shiro-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From lhazlew...@apache.org
Subject svn commit: r1340194 - in /shiro/branches/1.2.x/core/src: main/java/org/apache/shiro/authc/credential/PasswordMatcher.java test/groovy/org/apache/shiro/authc/credential/PasswordMatcherTest.groovy
Date Fri, 18 May 2012 18:05:05 GMT
Author: lhazlewood
Date: Fri May 18 18:05:04 2012
New Revision: 1340194

URL: http://svn.apache.org/viewvc?rev=1340194&view=rev
Log:
SHIRO-363: fix + test committed

Modified:
    shiro/branches/1.2.x/core/src/main/java/org/apache/shiro/authc/credential/PasswordMatcher.java
    shiro/branches/1.2.x/core/src/test/groovy/org/apache/shiro/authc/credential/PasswordMatcherTest.groovy

Modified: shiro/branches/1.2.x/core/src/main/java/org/apache/shiro/authc/credential/PasswordMatcher.java
URL: http://svn.apache.org/viewvc/shiro/branches/1.2.x/core/src/main/java/org/apache/shiro/authc/credential/PasswordMatcher.java?rev=1340194&r1=1340193&r2=1340194&view=diff
==============================================================================
--- shiro/branches/1.2.x/core/src/main/java/org/apache/shiro/authc/credential/PasswordMatcher.java
(original)
+++ shiro/branches/1.2.x/core/src/main/java/org/apache/shiro/authc/credential/PasswordMatcher.java
Fri May 18 18:05:04 2012
@@ -92,7 +92,12 @@ public class PasswordMatcher implements 
     }
 
     protected Object getStoredPassword(AuthenticationInfo storedAccountInfo) {
-        return storedAccountInfo != null ? storedAccountInfo.getCredentials() : null;
+        Object stored = storedAccountInfo != null ? storedAccountInfo.getCredentials() :
null;
+        //fix for https://issues.apache.org/jira/browse/SHIRO-363
+        if (stored instanceof char[]) {
+            stored = new String((char[])stored);
+        }
+        return stored;
     }
 
     public PasswordService getPasswordService() {

Modified: shiro/branches/1.2.x/core/src/test/groovy/org/apache/shiro/authc/credential/PasswordMatcherTest.groovy
URL: http://svn.apache.org/viewvc/shiro/branches/1.2.x/core/src/test/groovy/org/apache/shiro/authc/credential/PasswordMatcherTest.groovy?rev=1340194&r1=1340193&r2=1340194&view=diff
==============================================================================
--- shiro/branches/1.2.x/core/src/test/groovy/org/apache/shiro/authc/credential/PasswordMatcherTest.groovy
(original)
+++ shiro/branches/1.2.x/core/src/test/groovy/org/apache/shiro/authc/credential/PasswordMatcherTest.groovy
Fri May 18 18:05:04 2012
@@ -114,6 +114,34 @@ class PasswordMatcherTest extends Groovy
         verify token, info, service
     }
 
+    /**
+     * Asserts fix for https://issues.apache.org/jira/browse/SHIRO-363
+     */
+    void testCharArrayComparison() {
+        def service = createMock(PasswordService)
+        def token = createMock(AuthenticationToken)
+        def info = createMock(AuthenticationInfo)
+        //generate a stored password just for this test:
+        def submittedPassword = "foo"
+        def savedPasswordAsString = "foo";
+        def savedPassword = savedPasswordAsString.toCharArray()
+
+        expect(token.credentials).andReturn submittedPassword
+        expect(info.credentials).andReturn savedPassword
+
+        expect(service.passwordsMatch(eq(submittedPassword), eq(savedPasswordAsString))).andReturn
true
+
+        replay token, info, service
+
+        def matcher = new PasswordMatcher()
+        matcher.passwordService = service
+        assertSame service, matcher.passwordService
+
+        assertTrue matcher.doCredentialsMatch(token, info)
+
+        verify token, info, service
+    }
+
     void testUnexpectedSavedCredentialsType() {
         def service = createMock(HashingPasswordService)
         def token = createMock(AuthenticationToken)



Mime
View raw message