honeymoose/OpenSearch
1
0
Fork 0
mirror of https://github.com/honeymoose/OpenSearch.git synced 2025-03-09 14:34:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix password comparison in UsernamePasswordToken.equals

Browse Source 
The password comparison in the UsernamePasswordToken compares the
instances password to itself instead of the other instances password.

Closes elastic/elasticsearch#405

Original commit: elastic/x-pack-elasticsearch@3cb5658edf
This commit is contained in:
jaymode 2014-12-01 18:59:55 -05:00
parent c1cac5887a
commit 7a6a3d072f
2 changed files with 22 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/main/java/org/elasticsearch/shield/authc/support/UsernamePasswordToken.java
View File

@ -57,7 +57,7 @@ public class UsernamePasswordToken implements AuthenticationToken {
UsernamePasswordToken that = (UsernamePasswordToken) o;
return password.equals(password) &&
return Objects.equals(password, that.password) &&
Objects.equals(username, that.username);
}

21
src/test/java/org/elasticsearch/shield/authc/support/UsernamePasswordTokenTests.java
View File

@ -114,4 +114,25 @@ public class UsernamePasswordTokenTests extends ElasticsearchTestCase {
when(request.header(UsernamePasswordToken.BASIC_AUTH_HEADER)).thenReturn("Basic");
UsernamePasswordToken.extractToken(request, null);
}
@Test
public void testEqualsWithDifferentPasswords() {
UsernamePasswordToken token1 = new UsernamePasswordToken("username", new SecuredString("password".toCharArray()));
UsernamePasswordToken token2 = new UsernamePasswordToken("username", new SecuredString("new password".toCharArray()));
assertThat(token1, not(equalTo(token2)));
}
@Test
public void testEqualsWithDifferentUsernames() {
UsernamePasswordToken token1 = new UsernamePasswordToken("username", new SecuredString("password".toCharArray()));
UsernamePasswordToken token2 = new UsernamePasswordToken("username1", new SecuredString("password".toCharArray()));
assertThat(token1, not(equalTo(token2)));
}
@Test
public void testEquals() {
UsernamePasswordToken token1 = new UsernamePasswordToken("username", new SecuredString("password".toCharArray()));
UsernamePasswordToken token2 = new UsernamePasswordToken("username", new SecuredString("password".toCharArray()));
assertThat(token1, equalTo(token2));
}
}