refining some tests, preparing test for session service

Signed-off-by: Stephan Richter <s.richter@srsoftware.de>
2024-09-10 20:53:03 +02:00
parent caa9f07d79
commit f600040c0e
16 changed files with 150 additions and 65 deletions
--- a/de.srsoftware.oidc.datastore.file/src/main/java/de/srsoftware/oidc/datastore/file/FileStore.java
+++ b/de.srsoftware.oidc.datastore.file/src/main/java/de/srsoftware/oidc/datastore/file/FileStore.java
@@ -9,6 +9,7 @@ import static java.util.Optional.empty;

 import de.srsoftware.oidc.api.*;
 import de.srsoftware.oidc.api.data.*;
+import de.srsoftware.utils.PasswordHasher;
 import jakarta.mail.Authenticator;
 import jakarta.mail.PasswordAuthentication;
 import java.io.File;
@@ -186,8 +187,8 @@ public class FileStore implements AuthorizationService, ClientService, SessionSe
 				var userData = users.getJSONObject(userId);

 				if (KEYS.stream().map(userData::getString).noneMatch(val -> val.equals(user))) continue;
-				var hashedPass = userData.getString(PASSWORD);
-				if (passwordMatches(password, hashedPass)) return User.of(userData, userId);
+				var loadedUser = User.of(userData, userId).filter(u -> passwordMatches(password, u));
+				if (loadedUser.isPresent()) return loadedUser;
 			}
 			return empty();
 		} catch (Exception e) {
@@ -196,8 +197,8 @@ public class FileStore implements AuthorizationService, ClientService, SessionSe
 	}

 	@Override
-	public boolean passwordMatches(String password, String hashedPassword) {
-		return passwordHasher.matches(password, hashedPassword);
+	public boolean passwordMatches(String password, User user) {
+		return passwordHasher.matches(password, user.hashedPassword());
 	}

 	@Override
@@ -227,7 +228,7 @@ public class FileStore implements AuthorizationService, ClientService, SessionSe
 	public Session createSession(User user) {
 		var now	 = Instant.now();
 		var endOfSession = now.plus(user.sessionDuration());
-		return save(new Session(user, endOfSession, uuid().toString()));
+		return save(new Session(user, endOfSession, uuid()));
 	}

 	@Override
--- a/de.srsoftware.oidc.datastore.file/src/main/java/de/srsoftware/oidc/datastore/file/FileStoreProvider.java
+++ b/de.srsoftware.oidc.datastore.file/src/main/java/de/srsoftware/oidc/datastore/file/FileStoreProvider.java
@@ -1,6 +1,7 @@
 /* © SRSoftware 2024 */
 package de.srsoftware.oidc.datastore.file;

+import de.srsoftware.utils.UuidHasher;
 import java.io.File;
 import java.io.IOException;
 import java.util.HashMap;
--- a/de.srsoftware.oidc.datastore.file/src/main/java/de/srsoftware/oidc/datastore/file/UuidHasher.java
+++ b/de.srsoftware.oidc.datastore.file/src/main/java/de/srsoftware/oidc/datastore/file/UuidHasher.java
@@ -1,39 +0,0 @@
-/* © SRSoftware 2024 */
-package de.srsoftware.oidc.datastore.file;
-
-import static java.nio.charset.StandardCharsets.UTF_8;
-
-import de.srsoftware.oidc.api.PasswordHasher;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-
-
-public class UuidHasher implements PasswordHasher<String> {
-	private static final String SHA256 = "SHA-256";
-
-	private final MessageDigest digest;
-
-	public UuidHasher() throws NoSuchAlgorithmException {
-		digest = MessageDigest.getInstance(SHA256);
-	}
-
-	@Override
-	public String hash(String password, String uuid) {
-		var salt       = uuid;
-		var saltedPass = "%s %s".formatted(salt, password);
-		var bytes      = digest.digest(saltedPass.getBytes(UTF_8));
-
-		return "%s@%s".formatted(hex(bytes), salt);
-	}
-
-	@Override
-	public String salt(String hashedPassword) {
-		return hashedPassword.split("@", 2)[1];
-	}
-
-	public static String hex(byte[] bytes) {
-		StringBuilder sb = new StringBuilder(bytes.length * 2);
-		for (byte b : bytes) sb.append(String.format("%02x", b));
-		return sb.toString();
-	}
-}
--- a/de.srsoftware.oidc.datastore.file/src/test/java/de/srsoftware/oidc/datastore/file/FileStoreUserServiceTest.java
+++ b/de.srsoftware.oidc.datastore.file/src/test/java/de/srsoftware/oidc/datastore/file/FileStoreUserServiceTest.java
@@ -1,9 +1,10 @@
 /* © SRSoftware 2024 */
 package de.srsoftware.oidc.datastore.file;

-import de.srsoftware.oidc.api.PasswordHasher;
 import de.srsoftware.oidc.api.UserService;
 import de.srsoftware.oidc.api.UserServiceTest;
+import de.srsoftware.utils.PasswordHasher;
+import de.srsoftware.utils.UuidHasher;
 import java.io.File;
 import java.io.IOException;
 import java.security.NoSuchAlgorithmException;
@@ -29,7 +30,7 @@ public class FileStoreUserServiceTest extends UserServiceTest {
 	@BeforeEach
 	public void setup() throws IOException {
 		if (storage.exists()) storage.delete();
-		userService = new FileStore(storage, hasher);
+		userService = new FileStore(storage, hasher());
 	}

 	@Override
--- a/de.srsoftware.oidc.datastore.file/src/test/java/de/srsoftware/oidc/datastore/file/SessionServiceTest.java
+++ b/de.srsoftware.oidc.datastore.file/src/test/java/de/srsoftware/oidc/datastore/file/SessionServiceTest.java
@@ -0,0 +1,33 @@
+/* © SRSoftware 2024 */
+package de.srsoftware.oidc.datastore.file;
+
+import de.srsoftware.oidc.api.SessionService;
+import de.srsoftware.utils.PasswordHasher;
+import de.srsoftware.utils.UuidHasher;
+import java.io.File;
+import java.io.IOException;
+import java.security.NoSuchAlgorithmException;
+import java.util.UUID;
+import org.junit.jupiter.api.BeforeEach;
+
+public class SessionServiceTest {
+	private PasswordHasher<String> hasher  = null;
+	private File	               storage = new File("/tmp/" + UUID.randomUUID());
+	private SessionService         sessionService;
+
+	protected PasswordHasher<String> hasher() {
+		if (hasher == null) try {
+				hasher = new UuidHasher();
+			} catch (NoSuchAlgorithmException e) {
+				throw new RuntimeException(e);
+			}
+
+		return hasher;
+	}
+
+	@BeforeEach
+	public void setup() throws IOException {
+		if (storage.exists()) storage.delete();
+		sessionService = new FileStore(storage, hasher());
+	}
+}