| commit | author | age | ||
| 04a985 | 1 | /* |
| JM | 2 | * Copyright 2013 gitblit.com. |
| 3 | * | |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); | |
| 5 | * you may not use this file except in compliance with the License. | |
| 6 | * You may obtain a copy of the License at | |
| 7 | * | |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 | |
| 9 | * | |
| 10 | * Unless required by applicable law or agreed to in writing, software | |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, | |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
| 13 | * See the License for the specific language governing permissions and | |
| 14 | * limitations under the License. | |
| 15 | */ | |
| 16 | package com.gitblit.tests; | |
| 17 | ||
| 18 | import java.io.File; | |
| 19 | import java.io.FilenameFilter; | |
| 20 | import java.io.IOException; | |
| 21 | import java.util.HashMap; | |
| 22 | ||
| 23 | import org.apache.commons.io.FileUtils; | |
| 24 | import org.junit.After; | |
| 25 | import org.junit.Before; | |
| 26 | import org.junit.Test; | |
| 27 | ||
| 28 | import com.gitblit.IStoredSettings; | |
| 29 | import com.gitblit.auth.HtpasswdAuthProvider; | |
| b4a63a | 30 | import com.gitblit.manager.AuthenticationManager; |
| 04a985 | 31 | import com.gitblit.manager.RuntimeManager; |
| JM | 32 | import com.gitblit.manager.UserManager; |
| 33 | import com.gitblit.models.UserModel; | |
| 34 | import com.gitblit.tests.mock.MemorySettings; | |
| 35 | ||
| 36 | /** | |
| 37 | * Test the Htpasswd user service. | |
| 38 | * | |
| 39 | */ | |
| 40 | public class HtpasswdAuthenticationTest extends GitblitUnitTest { | |
| 41 | ||
| 42 | private static final String RESOURCE_DIR = "src/test/resources/htpasswd/"; | |
| 43 | private static final String KEY_SUPPORT_PLAINTEXT_PWD = "realm.htpasswd.supportPlaintextPasswords"; | |
| 44 | ||
| 45 | private static final int NUM_USERS_HTPASSWD = 10; | |
| 46 | ||
| 47 | private static final MemorySettings MS = new MemorySettings(new HashMap<String, Object>()); | |
| 48 | ||
| 49 | private HtpasswdAuthProvider htpasswd; | |
| 50 | ||
| b4a63a | 51 | private AuthenticationManager auth; |
| 04a985 | 52 | |
| JM | 53 | private MemorySettings getSettings(String userfile, String groupfile, Boolean overrideLA) |
| 54 | { | |
| 55 | MS.put("realm.userService", RESOURCE_DIR + "users.conf"); | |
| 56 | MS.put("realm.htpasswd.userfile", (userfile == null) ? (RESOURCE_DIR + "htpasswd") : userfile); | |
| 57 | MS.put("realm.htpasswd.groupfile", (groupfile == null) ? (RESOURCE_DIR + "htgroup") : groupfile); | |
| 58 | MS.put("realm.htpasswd.overrideLocalAuthentication", (overrideLA == null) ? "false" : overrideLA.toString()); | |
| 59 | // Default to keep test the same on all platforms. | |
| 60 | MS.put(KEY_SUPPORT_PLAINTEXT_PWD, "false"); | |
| 61 | ||
| 62 | return MS; | |
| 63 | } | |
| 64 | ||
| 65 | private MemorySettings getSettings() | |
| 66 | { | |
| 67 | return getSettings(null, null, null); | |
| 68 | } | |
| 69 | ||
| 70 | private void setupUS() | |
| 71 | { | |
| 72 | htpasswd = newHtpasswdAuthentication(getSettings()); | |
| b4a63a | 73 | auth = newAuthenticationManager(getSettings()); |
| 04a985 | 74 | } |
| JM | 75 | |
| 76 | private HtpasswdAuthProvider newHtpasswdAuthentication(IStoredSettings settings) { | |
| 77 | RuntimeManager runtime = new RuntimeManager(settings, GitBlitSuite.BASEFOLDER).start(); | |
| ca4d98 | 78 | UserManager users = new UserManager(runtime, null).start(); |
| 04a985 | 79 | HtpasswdAuthProvider htpasswd = new HtpasswdAuthProvider(); |
| JM | 80 | htpasswd.setup(runtime, users); |
| 81 | return htpasswd; | |
| b4a63a | 82 | } |
| ca4d98 | 83 | |
| b4a63a | 84 | private AuthenticationManager newAuthenticationManager(IStoredSettings settings) { |
| JM | 85 | RuntimeManager runtime = new RuntimeManager(settings, GitBlitSuite.BASEFOLDER).start(); |
| ca4d98 | 86 | UserManager users = new UserManager(runtime, null).start(); |
| b4a63a | 87 | HtpasswdAuthProvider htpasswd = new HtpasswdAuthProvider(); |
| JM | 88 | htpasswd.setup(runtime, users); |
| 89 | AuthenticationManager auth = new AuthenticationManager(runtime, users); | |
| 90 | auth.addAuthenticationProvider(htpasswd); | |
| 91 | return auth; | |
| 04a985 | 92 | } |
| JM | 93 | |
| 94 | ||
| 95 | private void copyInFiles() throws IOException | |
| 96 | { | |
| 97 | File dir = new File(RESOURCE_DIR); | |
| 98 | FilenameFilter filter = new FilenameFilter() { | |
| 99 | @Override | |
| 100 | public boolean accept(File dir, String file) { | |
| 101 | return file.endsWith(".in"); | |
| 102 | } | |
| 103 | }; | |
| 104 | for (File inf : dir.listFiles(filter)) { | |
| 105 | File dest = new File(inf.getParent(), inf.getName().substring(0, inf.getName().length() - 3)); | |
| 106 | FileUtils.copyFile(inf, dest); | |
| 107 | } | |
| 108 | } | |
| 109 | ||
| 110 | ||
| 111 | private void deleteGeneratedFiles() | |
| 112 | { | |
| 113 | File dir = new File(RESOURCE_DIR); | |
| 114 | FilenameFilter filter = new FilenameFilter() { | |
| 115 | @Override | |
| 116 | public boolean accept(File dir, String file) { | |
| 117 | return !(file.endsWith(".in")); | |
| 118 | } | |
| 119 | }; | |
| 120 | for (File file : dir.listFiles(filter)) { | |
| 121 | file.delete(); | |
| 122 | } | |
| 123 | } | |
| 124 | ||
| 125 | ||
| 126 | @Before | |
| 127 | public void setup() throws IOException | |
| 128 | { | |
| 129 | copyInFiles(); | |
| 130 | setupUS(); | |
| 131 | } | |
| 132 | ||
| 133 | ||
| 134 | @After | |
| 135 | public void tearDown() | |
| 136 | { | |
| 137 | deleteGeneratedFiles(); | |
| 138 | } | |
| 139 | ||
| 140 | ||
| 141 | ||
| 142 | @Test | |
| 143 | public void testSetup() throws IOException | |
| 144 | { | |
| 145 | assertEquals(NUM_USERS_HTPASSWD, htpasswd.getNumberHtpasswdUsers()); | |
| 146 | } | |
| 147 | ||
| 148 | ||
| 149 | @Test | |
| 150 | public void testAuthenticate() | |
| 151 | { | |
| 152 | MS.put(KEY_SUPPORT_PLAINTEXT_PWD, "true"); | |
| 153 | UserModel user = htpasswd.authenticate("user1", "pass1".toCharArray()); | |
| 154 | assertNotNull(user); | |
| 155 | assertEquals("user1", user.username); | |
| 156 | ||
| 157 | user = htpasswd.authenticate("user2", "pass2".toCharArray()); | |
| 158 | assertNotNull(user); | |
| 159 | assertEquals("user2", user.username); | |
| 160 | ||
| 161 | // Test different encryptions | |
| 162 | user = htpasswd.authenticate("plain", "passWord".toCharArray()); | |
| 163 | assertNotNull(user); | |
| 164 | assertEquals("plain", user.username); | |
| 165 | ||
| 166 | MS.put(KEY_SUPPORT_PLAINTEXT_PWD, "false"); | |
| 167 | user = htpasswd.authenticate("crypt", "password".toCharArray()); | |
| 168 | assertNotNull(user); | |
| 169 | assertEquals("crypt", user.username); | |
| 170 | ||
| 171 | user = htpasswd.authenticate("md5", "password".toCharArray()); | |
| 172 | assertNotNull(user); | |
| 173 | assertEquals("md5", user.username); | |
| 174 | ||
| 175 | user = htpasswd.authenticate("sha", "password".toCharArray()); | |
| 176 | assertNotNull(user); | |
| 177 | assertEquals("sha", user.username); | |
| 178 | ||
| 179 | ||
| 180 | // Test leading and trailing whitespace | |
| 181 | user = htpasswd.authenticate("trailing", "whitespace".toCharArray()); | |
| 182 | assertNotNull(user); | |
| 183 | assertEquals("trailing", user.username); | |
| 184 | ||
| 185 | user = htpasswd.authenticate("tabbed", "frontAndBack".toCharArray()); | |
| 186 | assertNotNull(user); | |
| 187 | assertEquals("tabbed", user.username); | |
| 188 | ||
| 189 | user = htpasswd.authenticate("leading", "whitespace".toCharArray()); | |
| 190 | assertNotNull(user); | |
| 191 | assertEquals("leading", user.username); | |
| 192 | } | |
| 193 | ||
| ca4d98 | 194 | |
| b4a63a | 195 | @Test |
| JM | 196 | public void testAuthenticationManager() |
| 197 | { | |
| 198 | MS.put(KEY_SUPPORT_PLAINTEXT_PWD, "true"); | |
| 199 | UserModel user = auth.authenticate("user1", "pass1".toCharArray()); | |
| 200 | assertNotNull(user); | |
| 201 | assertEquals("user1", user.username); | |
| 202 | ||
| 203 | user = auth.authenticate("user2", "pass2".toCharArray()); | |
| 204 | assertNotNull(user); | |
| 205 | assertEquals("user2", user.username); | |
| 206 | ||
| 207 | // Test different encryptions | |
| 208 | user = auth.authenticate("plain", "passWord".toCharArray()); | |
| 209 | assertNotNull(user); | |
| 210 | assertEquals("plain", user.username); | |
| 211 | ||
| 212 | MS.put(KEY_SUPPORT_PLAINTEXT_PWD, "false"); | |
| 213 | user = auth.authenticate("crypt", "password".toCharArray()); | |
| 214 | assertNotNull(user); | |
| 215 | assertEquals("crypt", user.username); | |
| 216 | ||
| 217 | user = auth.authenticate("md5", "password".toCharArray()); | |
| 218 | assertNotNull(user); | |
| 219 | assertEquals("md5", user.username); | |
| 220 | ||
| 221 | user = auth.authenticate("sha", "password".toCharArray()); | |
| 222 | assertNotNull(user); | |
| 223 | assertEquals("sha", user.username); | |
| 224 | ||
| 225 | ||
| 226 | // Test leading and trailing whitespace | |
| 227 | user = auth.authenticate("trailing", "whitespace".toCharArray()); | |
| 228 | assertNotNull(user); | |
| 229 | assertEquals("trailing", user.username); | |
| 230 | ||
| 231 | user = auth.authenticate("tabbed", "frontAndBack".toCharArray()); | |
| 232 | assertNotNull(user); | |
| 233 | assertEquals("tabbed", user.username); | |
| 234 | ||
| 235 | user = auth.authenticate("leading", "whitespace".toCharArray()); | |
| 236 | assertNotNull(user); | |
| 237 | assertEquals("leading", user.username); | |
| 238 | } | |
| 239 | ||
| 04a985 | 240 | |
| JM | 241 | @Test |
| 242 | public void testAttributes() | |
| 243 | { | |
| 244 | MS.put(KEY_SUPPORT_PLAINTEXT_PWD, "true"); | |
| 245 | UserModel user = htpasswd.authenticate("user1", "pass1".toCharArray()); | |
| 246 | assertNotNull(user); | |
| 247 | assertEquals("El Capitan", user.displayName); | |
| 248 | assertEquals("cheffe@example.com", user.emailAddress); | |
| 249 | assertTrue(user.canAdmin); | |
| 250 | ||
| 251 | user = htpasswd.authenticate("user2", "pass2".toCharArray()); | |
| 252 | assertNotNull(user); | |
| 253 | assertEquals("User Two", user.displayName); | |
| 254 | assertTrue(user.canCreate); | |
| 255 | assertTrue(user.canFork); | |
| 256 | } | |
| 257 | ||
| 258 | ||
| 259 | @Test | |
| 260 | public void testAuthenticateDenied() | |
| 261 | { | |
| 262 | UserModel user = null; | |
| 263 | MS.put(KEY_SUPPORT_PLAINTEXT_PWD, "true"); | |
| 264 | user = htpasswd.authenticate("user1", "".toCharArray()); | |
| 265 | assertNull("User 'user1' falsely authenticated.", user); | |
| 266 | ||
| 267 | user = htpasswd.authenticate("user1", "pass2".toCharArray()); | |
| 268 | assertNull("User 'user1' falsely authenticated.", user); | |
| 269 | ||
| 270 | user = htpasswd.authenticate("user2", "lalala".toCharArray()); | |
| 271 | assertNull("User 'user2' falsely authenticated.", user); | |
| 272 | ||
| 273 | ||
| 274 | user = htpasswd.authenticate("user3", "disabled".toCharArray()); | |
| 275 | assertNull("User 'user3' falsely authenticated.", user); | |
| 276 | ||
| 277 | user = htpasswd.authenticate("user4", "disabled".toCharArray()); | |
| 278 | assertNull("User 'user4' falsely authenticated.", user); | |
| 279 | ||
| 280 | ||
| 281 | user = htpasswd.authenticate("plain", "text".toCharArray()); | |
| 282 | assertNull("User 'plain' falsely authenticated.", user); | |
| 283 | ||
| 284 | user = htpasswd.authenticate("plain", "password".toCharArray()); | |
| 285 | assertNull("User 'plain' falsely authenticated.", user); | |
| 286 | ||
| 287 | ||
| 288 | MS.put(KEY_SUPPORT_PLAINTEXT_PWD, "false"); | |
| 289 | ||
| 290 | user = htpasswd.authenticate("crypt", "".toCharArray()); | |
| 291 | assertNull("User 'cyrpt' falsely authenticated.", user); | |
| 292 | ||
| 293 | user = htpasswd.authenticate("crypt", "passwd".toCharArray()); | |
| 294 | assertNull("User 'crypt' falsely authenticated.", user); | |
| 295 | ||
| 296 | user = htpasswd.authenticate("md5", "".toCharArray()); | |
| 297 | assertNull("User 'md5' falsely authenticated.", user); | |
| 298 | ||
| 299 | user = htpasswd.authenticate("md5", "pwd".toCharArray()); | |
| 300 | assertNull("User 'md5' falsely authenticated.", user); | |
| 301 | ||
| 302 | user = htpasswd.authenticate("sha", "".toCharArray()); | |
| 303 | assertNull("User 'sha' falsely authenticated.", user); | |
| 304 | ||
| 305 | user = htpasswd.authenticate("sha", "letmein".toCharArray()); | |
| 306 | assertNull("User 'sha' falsely authenticated.", user); | |
| 307 | ||
| 308 | ||
| 309 | user = htpasswd.authenticate(" tabbed", "frontAndBack".toCharArray()); | |
| 310 | assertNull("User 'tabbed' falsely authenticated.", user); | |
| 311 | ||
| 312 | user = htpasswd.authenticate(" leading", "whitespace".toCharArray()); | |
| 313 | assertNull("User 'leading' falsely authenticated.", user); | |
| 314 | } | |
| 315 | ||
| 316 | ||
| 317 | @Test | |
| b4a63a | 318 | public void testAuthenticationMangerDenied() |
| JM | 319 | { |
| 320 | UserModel user = null; | |
| 321 | MS.put(KEY_SUPPORT_PLAINTEXT_PWD, "true"); | |
| 322 | user = auth.authenticate("user1", "".toCharArray()); | |
| 323 | assertNull("User 'user1' falsely authenticated.", user); | |
| 324 | ||
| 325 | user = auth.authenticate("user1", "pass2".toCharArray()); | |
| 326 | assertNull("User 'user1' falsely authenticated.", user); | |
| 327 | ||
| 328 | user = auth.authenticate("user2", "lalala".toCharArray()); | |
| 329 | assertNull("User 'user2' falsely authenticated.", user); | |
| 330 | ||
| 331 | ||
| 332 | user = auth.authenticate("user3", "disabled".toCharArray()); | |
| 333 | assertNull("User 'user3' falsely authenticated.", user); | |
| 334 | ||
| 335 | user = auth.authenticate("user4", "disabled".toCharArray()); | |
| 336 | assertNull("User 'user4' falsely authenticated.", user); | |
| 337 | ||
| 338 | ||
| 339 | user = auth.authenticate("plain", "text".toCharArray()); | |
| 340 | assertNull("User 'plain' falsely authenticated.", user); | |
| 341 | ||
| 342 | user = auth.authenticate("plain", "password".toCharArray()); | |
| 343 | assertNull("User 'plain' falsely authenticated.", user); | |
| 344 | ||
| 345 | ||
| 346 | MS.put(KEY_SUPPORT_PLAINTEXT_PWD, "false"); | |
| 347 | ||
| 348 | user = auth.authenticate("crypt", "".toCharArray()); | |
| 349 | assertNull("User 'cyrpt' falsely authenticated.", user); | |
| 350 | ||
| 351 | user = auth.authenticate("crypt", "passwd".toCharArray()); | |
| 352 | assertNull("User 'crypt' falsely authenticated.", user); | |
| 353 | ||
| 354 | user = auth.authenticate("md5", "".toCharArray()); | |
| 355 | assertNull("User 'md5' falsely authenticated.", user); | |
| 356 | ||
| 357 | user = auth.authenticate("md5", "pwd".toCharArray()); | |
| 358 | assertNull("User 'md5' falsely authenticated.", user); | |
| 359 | ||
| 360 | user = auth.authenticate("sha", "".toCharArray()); | |
| 361 | assertNull("User 'sha' falsely authenticated.", user); | |
| 362 | ||
| 363 | user = auth.authenticate("sha", "letmein".toCharArray()); | |
| 364 | assertNull("User 'sha' falsely authenticated.", user); | |
| 365 | ||
| 366 | ||
| 367 | user = auth.authenticate(" tabbed", "frontAndBack".toCharArray()); | |
| 368 | assertNull("User 'tabbed' falsely authenticated.", user); | |
| 369 | ||
| 370 | user = auth.authenticate(" leading", "whitespace".toCharArray()); | |
| 371 | assertNull("User 'leading' falsely authenticated.", user); | |
| 372 | } | |
| 373 | ||
| 374 | @Test | |
| 04a985 | 375 | public void testCleartextIntrusion() |
| JM | 376 | { |
| 377 | MS.put(KEY_SUPPORT_PLAINTEXT_PWD, "true"); | |
| 378 | assertNull(htpasswd.authenticate("md5", "$apr1$qAGGNfli$sAn14mn.WKId/3EQS7KSX0".toCharArray())); | |
| 379 | assertNull(htpasswd.authenticate("sha", "{SHA}W6ph5Mm5Pz8GgiULbPgzG37mj9g=".toCharArray())); | |
| 380 | ||
| 381 | assertNull(htpasswd.authenticate("user1", "#externalAccount".toCharArray())); | |
| 382 | ||
| 383 | MS.put(KEY_SUPPORT_PLAINTEXT_PWD, "false"); | |
| 384 | assertNull(htpasswd.authenticate("md5", "$apr1$qAGGNfli$sAn14mn.WKId/3EQS7KSX0".toCharArray())); | |
| 385 | assertNull(htpasswd.authenticate("sha", "{SHA}W6ph5Mm5Pz8GgiULbPgzG37mj9g=".toCharArray())); | |
| 386 | ||
| 387 | assertNull(htpasswd.authenticate("user1", "#externalAccount".toCharArray())); | |
| 388 | } | |
| 389 | ||
| 390 | ||
| 391 | @Test | |
| 392 | public void testCryptVsPlaintext() | |
| 393 | { | |
| 394 | MS.put(KEY_SUPPORT_PLAINTEXT_PWD, "false"); | |
| 395 | assertNull(htpasswd.authenticate("crypt", "6TmlbxqZ2kBIA".toCharArray())); | |
| 396 | assertNotNull(htpasswd.authenticate("crypt", "password".toCharArray())); | |
| 397 | ||
| 398 | MS.put(KEY_SUPPORT_PLAINTEXT_PWD, "true"); | |
| 399 | assertNotNull(htpasswd.authenticate("crypt", "6TmlbxqZ2kBIA".toCharArray())); | |
| 400 | assertNull(htpasswd.authenticate("crypt", "password".toCharArray())); | |
| 401 | } | |
| 402 | ||
| 403 | @Test | |
| 404 | public void testChangeHtpasswdFile() | |
| 405 | { | |
| 406 | UserModel user; | |
| 407 | ||
| 408 | // User default set up. | |
| 409 | user = htpasswd.authenticate("md5", "password".toCharArray()); | |
| 410 | assertNotNull(user); | |
| 411 | assertEquals("md5", user.username); | |
| 412 | ||
| 413 | user = htpasswd.authenticate("sha", "password".toCharArray()); | |
| 414 | assertNotNull(user); | |
| 415 | assertEquals("sha", user.username); | |
| 416 | ||
| 417 | user = htpasswd.authenticate("blueone", "GoBlue!".toCharArray()); | |
| 418 | assertNull(user); | |
| 419 | ||
| 420 | user = htpasswd.authenticate("bluetwo", "YayBlue!".toCharArray()); | |
| 421 | assertNull(user); | |
| 422 | ||
| 423 | ||
| 424 | // Switch to different htpasswd file. | |
| 425 | getSettings(RESOURCE_DIR + "htpasswd-user", null, null); | |
| 426 | ||
| 427 | user = htpasswd.authenticate("md5", "password".toCharArray()); | |
| 428 | assertNull(user); | |
| 429 | ||
| 430 | user = htpasswd.authenticate("sha", "password".toCharArray()); | |
| 431 | assertNull(user); | |
| 432 | ||
| 433 | user = htpasswd.authenticate("blueone", "GoBlue!".toCharArray()); | |
| 434 | assertNotNull(user); | |
| 435 | assertEquals("blueone", user.username); | |
| 436 | ||
| 437 | user = htpasswd.authenticate("bluetwo", "YayBlue!".toCharArray()); | |
| 438 | assertNotNull(user); | |
| 439 | assertEquals("bluetwo", user.username); | |
| 440 | } | |
| 441 | ||
| 442 | ||
| 443 | @Test | |
| 444 | public void testChangeHtpasswdFileNotExisting() | |
| 445 | { | |
| 446 | UserModel user; | |
| 447 | ||
| 448 | // User default set up. | |
| 449 | user = htpasswd.authenticate("md5", "password".toCharArray()); | |
| 450 | assertNotNull(user); | |
| 451 | assertEquals("md5", user.username); | |
| 452 | ||
| 453 | user = htpasswd.authenticate("sha", "password".toCharArray()); | |
| 454 | assertNotNull(user); | |
| 455 | assertEquals("sha", user.username); | |
| 456 | ||
| 457 | user = htpasswd.authenticate("blueone", "GoBlue!".toCharArray()); | |
| 458 | assertNull(user); | |
| 459 | ||
| 460 | user = htpasswd.authenticate("bluetwo", "YayBlue!".toCharArray()); | |
| 461 | assertNull(user); | |
| 462 | ||
| 463 | ||
| 464 | // Switch to different htpasswd file that doesn't exist. | |
| 465 | // Currently we stop working with old users upon this change. | |
| 466 | getSettings(RESOURCE_DIR + "no-such-file", null, null); | |
| 467 | ||
| 468 | user = htpasswd.authenticate("md5", "password".toCharArray()); | |
| 469 | assertNull(user); | |
| 470 | ||
| 471 | user = htpasswd.authenticate("sha", "password".toCharArray()); | |
| 472 | assertNull(user); | |
| 473 | ||
| 474 | user = htpasswd.authenticate("blueone", "GoBlue!".toCharArray()); | |
| 475 | assertNull(user); | |
| 476 | ||
| 477 | user = htpasswd.authenticate("bluetwo", "YayBlue!".toCharArray()); | |
| 478 | assertNull(user); | |
| 479 | } | |
| 480 | ||
| 481 | } | |
