public void setPassword(String password) { this.password = PASSWORD_ENCODER.encode(password); }
/** * @param passwordEncoder the password encoder to set */ public void setPasswordEncoder(PasswordEncoder passwordEncoder) { this.emptyPassword = passwordEncoder.encode(""); }
public boolean changePassword(User user, String password, String newPassword) { if (password == null || newPassword == null || password.isEmpty() || newPassword.isEmpty()) return false; boolean match = passwordEncoder.matches(password, user.getPassword()); if (!match) return false; user.setPassword(passwordEncoder.encode(newPassword)); userRepository.save(user); log.info("User @{} changed password.", user.getEmail()); return true; }
@Override protected Authentication createSuccessAuthentication(Object principal, Authentication authentication, UserDetails user) { boolean upgradeEncoding = this.userDetailsPasswordService != null && this.passwordEncoder.upgradeEncoding(user.getPassword()); if (upgradeEncoding) { String presentedPassword = authentication.getCredentials().toString(); String newPassword = this.passwordEncoder.encode(presentedPassword); user = this.userDetailsPasswordService.updatePassword(user, newPassword); } return super.createSuccessAuthentication(principal, authentication, user); }
@Override public boolean isPasswordValid(String rawPassword, String encodedPassword) { return passwordEncoderNew.matches(rawPassword, encodedPassword); }
@Override public Mono<Authentication> authenticate(Authentication authentication) { final String username = authentication.getName(); final String presentedPassword = (String) authentication.getCredentials(); return this.userDetailsService.findByUsername(username) .publishOn(this.scheduler) .filter(u -> this.passwordEncoder.matches(presentedPassword, u.getPassword())) .switchIfEmpty(Mono.defer(() -> Mono.error(new BadCredentialsException("Invalid Credentials")))) .flatMap(u -> { boolean upgradeEncoding = this.userDetailsPasswordService != null && this.passwordEncoder.upgradeEncoding(u.getPassword()); if (upgradeEncoding) { String newPassword = this.passwordEncoder.encode(presentedPassword); return this.userDetailsPasswordService.updatePassword(u, newPassword); } return Mono.just(u); }) .doOnNext(this.postAuthenticationChecks::check) .map(u -> new UsernamePasswordAuthenticationToken(u, u.getPassword(), u.getAuthorities()) ); }
@Test public void authenticateWhenPasswordServiceAndUpgradeFalseThenNotUpdated() { when(this.userDetailsService.findByUsername(any())).thenReturn(Mono.just(this.user)); when(this.encoder.matches(any(), any())).thenReturn(true); when(this.encoder.upgradeEncoding(any())).thenReturn(false); this.manager.setPasswordEncoder(this.encoder); this.manager.setUserDetailsPasswordService(this.userDetailsPasswordService); UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken( this.user, this.user.getPassword()); Authentication result = this.manager.authenticate(token).block(); verifyZeroInteractions(this.userDetailsPasswordService); }
@Override public boolean upgradeEncoding(String encodedPassword) { return getPasswordEncoder().upgradeEncoding(encodedPassword); }
/** * Determines if a password is valid by comparing it to the encoded string, salting is handled internally to the {@link PasswordEncoder}. * <p> * This method must always be called to verify if a password is valid after the original encoded password is generated * due to {@link PasswordEncoder} randomly generating salts internally and appending them to the resulting hash. * * @param encodedPassword the encoded password * @param rawPassword the raw password to check against the encoded password * @return true if rawPassword matches the encodedPassword, false otherwise */ protected boolean isPasswordValid(String encodedPassword, String rawPassword) { return passwordEncoderNew.matches(rawPassword, encodedPassword); }
@Override public Mono<Authentication> authenticate(Authentication authentication) { final String username = authentication.getName(); final String presentedPassword = (String) authentication.getCredentials(); return this.userDetailsService.findByUsername(username) .publishOn(this.scheduler) .filter(u -> this.passwordEncoder.matches(presentedPassword, u.getPassword())) .switchIfEmpty(Mono.defer(() -> Mono.error(new BadCredentialsException("Invalid Credentials")))) .flatMap(u -> { boolean upgradeEncoding = this.userDetailsPasswordService != null && this.passwordEncoder.upgradeEncoding(u.getPassword()); if (upgradeEncoding) { String newPassword = this.passwordEncoder.encode(presentedPassword); return this.userDetailsPasswordService.updatePassword(u, newPassword); } return Mono.just(u); }) .map(u -> new UsernamePasswordAuthenticationToken(u, u.getPassword(), u.getAuthorities()) ); }
@Test public void authenticateWhenNotUpgradeAndPasswordManagerThenNoUpdate() { UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken( "user", "password"); PasswordEncoder encoder = mock(PasswordEncoder.class); UserDetailsService userDetailsService = mock(UserDetailsService.class); UserDetailsPasswordService passwordManager = mock(UserDetailsPasswordService.class); DaoAuthenticationProvider provider = new DaoAuthenticationProvider(); provider.setPasswordEncoder(encoder); provider.setUserDetailsService(userDetailsService); provider.setUserDetailsPasswordService(passwordManager); UserDetails user = PasswordEncodedUser.user(); when(encoder.matches(any(), any())).thenReturn(true); when(encoder.upgradeEncoding(any())).thenReturn(false); when(userDetailsService.loadUserByUsername(any())).thenReturn(user); Authentication result = provider.authenticate(token); verifyZeroInteractions(passwordManager); }
@Override public boolean upgradeEncoding(String encodedPassword) { return getPasswordEncoder().upgradeEncoding(encodedPassword); }
@Override public String encode(CharSequence rawPassword) { return passwordEncoder.encode(rawPassword); } };
@Override public boolean matches(CharSequence rawPassword, String encodedPassword) { return StringUtils.hasText(encodedPassword) ? passwordEncoder.matches(rawPassword, encodedPassword) : true; }
@Test public void authenticateWhenPasswordServiceThenUpdated() { String encodedPassword = "encoded"; when(this.userDetailsService.findByUsername(any())).thenReturn(Mono.just(this.user)); when(this.encoder.matches(any(), any())).thenReturn(true); when(this.encoder.upgradeEncoding(any())).thenReturn(true); when(this.encoder.encode(any())).thenReturn(encodedPassword); when(this.userDetailsPasswordService.updatePassword(any(), any())).thenReturn(Mono.just(this.user)); this.manager.setPasswordEncoder(this.encoder); this.manager.setUserDetailsPasswordService(this.userDetailsPasswordService); UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken( this.user, this.user.getPassword()); Authentication result = this.manager.authenticate(token).block(); verify(this.encoder).encode(this.user.getPassword()); verify(this.userDetailsPasswordService).updatePassword(eq(this.user), eq(encodedPassword)); }
@Override protected Authentication createSuccessAuthentication(Object principal, Authentication authentication, UserDetails user) { boolean upgradeEncoding = this.userDetailsPasswordService != null && this.passwordEncoder.upgradeEncoding(user.getPassword()); if (upgradeEncoding) { String presentedPassword = authentication.getCredentials().toString(); String newPassword = this.passwordEncoder.encode(presentedPassword); user = this.userDetailsPasswordService.updatePassword(user, newPassword); } return super.createSuccessAuthentication(principal, authentication, user); }
@Override public boolean upgradeEncoding(String encodedPassword) { return getPasswordEncoder().upgradeEncoding(encodedPassword); }
private void prepareTimingAttackProtection() { if (this.userNotFoundEncodedPassword == null) { this.userNotFoundEncodedPassword = this.passwordEncoder.encode(USER_NOT_FOUND_PASSWORD); } }
@Test public void testEncode() throws Exception { String encode1 = cachingPasswordEncoder.encode(password); String encode2 = cachingPasswordEncoder.getPasswordEncoder().encode(password); assertFalse(encode1.equals(encode2)); assertTrue(cachingPasswordEncoder.getPasswordEncoder().matches(password, encode1)); assertTrue(cachingPasswordEncoder.getPasswordEncoder().matches(password, encode2)); assertTrue(cachingPasswordEncoder.matches(password, encode1)); assertTrue(cachingPasswordEncoder.matches(password, encode2)); }