new RuntimeException("Parameters \"argon2.time\", \"argon2.memory\" and \"argon2.parallelism\" are either missing in the \"runtime.properties\" file or are not defined correctly"); - } catch (Exception e) { + if(cp.getProperty("argon2.time") != null && cp.getProperty("argon2.memory") !=null + && cp.getProperty("argon2.parallelism")!=null) { + return argon2.hash(Integer.parseInt(cp.getProperty("argon2.time")), + Integer.parseInt(cp.getProperty("argon2.memory")), + Integer.parseInt(cp.getProperty("argon2.parallelism")), raw); + } + else { + throw new RuntimeException("Parameters \"argon2.time\", \"argon2.memory\" " + + "and \"argon2.parallelism\" are either missing in the \"runtime.properties\"" + + " file or are not defined correctly"); + } + } + catch (Exception e) { // This can't happen with a normal Java runtime. throw new RuntimeException(e); } @@ -245,13 +256,19 @@ public abstract class Authenticator { public static String applyArgon2iEncoding(ConfigurationProperties configProp, String raw) { Argon2 argon2 = Argon2Factory.create(); try { - if(configProp.getProperty("argon2.time") != null && configProp.getProperty("argon2.memory") !=null && configProp.getProperty("argon2.parallelism")!=null) - return argon2.hash(Integer.parseInt(configProp.getProperty("argon2.time")), - Integer.parseInt(configProp.getProperty("argon2.memory")), - Integer.parseInt(configProp.getProperty("argon2.parallelism")), raw); - else - throw new RuntimeException("Parameters \"argon2.time\", \"argon2.memory\" and \"argon2.parallelism\" are either missing in the \"runtime.properties\" file or are not defined correctly"); - } catch (Exception e) { + if(configProp.getProperty("argon2.time") != null && configProp.getProperty("argon2.memory") !=null + && configProp.getProperty("argon2.parallelism")!=null) { + return argon2.hash(Integer.parseInt(configProp.getProperty("argon2.time")), + Integer.parseInt(configProp.getProperty("argon2.memory")), + Integer.parseInt(configProp.getProperty("argon2.parallelism")), raw); + } + else { + throw new RuntimeException("Parameters \"argon2.time\", \"argon2.memory\" " + + "and \"argon2.parallelism\" are either missing in the \"runtime.properties\"" + + " file or are not defined correctly"); + } + } + catch (Exception e) { // This can't happen with a normal Java runtime. throw new RuntimeException(e); } diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/authenticate/BasicAuthenticator.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/authenticate/BasicAuthenticator.java index fc216dd2e..946e1ff6c 100644 --- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/authenticate/BasicAuthenticator.java +++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/authenticate/BasicAuthenticator.java @@ -100,7 +100,8 @@ public class BasicAuthenticator extends Authenticator { @Override public boolean md5HashIsNull(UserAccount userAccount){ - if(userAccount.getMd5Password().compareTo("")==0 || userAccount.getMd5Password()==null) + if(userAccount.getMd5Password().compareTo("")==0 || + userAccount.getMd5Password()==null) return true; else return false; @@ -109,19 +110,18 @@ public class BasicAuthenticator extends Authenticator { @Override public boolean isCurrentPasswordArgon2(UserAccount userAccount, - String clearTextPassword) { + String clearTextPassword) { if (userAccount == null) { return false; } if (clearTextPassword == null) { return false; } - - return verifyArgon2iHash(userAccount.getArgon2Password(),clearTextPassword); + return verifyArgon2iHash(userAccount.getArgon2Password(), + clearTextPassword); } - @Override public void recordNewPassword(UserAccount userAccount, String newClearTextPassword) { @@ -129,7 +129,8 @@ public class BasicAuthenticator extends Authenticator { log.error("Trying to change password on null user."); return; } - userAccount.setArgon2Password((applyArgon2iEncoding(newClearTextPassword))); + userAccount.setArgon2Password((applyArgon2iEncoding( + newClearTextPassword))); userAccount.setMd5Password(""); userAccount.setPasswordChangeRequired(false); userAccount.setPasswordLinkExpires(0L); diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/authenticate/ProgramLogin.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/authenticate/ProgramLogin.java index acf33ae1e..3a241d965 100644 --- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/authenticate/ProgramLogin.java +++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/authenticate/ProgramLogin.java @@ -169,7 +169,6 @@ public class ProgramLogin extends HttpServlet { return false; else { userAccount.setPasswordChangeRequired(true); - // userAccount.setMd5Password(""); } } return true; diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/authenticate/RestrictedAuthenticator.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/authenticate/RestrictedAuthenticator.java index 1a33c1647..1f6533f5c 100644 --- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/authenticate/RestrictedAuthenticator.java +++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/authenticate/RestrictedAuthenticator.java @@ -78,7 +78,8 @@ public class RestrictedAuthenticator extends Authenticator { @Override public boolean md5HashIsNull(UserAccount userAccount){ - if(userAccount.getMd5Password().compareTo("")==0 || userAccount.getMd5Password()==null) + if(userAccount.getMd5Password().compareTo("")==0 || + userAccount.getMd5Password()==null) return true; else return false; @@ -94,8 +95,8 @@ public class RestrictedAuthenticator extends Authenticator { if (clearTextPassword == null) { return false; } - - return verifyArgon2iHash(userAccount.getArgon2Password(),clearTextPassword); + return verifyArgon2iHash(userAccount.getArgon2Password(), + clearTextPassword); } diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/edit/Authenticate.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/edit/Authenticate.java index 6c957e070..8f19df8d5 100644 --- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/edit/Authenticate.java +++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/edit/Authenticate.java @@ -339,21 +339,25 @@ public class Authenticate extends VitroHttpServlet { if(getAuthenticator(request).md5HashIsNull(user)) { - if (!getAuthenticator(request).isCurrentPasswordArgon2(user, password)) { - bean.setMessage(request, ERROR, "error_incorrect_credentials"); + if (!getAuthenticator(request) + .isCurrentPasswordArgon2(user, password)) { + bean.setMessage(request, ERROR, + "error_incorrect_credentials"); return; } } else { - if (!getAuthenticator(request).isCurrentPassword(user, password)) { - bean.setMessage(request, ERROR, "error_incorrect_credentials"); + if (!getAuthenticator(request) + .isCurrentPassword(user, password)) { + bean.setMessage(request, ERROR, + "error_incorrect_credentials"); return; } else { user.setPasswordChangeRequired(true); user.setMd5Password(""); } - } + } diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/controller/authenticate/AuthenticatorStub.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/controller/authenticate/AuthenticatorStub.java index b0141d532..387b2e7e3 100644 --- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/controller/authenticate/AuthenticatorStub.java +++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/controller/authenticate/AuthenticatorStub.java @@ -105,7 +105,8 @@ public class AuthenticatorStub extends Authenticator { @Override public boolean md5HashIsNull(UserAccount userAccount){ if(userAccount!=null) { - if (userAccount.getMd5Password().compareTo("") == 0 || userAccount.getMd5Password() == null) + if (userAccount.getMd5Password().compareTo("") == 0 || + userAccount.getMd5Password() == null) return true; else return false; @@ -123,8 +124,8 @@ public class AuthenticatorStub extends Authenticator { if (clearTextPassword == null) { return false; } - - return verifyArgon2iHash(userAccount.getArgon2Password(),clearTextPassword); + return verifyArgon2iHash(userAccount.getArgon2Password(), + clearTextPassword); } diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/controller/authenticate/ProgramLoginTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/controller/authenticate/ProgramLoginTest.java index d6aca919e..1a6138323 100644 --- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/controller/authenticate/ProgramLoginTest.java +++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/controller/authenticate/ProgramLoginTest.java @@ -100,7 +100,6 @@ public class ProgramLoginTest extends AbstractTestClass { .singleton(PermissionSets.URI_DBA)); user.setArgon2Password(Authenticator.applyArgon2iEncodingStub(password)); user.setMd5Password(""); - //user.setMd5Password(Authenticator.applyMd5Encoding(password)); user.setLoginCount(loginCount); user.setPasswordChangeRequired(loginCount == 0); return user; @@ -181,15 +180,12 @@ public class ProgramLoginTest extends AbstractTestClass { String newPassword) { if (email != null) { request.addParameter(PARAM_EMAIL_ADDRESS, email); - System.out.println("1"); } if (password != null) { request.addParameter(PARAM_PASSWORD, password); - System.out.println("2"); } if (newPassword != null) { request.addParameter(PARAM_NEW_PASSWORD, newPassword); - System.out.println("3"); } try { diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/controller/edit/AuthenticateTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/controller/edit/AuthenticateTest.java index a1bad1d48..f918fe6a9 100644 --- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/controller/edit/AuthenticateTest.java +++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/controller/edit/AuthenticateTest.java @@ -193,7 +193,6 @@ public class AuthenticateTest extends AbstractTestClass { user.setPermissionSetUris(userInfo.permissionSetUris); user.setArgon2Password(Authenticator.applyArgon2iEncodingStub(userInfo.password)); user.setMd5Password(""); - // user.setMd5Password(Authenticator.applyMd5Encoding(userInfo.password)); user.setLoginCount(userInfo.loginCount); user.setPasswordChangeRequired(userInfo.loginCount == 0); return user; diff --git a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/dao/jena/UserAccountsDaoJenaTest.java b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/dao/jena/UserAccountsDaoJenaTest.java index 13f241bd2..5f1e35992 100644 --- a/api/src/test/java/edu/cornell/mannlib/vitro/webapp/dao/jena/UserAccountsDaoJenaTest.java +++ b/api/src/test/java/edu/cornell/mannlib/vitro/webapp/dao/jena/UserAccountsDaoJenaTest.java @@ -104,7 +104,7 @@ public class UserAccountsDaoJenaTest extends AbstractTestClass { 0L, false, 1, 0L, Status.ACTIVE, "bboop", false, EMPTY, false, collection(URI_PROFILE1, URI_PROFILE2)); userC = userAccount("", "ccallas@here", "Charlie", "Callas", "XXXX", "", - "YYYY", 0L, false, 1, 0L, Status.ACTIVE, "ccallas", false, + "YYYY", 0L, false, 1, 0L, Status.ACTIVE, "ccallas", false, EMPTY, false, collection(URI_PROFILE2)); } @@ -392,7 +392,6 @@ public class UserAccountsDaoJenaTest extends AbstractTestClass { ua.setLastName(lastName); ua.setArgon2Password(argon2Password); ua.setMd5Password(""); - //ua.setMd5Password(md5Password); ua.setOldPassword(oldPassword); ua.setPasswordLinkExpires(passwordLinkExpires); ua.setPasswordChangeRequired(passwordChangeRequired); diff --git a/home/src/main/resources/config/example.runtime.properties b/home/src/main/resources/config/example.runtime.properties index 96ebd027c..882026b55 100644 --- a/home/src/main/resources/config/example.runtime.properties +++ b/home/src/main/resources/config/example.runtime.properties @@ -78,15 +78,16 @@ VitroConnection.DataSource.validationQuery = SELECT 1 rootUser.emailAddress = root@myDomain.com # -# Argon2 password hashing parameters for time, memory and parallelism required to compute a hash. +# Argon2 password hashing parameters for time, memory and parallelism required to +# compute a hash. # -# A time cost defines the amount of computation realized and therefore the execution time, given in a number of iterations +# A time cost defines the amount of computation realized and therefore the execution +# time, given in a number of iterations. # A memory cost defines the memory usage, given in kibibytes # A parallelism degree defines the number of parallel threads -# For determining the optimal values of the parameters for your setup please refer to the white paper section 9 - https://github.com/P-H-C/phc-winner-argon2/blob/master/argon2-specs.pdf -# -# Warning: Please change the parameters only if you have installed a fresh installation of Vitro/Vivo and have not logged-in in the system yet. -# If you already have user accounts encrypted through these parameters please do not change them otherwise the existing users would not be able to log-in. +# For determining the optimal values of the parameters for your setup please refer to +# the white paper section 9 +# https://github.com/P-H-C/phc-winner-argon2/blob/master/argon2-specs.pdf # argon2.parallelism =1 argon2.memory = 1024 diff --git a/legacy/webapp/config/example.runtime.properties b/legacy/webapp/config/example.runtime.properties index 96ebd027c..882026b55 100644 --- a/legacy/webapp/config/example.runtime.properties +++ b/legacy/webapp/config/example.runtime.properties @@ -78,15 +78,16 @@ VitroConnection.DataSource.validationQuery = SELECT 1 rootUser.emailAddress = root@myDomain.com # -# Argon2 password hashing parameters for time, memory and parallelism required to compute a hash. +# Argon2 password hashing parameters for time, memory and parallelism required to +# compute a hash. # -# A time cost defines the amount of computation realized and therefore the execution time, given in a number of iterations +# A time cost defines the amount of computation realized and therefore the execution +# time, given in a number of iterations. # A memory cost defines the memory usage, given in kibibytes # A parallelism degree defines the number of parallel threads -# For determining the optimal values of the parameters for your setup please refer to the white paper section 9 - https://github.com/P-H-C/phc-winner-argon2/blob/master/argon2-specs.pdf -# -# Warning: Please change the parameters only if you have installed a fresh installation of Vitro/Vivo and have not logged-in in the system yet. -# If you already have user accounts encrypted through these parameters please do not change them otherwise the existing users would not be able to log-in. +# For determining the optimal values of the parameters for your setup please refer to +# the white paper section 9 +# https://github.com/P-H-C/phc-winner-argon2/blob/master/argon2-specs.pdf # argon2.parallelism =1 argon2.memory = 1024