directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kayyag...@apache.org
Subject svn commit: r1183056 - in /directory/apacheds/trunk: core-integ/src/test/java/org/apache/directory/server/core/authn/ppolicy/ core/src/main/java/org/apache/directory/server/core/authn/
Date Thu, 13 Oct 2011 20:00:44 GMT
Author: kayyagari
Date: Thu Oct 13 20:00:44 2011
New Revision: 1183056

URL: http://svn.apache.org/viewvc?rev=1183056&view=rev
Log:
o fixed an issue with maintaining the password history
o added a new test

Modified:
    directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authn/ppolicy/PasswordPolicyTest.java
    directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java
    directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/PasswordHistory.java

Modified: directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authn/ppolicy/PasswordPolicyTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authn/ppolicy/PasswordPolicyTest.java?rev=1183056&r1=1183055&r2=1183056&view=diff
==============================================================================
--- directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authn/ppolicy/PasswordPolicyTest.java
(original)
+++ directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authn/ppolicy/PasswordPolicyTest.java
Thu Oct 13 20:00:44 2011
@@ -432,6 +432,73 @@ public class PasswordPolicyTest extends 
     }
 
     
+    @Test
+    public void testPwdHistory() throws Exception
+    {
+        policyConfig.setPwdInHistory( 2 );
+        
+        LdapConnection connection = getAdminNetworkConnection( getLdapServer() );
+
+        Dn userDn = new Dn( "cn=userPwdHist,ou=system" );
+        Entry userEntry = new DefaultEntry(
+            userDn.toString(), 
+            "ObjectClass: top", 
+            "ObjectClass: person", 
+            "cn: userPwdHist",
+            "sn: userPwdHist_sn", 
+            "userPassword: 12345" );
+
+        AddRequest addRequest = new AddRequestImpl();
+        addRequest.setEntry( userEntry );
+        addRequest.addControl( PP_REQ_CTRL );
+
+        connection.add( addRequest );
+        
+        Entry entry = connection.lookup( userDn, "*", "+" );
+        
+        Attribute pwdHistAt = entry.get( PasswordPolicySchemaConstants.PWD_HISTORY_AT );
+        assertNotNull( pwdHistAt );
+        assertEquals( 1, pwdHistAt.size() );
+        
+        Thread.sleep( 1000 );// to avoid creating a history value with the same timestamp
+        ModifyRequest modReq = new ModifyRequestImpl();
+        modReq.setName( userDn );
+        modReq.addControl( PP_REQ_CTRL );
+        modReq.replace( SchemaConstants.USER_PASSWORD_AT, "67891" );
+
+        connection.modify( modReq );
+        
+        entry = connection.lookup( userDn, "*", "+" );
+        
+        pwdHistAt = entry.get( PasswordPolicySchemaConstants.PWD_HISTORY_AT );
+        assertNotNull( pwdHistAt );
+        assertEquals( 2, pwdHistAt.size() );
+        
+        Thread.sleep( 1000 );// to avoid creating a history value with the same timestamp
+        modReq = new ModifyRequestImpl();
+        modReq.setName( userDn );
+        modReq.addControl( PP_REQ_CTRL );
+        modReq.replace( SchemaConstants.USER_PASSWORD_AT, "abcde" );
+
+        ModifyResponse modResp = connection.modify( modReq );
+        assertEquals( ResultCodeEnum.SUCCESS, modResp.getLdapResult().getResultCode() );
+        
+        entry = connection.lookup( userDn, "*", "+" );
+        pwdHistAt = entry.get( PasswordPolicySchemaConstants.PWD_HISTORY_AT );
+        assertNotNull( pwdHistAt );
+        
+        // it should still hold only 2 values
+        assertEquals( 2, pwdHistAt.size() );
+        
+        // try to reuse the password, should fail
+        modResp = connection.modify( modReq );
+        assertEquals( ResultCodeEnum.CONSTRAINT_VIOLATION, modResp.getLdapResult().getResultCode()
);
+        
+        PasswordPolicy respCtrl = getPwdRespCtrl( modResp );
+        assertEquals( PASSWORD_IN_HISTORY, respCtrl.getResponse().getPasswordPolicyError()
);
+    }
+    
+    
     private PasswordPolicy getPwdRespCtrl( Response resp ) throws Exception
     {
         Control control = resp.getControls().get( PP_REQ_CTRL.getOid() );

Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java?rev=1183056&r1=1183055&r2=1183056&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java
(original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java
Thu Oct 13 20:00:44 2011
@@ -624,7 +624,7 @@ public class AuthenticationInterceptor e
                 	pwdHistoryAt = new DefaultAttribute( AT_PWD_HISTORY );
                 }
                 
-                Set<PasswordHistory> pwdHistSet = new TreeSet<PasswordHistory>();
+                List<PasswordHistory> pwdHistLst = new ArrayList<PasswordHistory>();
 
                 for ( Value<?> value : pwdHistoryAt  )
                 {
@@ -646,22 +646,25 @@ public class AuthenticationInterceptor e
                             "invalid reuse of password present in password history" );
                     }
 
-                    pwdHistSet.add( pwdh );
+                    pwdHistLst.add( pwdh );
                 }
 
-                PasswordHistory newPwdHist = new PasswordHistory( pwdChangedTime, newPassword
);
-                pwdHistSet.add( newPwdHist );
-
+                if ( pwdHistLst.size() >= histSize )
+                {
+                	// see the javadoc of PasswordHistory
+                	Collections.sort( pwdHistLst );
+                	
+                	// remove the oldest value
+                	PasswordHistory remPwdHist = ( PasswordHistory ) pwdHistLst.toArray()[histSize
- 1];
+                	Attribute tempAt = new DefaultAttribute( AT_PWD_HISTORY );
+                	tempAt.add( remPwdHist.getHistoryValue() );
+                	pwdRemHistMod = new DefaultModification( REMOVE_ATTRIBUTE, tempAt );
+                }
+                
                 pwdHistoryAt.clear();
+                PasswordHistory newPwdHist = new PasswordHistory( pwdChangedTime, newPassword
);
                 pwdHistoryAt.add( newPwdHist.getHistoryValue() );
                 pwdAddHistMod = new DefaultModification( ADD_ATTRIBUTE, pwdHistoryAt );
-
-                if ( pwdHistSet.size() > histSize )
-                {
-                    PasswordHistory remPwdHist = ( PasswordHistory ) pwdHistSet.toArray()[histSize
- 1];
-                    pwdHistoryAt.add( remPwdHist.getHistoryValue() );
-                    pwdRemHistMod = new DefaultModification( REMOVE_ATTRIBUTE, pwdHistoryAt
);
-                }
             }
 
             next.modify( modifyContext );

Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/PasswordHistory.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/PasswordHistory.java?rev=1183056&r1=1183055&r2=1183056&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/PasswordHistory.java
(original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/PasswordHistory.java
Thu Oct 13 20:00:44 2011
@@ -23,13 +23,15 @@ package org.apache.directory.server.core
 
 import org.apache.directory.shared.ldap.model.constants.SchemaConstants;
 import org.apache.directory.shared.util.Base64;
-import org.apache.directory.shared.util.DateUtils;
 import org.apache.directory.shared.util.Strings;
 
 
 /**
  * A class to hold the data of historical passwords of a entry.
- *
+ * Note: This class's natural ordering is inconsistent with the equals() method
+ *       hence it is advised not to use this in any implementations of sorted sets
+ *       Instead use Collections.sort() to sort the collection of PasswordHistory objects.
+ *       
  * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
  * @version $Rev$, $Date$
  */
@@ -131,7 +133,8 @@ public class PasswordHistory implements 
 
         PasswordHistory other = ( PasswordHistory ) o;
 
-        return this.getTime().equals( other.getTime() );
+        return this.getTime().equals( other.getTime() ) &&
+               this.data.equals( other.data );
     }
 
 
@@ -154,11 +157,4 @@ public class PasswordHistory implements 
         return "PasswordHistory [time=" + time + ", syntaxOID=" + syntaxOID + ", length="
+ length + ", data=" + data
             + "]";
     }
-    
-    public static void main( String[] args )
-    {
-        byte[] pwdhBytes = new PasswordHistory( DateUtils.getGeneralizedTime(), "secret".getBytes()
).getHistoryValue();
-        PasswordHistory pwdHistory = new PasswordHistory( Strings.utf8ToString(pwdhBytes)
);
-        System.out.println( pwdHistory );
-    }
 }



Mime
View raw message