@Override public boolean matches(CharSequence rawPassword, String encodedPassword) { return StringUtils.hasText(encodedPassword) ? passwordEncoder.matches(rawPassword, encodedPassword) : true; }
@Override public boolean matches(CharSequence rawPassword, String encodedPassword) { return getPasswordEncoder().matches(rawPassword, encodedPassword); }
@Override public boolean matches(CharSequence rawPassword, String encodedPassword) { return getPasswordEncoder().matches(rawPassword, encodedPassword); }
private void mitigateAgainstTimingAttack(UsernamePasswordAuthenticationToken authentication) { if (authentication.getCredentials() != null) { String presentedPassword = authentication.getCredentials().toString(); this.passwordEncoder.matches(presentedPassword, this.userNotFoundEncodedPassword); } }
@Test public void matchesWhenPbkdf2ThenWorks() { String encodedPassword = "{pbkdf2}5d923b44a6d129f3ddf3e3c8d29412723dcbde72445e8ef6bf3b508fbf17fa4ed4d6b99ca763d8dc"; assertThat(this.encoder.matches(this.rawPassword, encodedPassword)).isTrue(); }
@Test public void matchesWhenSHA1ThenWorks() { String encodedPassword = "{SHA-1}{6581QepZz2qd8jVrT2QYPVtK8DuM2n45dVslmc3UTWc=}4f31573948ddbfb8ac9dd80107dfad13fd8f2454"; assertThat(this.encoder.matches(this.rawPassword, encodedPassword)).isTrue(); }
@Test public void matchesWhenLdapThenWorks() { String encodedPassword = "{ldap}{SSHA}igvD9lOiTXm16dmOw0YWRb9OjK2ThZvdQku2EQ=="; assertThat(this.encoder.matches(this.rawPassword, encodedPassword)).isTrue(); }
@Test public void matchesWhenMd4ThenWorks() { String encodedPassword = "{MD4}{KYp8/QErWyQemYazZQ8UnWWfbGbkYkVC8qMi0duoA84=}152ce09d3261d2b53cac55b2ea4d1c7a"; assertThat(this.encoder.matches(this.rawPassword, encodedPassword)).isTrue(); }
@Test public void matchesWhenNoopThenWorks() { String encodedPassword = "{noop}password"; assertThat(this.encoder.matches(this.rawPassword, encodedPassword)).isTrue(); }
@Test public void matchesWhenBCryptThenDelegatesToBCrypt() { when(this.bcrypt.matches(this.rawPassword, this.encodedPassword)).thenReturn(true); assertThat(this.passwordEncoder.matches(this.rawPassword, this.bcryptEncodedPassword)).isTrue(); verify(this.bcrypt).matches(this.rawPassword, this.encodedPassword); verifyZeroInteractions(this.noop); }
@Test public void matchesWhenSha256ThenWorks() { String encodedPassword = "{sha256}97cde38028ad898ebc02e690819fa220e88c62e0699403e94fff291cfffaf8410849f27605abcbc0"; assertThat(this.encoder.matches(this.rawPassword, encodedPassword)).isTrue(); }
@Test public void matchesWhenSHA256ThenWorks() { String encodedPassword = "{SHA-256}{UisHp3pFSMqcqrhQsrhR+hspIG0SyMDyDW/XtY+t6nA=}a98efbaf59277bfd1837c33fd4fde67de5bcfd2205bcba0992f6fc32b03a8f88"; assertThat(this.encoder.matches(this.rawPassword, encodedPassword)).isTrue(); }
@Test public void matchesWhenNullIdThenDelegatesToInvalidId() { this.delegates.put(null, this.invalidId); this.passwordEncoder = new DelegatingPasswordEncoder(this.bcryptId, this.delegates); when(this.invalidId.matches(this.rawPassword, this.encodedPassword)).thenReturn(true); assertThat(this.passwordEncoder.matches(this.rawPassword, this.encodedPassword)).isTrue(); verify(this.invalidId).matches(this.rawPassword, this.encodedPassword); verifyZeroInteractions(this.bcrypt, this.noop); }
@Test public void authenticateWhenPostAuthenticationChecksNotSet() { when(this.userDetailsService.findByUsername(any())).thenReturn(Mono.just(this.user)); when(this.encoder.matches(any(), any())).thenReturn(true); this.manager.setPasswordEncoder(this.encoder); UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken( this.user, this.user.getPassword()); this.manager.authenticate(token).block(); verifyZeroInteractions(this.postAuthenticationChecks); } }
@Test public void authenticateWhenPasswordServiceAndBadCredentialsThenNotUpdated() { when(this.userDetailsService.findByUsername(any())).thenReturn(Mono.just(this.user)); when(this.encoder.matches(any(), any())).thenReturn(false); this.manager.setPasswordEncoder(this.encoder); this.manager.setUserDetailsPasswordService(this.userDetailsPasswordService); UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken( this.user, this.user.getPassword()); assertThatThrownBy(() -> this.manager.authenticate(token).block()) .isInstanceOf(BadCredentialsException.class); verifyZeroInteractions(this.userDetailsPasswordService); }
@Test public void authenticateWhenPasswordEncoderAndSuccessThenSuccess() { this.manager.setPasswordEncoder(this.passwordEncoder); when(this.passwordEncoder.matches(any(), any())).thenReturn(true); User user = new User(this.username, this.password, AuthorityUtils.createAuthorityList("ROLE_USER")); when(this.repository.findByUsername(user.getUsername())).thenReturn(Mono.just(user)); UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken( this.username, this.password); Authentication authentication = this.manager.authenticate(token).block(); assertThat(authentication).isEqualTo(authentication); }
@Test public void authenticateWhenPasswordServiceAndUpgradeFalseThenNotUpdated() { when(this.userDetailsService.findByUsername(any())).thenReturn(Mono.just(this.user)); when(this.encoder.matches(any(), any())).thenReturn(true); when(this.encoder.upgradeEncoding(any())).thenReturn(false); this.manager.setPasswordEncoder(this.encoder); this.manager.setUserDetailsPasswordService(this.userDetailsPasswordService); UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken( this.user, this.user.getPassword()); Authentication result = this.manager.authenticate(token).block(); verifyZeroInteractions(this.userDetailsPasswordService); }
@Test public void encodeWhenDefaultThenBCryptUsed() { String encodedPassword = this.encoder.encode(this.rawPassword); assertThat(encodedPassword).startsWith("{bcrypt}"); assertThat(this.encoder.matches(this.rawPassword, encodedPassword)).isTrue(); }
@Test public void authentiateWhenCustomSchedulerThenUsed() { when(this.userDetailsService.findByUsername(any())).thenReturn(Mono.just(this.user)); when(this.encoder.matches(any(), any())).thenReturn(true); this.manager.setScheduler(this.scheduler); this.manager.setPasswordEncoder(this.encoder); UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken( this.user, this.user.getPassword()); Authentication result = this.manager.authenticate(token).block(); verify(this.scheduler).schedule(any()); }
@Test public void authenticateWhenPostAuthenticationChecksFail() { when(this.userDetailsService.findByUsername(any())).thenReturn(Mono.just(this.user)); doThrow(new LockedException("account is locked")).when(this.postAuthenticationChecks).check(any()); when(this.encoder.matches(any(), any())).thenReturn(true); this.manager.setPasswordEncoder(this.encoder); this.manager.setPostAuthenticationChecks(this.postAuthenticationChecks); assertThatExceptionOfType(LockedException.class) .isThrownBy(() -> this.manager.authenticate(new UsernamePasswordAuthenticationToken(this.user, this.user.getPassword())).block()) .withMessage("account is locked"); verify(this.postAuthenticationChecks).check(eq(this.user)); }