blob: 59d553093504c63ab1c25360a43e368703a8884e [file] [log] [blame]
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.shiro.authc.credential
import org.apache.shiro.authc.AuthenticationInfo
import org.apache.shiro.authc.AuthenticationToken
import org.apache.shiro.crypto.hash.Sha256Hash
import org.junit.Test
import static org.easymock.EasyMock.*
import static org.junit.Assert.*
/**
* Unit tests for the {@link PasswordMatcher} implementation.
*
* @since 1.2
*/
class PasswordMatcherTest {
@Test
void testMissingPasswordService() {
def matcher = new PasswordMatcher()
matcher.passwordService = null
try {
matcher.doCredentialsMatch(null, null)
fail "Test should fail due to lack of a configured PasswordService instance."
} catch (IllegalStateException expected) {
}
}
@Test
void testStringPasswordComparison() {
def service = createMock(PasswordService)
def token = createMock(AuthenticationToken)
def info = createMock(AuthenticationInfo)
//generate a stored password just for this test:
def submittedPassword = "plaintext"
def savedPassword = "encrypted"
expect(token.credentials).andReturn submittedPassword
expect(info.credentials).andReturn savedPassword
expect(service.passwordsMatch(eq(submittedPassword), eq(savedPassword))).andReturn true
replay token, info, service
def matcher = new PasswordMatcher()
matcher.passwordService = service
assertSame service, matcher.passwordService
assertTrue matcher.doCredentialsMatch(token, info)
verify token, info, service
}
@Test
void testHashComparisonWithoutHashedPasswordService() {
def service = createMock(PasswordService)
def token = createMock(AuthenticationToken)
def info = createMock(AuthenticationInfo)
//generate a stored password just for this test:
def submittedPassword = "plaintext"
def savedPassword = new Sha256Hash("plaintext")
expect(token.credentials).andReturn submittedPassword
expect(info.credentials).andReturn savedPassword
replay token, info, service
def matcher = new PasswordMatcher()
matcher.passwordService = service
assertSame service, matcher.passwordService
try {
assertTrue matcher.doCredentialsMatch(token, info)
fail "matcher should fail since PasswordService is not a HashingPasswordService"
} catch (IllegalStateException expected) {
}
verify token, info, service
}
@Test
void testHashComparison() {
def service = createMock(HashingPasswordService)
def token = createMock(AuthenticationToken)
def info = createMock(AuthenticationInfo)
//generate a stored password just for this test:
def submittedPassword = "plaintext"
def savedPassword = new Sha256Hash("plaintext")
expect(token.credentials).andReturn submittedPassword
expect(info.credentials).andReturn savedPassword
expect(service.passwordsMatch(submittedPassword, savedPassword)).andReturn true
replay token, info, service
def matcher = new PasswordMatcher()
matcher.passwordService = service
assertSame service, matcher.passwordService
assertTrue matcher.doCredentialsMatch(token, info)
verify token, info, service
}
/**
* Asserts fix for https://issues.apache.org/jira/browse/SHIRO-363
*/
@Test
void testCharArrayComparison() {
def service = createMock(PasswordService)
def token = createMock(AuthenticationToken)
def info = createMock(AuthenticationInfo)
//generate a stored password just for this test:
def submittedPassword = "foo"
def savedPasswordAsString = "foo";
def savedPassword = savedPasswordAsString.toCharArray()
expect(token.credentials).andReturn submittedPassword
expect(info.credentials).andReturn savedPassword
expect(service.passwordsMatch(eq(submittedPassword), eq(savedPasswordAsString))).andReturn true
replay token, info, service
def matcher = new PasswordMatcher()
matcher.passwordService = service
assertSame service, matcher.passwordService
assertTrue matcher.doCredentialsMatch(token, info)
verify token, info, service
}
@Test
void testUnexpectedSavedCredentialsType() {
def service = createMock(HashingPasswordService)
def token = createMock(AuthenticationToken)
def info = createMock(AuthenticationInfo)
//generate a stored password just for this test:
def submittedPassword = "plaintext"
def savedPassword = 23
expect(token.credentials).andReturn submittedPassword
expect(info.credentials).andReturn savedPassword
replay token, info, service
def matcher = new PasswordMatcher()
matcher.passwordService = service
assertSame service, matcher.passwordService
try {
assertTrue matcher.doCredentialsMatch(token, info)
fail "Saved credentials should be either a String or Hash instance."
} catch (IllegalArgumentException expected) {
}
verify token, info, service
}
}