Rename CompromisedPasswordCheckResult to CompromisedPasswordDecision
Issue gh-7395
This commit is contained in:
Marcus Hert Da Coregio
parent
1ca381c364
commit
b3c7f3ff19
|
|
@ -47,8 +47,8 @@ import org.springframework.security.authentication.TestingAuthenticationToken;
|
|||
import org.springframework.security.authentication.event.AbstractAuthenticationEvent;
|
||||
import org.springframework.security.authentication.event.AbstractAuthenticationFailureEvent;
|
||||
import org.springframework.security.authentication.event.AuthenticationSuccessEvent;
|
||||
import org.springframework.security.authentication.password.CompromisedPasswordCheckResult;
|
||||
import org.springframework.security.authentication.password.CompromisedPasswordChecker;
|
||||
import org.springframework.security.authentication.password.CompromisedPasswordDecision;
|
||||
import org.springframework.security.authentication.password.CompromisedPasswordException;
|
||||
import org.springframework.security.config.Customizer;
|
||||
import org.springframework.security.config.annotation.SecurityContextChangedListenerConfig;
|
||||
|
|
@ -809,11 +809,11 @@ public class HttpSecurityConfigurationTests {
|
|||
private static class TestCompromisedPasswordChecker implements CompromisedPasswordChecker {
|
||||
|
||||
@Override
|
||||
public CompromisedPasswordCheckResult check(String password) {
|
||||
public CompromisedPasswordDecision check(String password) {
|
||||
if ("password".equals(password)) {
|
||||
return new CompromisedPasswordCheckResult(true);
|
||||
return new CompromisedPasswordDecision(true);
|
||||
}
|
||||
return new CompromisedPasswordCheckResult(false);
|
||||
return new CompromisedPasswordDecision(false);
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -26,7 +26,7 @@ import org.springframework.beans.factory.annotation.Autowired;
|
|||
import org.springframework.context.ApplicationContext;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.authentication.password.CompromisedPasswordCheckResult;
|
||||
import org.springframework.security.authentication.password.CompromisedPasswordDecision;
|
||||
import org.springframework.security.authentication.password.CompromisedPasswordException;
|
||||
import org.springframework.security.authentication.password.ReactiveCompromisedPasswordChecker;
|
||||
import org.springframework.security.config.Customizer;
|
||||
|
|
@ -228,11 +228,11 @@ public class ServerHttpSecurityConfigurationTests {
|
|||
static class TestReactivePasswordChecker implements ReactiveCompromisedPasswordChecker {
|
||||
|
||||
@Override
|
||||
public Mono<CompromisedPasswordCheckResult> check(String password) {
|
||||
public Mono<CompromisedPasswordDecision> check(String password) {
|
||||
if ("password".equals(password)) {
|
||||
return Mono.just(new CompromisedPasswordCheckResult(true));
|
||||
return Mono.just(new CompromisedPasswordDecision(true));
|
||||
}
|
||||
return Mono.just(new CompromisedPasswordCheckResult(false));
|
||||
return Mono.just(new CompromisedPasswordDecision(false));
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -25,8 +25,8 @@ import reactor.core.scheduler.Schedulers;
|
|||
import org.springframework.context.MessageSource;
|
||||
import org.springframework.context.MessageSourceAware;
|
||||
import org.springframework.context.support.MessageSourceAccessor;
|
||||
import org.springframework.security.authentication.password.CompromisedPasswordCheckResult;
|
||||
import org.springframework.security.authentication.password.CompromisedPasswordChecker;
|
||||
import org.springframework.security.authentication.password.CompromisedPasswordDecision;
|
||||
import org.springframework.security.authentication.password.CompromisedPasswordException;
|
||||
import org.springframework.security.authentication.password.ReactiveCompromisedPasswordChecker;
|
||||
import org.springframework.security.core.Authentication;
|
||||
|
|
@ -118,7 +118,7 @@ public abstract class AbstractUserDetailsReactiveAuthenticationManager
|
|||
return Mono.empty();
|
||||
}
|
||||
return this.compromisedPasswordChecker.check(password)
|
||||
.filter(CompromisedPasswordCheckResult::isCompromised)
|
||||
.filter(CompromisedPasswordDecision::isCompromised)
|
||||
.flatMap((compromised) -> Mono.error(new CompromisedPasswordException(
|
||||
"The provided password is compromised, please change your password")));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -29,9 +29,9 @@ public interface CompromisedPasswordChecker {
|
|||
/**
|
||||
* Check whether the password is compromised
|
||||
* @param password the password to check
|
||||
* @return a non-null {@link CompromisedPasswordCheckResult}
|
||||
* @return a non-null {@link CompromisedPasswordDecision}
|
||||
*/
|
||||
@NonNull
|
||||
CompromisedPasswordCheckResult check(String password);
|
||||
CompromisedPasswordDecision check(String password);
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -16,11 +16,11 @@
|
|||
|
||||
package org.springframework.security.authentication.password;
|
||||
|
||||
public class CompromisedPasswordCheckResult {
|
||||
public class CompromisedPasswordDecision {
|
||||
|
||||
private final boolean compromised;
|
||||
|
||||
public CompromisedPasswordCheckResult(boolean compromised) {
|
||||
public CompromisedPasswordDecision(boolean compromised) {
|
||||
this.compromised = compromised;
|
||||
}
|
||||
|
||||
|
|
@ -29,8 +29,8 @@ public interface ReactiveCompromisedPasswordChecker {
|
|||
/**
|
||||
* Check whether the password is compromised
|
||||
* @param password the password to check
|
||||
* @return a {@link Mono} containing the {@link CompromisedPasswordCheckResult}
|
||||
* @return a {@link Mono} containing the {@link CompromisedPasswordDecision}
|
||||
*/
|
||||
Mono<CompromisedPasswordCheckResult> check(String password);
|
||||
Mono<CompromisedPasswordDecision> check(String password);
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -27,7 +27,7 @@ import reactor.core.scheduler.Schedulers;
|
|||
import reactor.test.StepVerifier;
|
||||
|
||||
import org.springframework.context.MessageSource;
|
||||
import org.springframework.security.authentication.password.CompromisedPasswordCheckResult;
|
||||
import org.springframework.security.authentication.password.CompromisedPasswordDecision;
|
||||
import org.springframework.security.authentication.password.CompromisedPasswordException;
|
||||
import org.springframework.security.authentication.password.ReactiveCompromisedPasswordChecker;
|
||||
import org.springframework.security.core.Authentication;
|
||||
|
|
@ -276,11 +276,11 @@ public class UserDetailsRepositoryReactiveAuthenticationManagerTests {
|
|||
static class TestReactivePasswordChecker implements ReactiveCompromisedPasswordChecker {
|
||||
|
||||
@Override
|
||||
public Mono<CompromisedPasswordCheckResult> check(String password) {
|
||||
public Mono<CompromisedPasswordDecision> check(String password) {
|
||||
if ("password".equals(password)) {
|
||||
return Mono.just(new CompromisedPasswordCheckResult(true));
|
||||
return Mono.just(new CompromisedPasswordDecision(true));
|
||||
}
|
||||
return Mono.just(new CompromisedPasswordCheckResult(false));
|
||||
return Mono.just(new CompromisedPasswordDecision(false));
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -33,8 +33,8 @@ import org.springframework.security.authentication.InternalAuthenticationService
|
|||
import org.springframework.security.authentication.LockedException;
|
||||
import org.springframework.security.authentication.TestingAuthenticationToken;
|
||||
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
||||
import org.springframework.security.authentication.password.CompromisedPasswordCheckResult;
|
||||
import org.springframework.security.authentication.password.CompromisedPasswordChecker;
|
||||
import org.springframework.security.authentication.password.CompromisedPasswordDecision;
|
||||
import org.springframework.security.authentication.password.CompromisedPasswordException;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
|
|
@ -637,11 +637,11 @@ public class DaoAuthenticationProviderTests {
|
|||
private static class TestCompromisedPasswordChecker implements CompromisedPasswordChecker {
|
||||
|
||||
@Override
|
||||
public CompromisedPasswordCheckResult check(String password) {
|
||||
public CompromisedPasswordDecision check(String password) {
|
||||
if ("password".equals(password)) {
|
||||
return new CompromisedPasswordCheckResult(true);
|
||||
return new CompromisedPasswordDecision(true);
|
||||
}
|
||||
return new CompromisedPasswordCheckResult(false);
|
||||
return new CompromisedPasswordDecision(false);
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -26,8 +26,8 @@ import org.apache.commons.logging.Log;
|
|||
import org.apache.commons.logging.LogFactory;
|
||||
|
||||
import org.springframework.lang.NonNull;
|
||||
import org.springframework.security.authentication.password.CompromisedPasswordCheckResult;
|
||||
import org.springframework.security.authentication.password.CompromisedPasswordChecker;
|
||||
import org.springframework.security.authentication.password.CompromisedPasswordDecision;
|
||||
import org.springframework.security.crypto.codec.Hex;
|
||||
import org.springframework.util.Assert;
|
||||
import org.springframework.util.StringUtils;
|
||||
|
|
@ -61,7 +61,7 @@ public final class HaveIBeenPwnedRestApiPasswordChecker implements CompromisedPa
|
|||
|
||||
@Override
|
||||
@NonNull
|
||||
public CompromisedPasswordCheckResult check(String password) {
|
||||
public CompromisedPasswordDecision check(String password) {
|
||||
byte[] hash = this.sha1Digest.digest(password.getBytes(StandardCharsets.UTF_8));
|
||||
String encoded = new String(Hex.encode(hash)).toUpperCase();
|
||||
String prefix = encoded.substring(0, PREFIX_LENGTH);
|
||||
|
|
@ -69,7 +69,7 @@ public final class HaveIBeenPwnedRestApiPasswordChecker implements CompromisedPa
|
|||
|
||||
List<String> passwords = getLeakedPasswordsForPrefix(prefix);
|
||||
boolean isLeaked = findLeakedPassword(passwords, suffix);
|
||||
return new CompromisedPasswordCheckResult(isLeaked);
|
||||
return new CompromisedPasswordDecision(isLeaked);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -26,7 +26,7 @@ import reactor.core.publisher.Flux;
|
|||
import reactor.core.publisher.Mono;
|
||||
import reactor.core.scheduler.Schedulers;
|
||||
|
||||
import org.springframework.security.authentication.password.CompromisedPasswordCheckResult;
|
||||
import org.springframework.security.authentication.password.CompromisedPasswordDecision;
|
||||
import org.springframework.security.authentication.password.ReactiveCompromisedPasswordChecker;
|
||||
import org.springframework.security.crypto.codec.Hex;
|
||||
import org.springframework.util.Assert;
|
||||
|
|
@ -60,10 +60,10 @@ public class HaveIBeenPwnedRestApiReactivePasswordChecker implements ReactiveCom
|
|||
}
|
||||
|
||||
@Override
|
||||
public Mono<CompromisedPasswordCheckResult> check(String password) {
|
||||
public Mono<CompromisedPasswordDecision> check(String password) {
|
||||
return getHash(password).map((hash) -> new String(Hex.encode(hash)))
|
||||
.flatMap(this::findLeakedPassword)
|
||||
.map(CompromisedPasswordCheckResult::new);
|
||||
.map(CompromisedPasswordDecision::new);
|
||||
}
|
||||
|
||||
private Mono<Boolean> findLeakedPassword(String encodedPassword) {
|
||||
|
|
|
|||
|
|
@ -25,7 +25,7 @@ import org.junit.jupiter.api.AfterEach;
|
|||
import org.junit.jupiter.api.BeforeEach;
|
||||
import org.junit.jupiter.api.Test;
|
||||
|
||||
import org.springframework.security.authentication.password.CompromisedPasswordCheckResult;
|
||||
import org.springframework.security.authentication.password.CompromisedPasswordDecision;
|
||||
import org.springframework.web.client.RestClient;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
|
|
@ -69,7 +69,7 @@ class HaveIBeenPwnedRestApiPasswordCheckerTests {
|
|||
@Test
|
||||
void checkWhenPasswordIsLeakedThenIsCompromised() throws InterruptedException {
|
||||
this.server.enqueue(new MockResponse().setBody(this.pwnedPasswords).setResponseCode(200));
|
||||
CompromisedPasswordCheckResult check = this.passwordChecker.check("P@ssw0rd");
|
||||
CompromisedPasswordDecision check = this.passwordChecker.check("P@ssw0rd");
|
||||
assertThat(check.isCompromised()).isTrue();
|
||||
assertThat(this.server.takeRequest().getPath()).isEqualTo("/range/21BD1");
|
||||
}
|
||||
|
|
@ -77,14 +77,14 @@ class HaveIBeenPwnedRestApiPasswordCheckerTests {
|
|||
@Test
|
||||
void checkWhenPasswordNotLeakedThenNotCompromised() {
|
||||
this.server.enqueue(new MockResponse().setBody(this.pwnedPasswords).setResponseCode(200));
|
||||
CompromisedPasswordCheckResult check = this.passwordChecker.check("My1nCr3d!bL3P@SS0W0RD");
|
||||
CompromisedPasswordDecision check = this.passwordChecker.check("My1nCr3d!bL3P@SS0W0RD");
|
||||
assertThat(check.isCompromised()).isFalse();
|
||||
}
|
||||
|
||||
@Test
|
||||
void checkWhenNoPasswordsReturnedFromApiCallThenNotCompromised() {
|
||||
this.server.enqueue(new MockResponse().setResponseCode(200));
|
||||
CompromisedPasswordCheckResult check = this.passwordChecker.check("123456");
|
||||
CompromisedPasswordDecision check = this.passwordChecker.check("123456");
|
||||
assertThat(check.isCompromised()).isFalse();
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue