githubFork/gitblit.git - Solinfo Gitblit

			@@ -27,10 +27,13 @@

			import com.gitblit.IStoredSettings;
			import com.gitblit.auth.HtpasswdAuthProvider;
			import com.gitblit.manager.AuthenticationManager;
			import com.gitblit.manager.RuntimeManager;
			import com.gitblit.manager.UserManager;
			import com.gitblit.models.UserModel;
			import com.gitblit.tests.mock.MemorySettings;
			import com.gitblit.utils.XssFilter;
			import com.gitblit.utils.XssFilter.AllowXssFilter;

			/**
			* Test the Htpasswd user service.
			@@ -47,6 +50,7 @@

			private HtpasswdAuthProvider htpasswd;

			private AuthenticationManager auth;

			private MemorySettings getSettings(String userfile, String groupfile, Boolean overrideLA)
			{
			@@ -68,14 +72,27 @@
			private void setupUS()
			{
			htpasswd = newHtpasswdAuthentication(getSettings());
			auth = newAuthenticationManager(getSettings());
			}

			private HtpasswdAuthProvider newHtpasswdAuthentication(IStoredSettings settings) {
			RuntimeManager runtime = new RuntimeManager(settings, GitBlitSuite.BASEFOLDER).start();
			UserManager users = new UserManager(runtime).start();
			XssFilter xssFilter = new AllowXssFilter();
			RuntimeManager runtime = new RuntimeManager(settings, xssFilter, GitBlitSuite.BASEFOLDER).start();
			UserManager users = new UserManager(runtime, null).start();
			HtpasswdAuthProvider htpasswd = new HtpasswdAuthProvider();
			htpasswd.setup(runtime, users);
			return htpasswd;
			}

			private AuthenticationManager newAuthenticationManager(IStoredSettings settings) {
			XssFilter xssFilter = new AllowXssFilter();
			RuntimeManager runtime = new RuntimeManager(settings, xssFilter, GitBlitSuite.BASEFOLDER).start();
			UserManager users = new UserManager(runtime, null).start();
			HtpasswdAuthProvider htpasswd = new HtpasswdAuthProvider();
			htpasswd.setup(runtime, users);
			AuthenticationManager auth = new AuthenticationManager(runtime, users);
			auth.addAuthenticationProvider(htpasswd);
			return auth;
			}


			@@ -180,6 +197,52 @@


			@Test
			public void testAuthenticationManager()
			{
			MS.put(KEY_SUPPORT_PLAINTEXT_PWD, "true");
			UserModel user = auth.authenticate("user1", "pass1".toCharArray(), null);
			assertNotNull(user);
			assertEquals("user1", user.username);

			user = auth.authenticate("user2", "pass2".toCharArray(), null);
			assertNotNull(user);
			assertEquals("user2", user.username);

			// Test different encryptions
			user = auth.authenticate("plain", "passWord".toCharArray(), null);
			assertNotNull(user);
			assertEquals("plain", user.username);

			MS.put(KEY_SUPPORT_PLAINTEXT_PWD, "false");
			user = auth.authenticate("crypt", "password".toCharArray(), null);
			assertNotNull(user);
			assertEquals("crypt", user.username);

			user = auth.authenticate("md5", "password".toCharArray(), null);
			assertNotNull(user);
			assertEquals("md5", user.username);

			user = auth.authenticate("sha", "password".toCharArray(), null);
			assertNotNull(user);
			assertEquals("sha", user.username);


			// Test leading and trailing whitespace
			user = auth.authenticate("trailing", "whitespace".toCharArray(), null);
			assertNotNull(user);
			assertEquals("trailing", user.username);

			user = auth.authenticate("tabbed", "frontAndBack".toCharArray(), null);
			assertNotNull(user);
			assertEquals("tabbed", user.username);

			user = auth.authenticate("leading", "whitespace".toCharArray(), null);
			assertNotNull(user);
			assertEquals("leading", user.username);
			}


			@Test
			public void testAttributes()
			{
			MS.put(KEY_SUPPORT_PLAINTEXT_PWD, "true");
			@@ -256,6 +319,63 @@


			@Test
			public void testAuthenticationMangerDenied()
			{
			UserModel user = null;
			MS.put(KEY_SUPPORT_PLAINTEXT_PWD, "true");
			user = auth.authenticate("user1", "".toCharArray(), null);
			assertNull("User 'user1' falsely authenticated.", user);

			user = auth.authenticate("user1", "pass2".toCharArray(), null);
			assertNull("User 'user1' falsely authenticated.", user);

			user = auth.authenticate("user2", "lalala".toCharArray(), null);
			assertNull("User 'user2' falsely authenticated.", user);


			user = auth.authenticate("user3", "disabled".toCharArray(), null);
			assertNull("User 'user3' falsely authenticated.", user);

			user = auth.authenticate("user4", "disabled".toCharArray(), null);
			assertNull("User 'user4' falsely authenticated.", user);


			user = auth.authenticate("plain", "text".toCharArray(), null);
			assertNull("User 'plain' falsely authenticated.", user);

			user = auth.authenticate("plain", "password".toCharArray(), null);
			assertNull("User 'plain' falsely authenticated.", user);


			MS.put(KEY_SUPPORT_PLAINTEXT_PWD, "false");

			user = auth.authenticate("crypt", "".toCharArray(), null);
			assertNull("User 'cyrpt' falsely authenticated.", user);

			user = auth.authenticate("crypt", "passwd".toCharArray(), null);
			assertNull("User 'crypt' falsely authenticated.", user);

			user = auth.authenticate("md5", "".toCharArray(), null);
			assertNull("User 'md5' falsely authenticated.", user);

			user = auth.authenticate("md5", "pwd".toCharArray(), null);
			assertNull("User 'md5' falsely authenticated.", user);

			user = auth.authenticate("sha", "".toCharArray(), null);
			assertNull("User 'sha' falsely authenticated.", user);

			user = auth.authenticate("sha", "letmein".toCharArray(), null);
			assertNull("User 'sha' falsely authenticated.", user);


			user = auth.authenticate(" tabbed", "frontAndBack".toCharArray(), null);
			assertNull("User 'tabbed' falsely authenticated.", user);

			user = auth.authenticate(" leading", "whitespace".toCharArray(), null);
			assertNull("User 'leading' falsely authenticated.", user);
			}

			@Test
			public void testCleartextIntrusion()
			{
			MS.put(KEY_SUPPORT_PLAINTEXT_PWD, "true");