From a399690e353ca74b4398e2c0d22808b74a26e562 Mon Sep 17 00:00:00 2001 From: Eric Jaso Date: Sun, 14 Jun 2015 12:08:22 -0400 Subject: [PATCH 1/3] UtilityTest added. --- test/util/UtilityTest.java | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 test/util/UtilityTest.java diff --git a/test/util/UtilityTest.java b/test/util/UtilityTest.java new file mode 100644 index 0000000..a338a4a --- /dev/null +++ b/test/util/UtilityTest.java @@ -0,0 +1,5 @@ +package util; + +public class UtilityTest { + +} \ No newline at end of file From 02259c4a2659a1f911bc0bf3e37e22ecd6e3bf4e Mon Sep 17 00:00:00 2001 From: Eric Jaso Date: Sun, 14 Jun 2015 13:22:52 -0400 Subject: [PATCH 2/3] Added validateUserForCreation in User.java + tests. --- app/models/User.java | 53 +++++++++++++++-------------------- test/models/CommentTest.java | 2 +- test/models/PostTest.java | 2 +- test/models/UserTest.java | 54 +++++++++++++++++++++++++----------- 4 files changed, 63 insertions(+), 48 deletions(-) diff --git a/app/models/User.java b/app/models/User.java index 5ebe926..d1f957f 100644 --- a/app/models/User.java +++ b/app/models/User.java @@ -1,21 +1,16 @@ package models; -import java.util.Date; - import javax.persistence.AttributeOverride; import javax.persistence.Column; import javax.persistence.Entity; -import javax.persistence.GeneratedValue; -import javax.persistence.GenerationType; -import javax.persistence.Id; import javax.persistence.NoResultException; import javax.persistence.Table; import javax.persistence.Transient; -import com.fasterxml.jackson.annotation.JsonIgnore; - import play.db.jpa.JPA; +import com.fasterxml.jackson.annotation.JsonIgnore; + /** * @author kylewong * @@ -23,13 +18,14 @@ @Entity @Table(name="user") @AttributeOverride(name = "id", column = @Column(name = "user_id")) -public class User extends AbstractModel{ +public class User extends AbstractModel { + + private static final int SALT_SIZE = 32; + private static final int MINIMUM_PASSWORD_SIZE = 6; @Column(unique=true) private String username; - private String name; - @JsonIgnore private String password; @@ -40,16 +36,14 @@ public class User extends AbstractModel{ private String salt; public User(){} - public User(String username, String name){ + public User(String username) { this.username=username; - this.name=name; } - public User(String username, String name, String password, + public User(String username,String password, String confirmPassword) { this.username = username; - this.name = name; this.password = password; this.confirmPassword = confirmPassword; } @@ -63,12 +57,6 @@ public String getUsername() { public void setUsername(String username) { this.username = username; } - public String getName() { - return name; - } - public void setName(String name) { - this.name = name; - } public String getPassword() { return password; } @@ -87,14 +75,22 @@ public String getSalt() { public void setSalt(String salt) { this.salt = salt; } + public boolean validateUserForCreation() { + if (getPassword() == null || getPassword().length() < MINIMUM_PASSWORD_SIZE) { + return false; + } else if (getConfirmPassword() == null || !getPassword().equals(getConfirmPassword())) { + return false; + } + return true; + } /* * STATIC METHODS */ - public static User findUserById(long id){ + public static User findUserById(long id) { return JPA.em().find(User.class, id); } - public static User findUserByUsername(String username){ + public static User findUserByUsername(String username) { User u; try{ u = JPA.em(). @@ -107,8 +103,8 @@ public static User findUserByUsername(String username){ } return u; } - - public static User createUser(User user){ + + public static User createUser(User user) { try{ JPA.em().persist(user); }catch(Exception e){ @@ -121,15 +117,12 @@ public static User createUser(User user){ //Not necessarily needed since dirty checking is enabled by default for hibernate //created just in case - public static User updateUser(User updatedUser){ + public static User updateUser(User updatedUser) { JPA.em().merge(updatedUser); return updatedUser; } - public static void deleteUser(User user){ + public static void deleteUser(User user) { JPA.em().remove(user); - } - - - + } } diff --git a/test/models/CommentTest.java b/test/models/CommentTest.java index b1ff8dd..c7627c9 100644 --- a/test/models/CommentTest.java +++ b/test/models/CommentTest.java @@ -14,7 +14,7 @@ public void createObjects(){ JPA.withTransaction(new play.libs.F.Callback0() { @Override public void invoke() throws Throwable { - User u = User.createUser(new User("caiyo", "Kyle")); + User u = User.createUser(new User("caiyo")); Post.createPost(new Post(u, "this is post 1")); } }); diff --git a/test/models/PostTest.java b/test/models/PostTest.java index 5c568b8..653feb6 100644 --- a/test/models/PostTest.java +++ b/test/models/PostTest.java @@ -15,7 +15,7 @@ public void createObjects(){ JPA.withTransaction(new play.libs.F.Callback0() { @Override public void invoke() throws Throwable { - User u = User.createUser(new User("caiyo", "Kyle")); + User u = User.createUser(new User("caiyo")); Post.createPost(new Post(u, "this is post 1")); } }); diff --git a/test/models/UserTest.java b/test/models/UserTest.java index 30b1377..7df975b 100644 --- a/test/models/UserTest.java +++ b/test/models/UserTest.java @@ -1,6 +1,9 @@ package models; -import static org.junit.Assert.*; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertNull; import org.junit.Before; import org.junit.Test; @@ -13,17 +16,17 @@ public void createUser(){ JPA.withTransaction(new play.libs.F.Callback0() { @Override public void invoke() throws Throwable { - User.createUser(new User("caiyo", "Kyle")); + User.createUser(new User("caiyo", "", "")); } }); } @Test - public void testUserCreation(){ + public void testUserCreation() { JPA.withTransaction(new play.libs.F.Callback0() { @Override public void invoke() throws Throwable { - User u =User.createUser(new User("test", "Kyle")); + User u =User.createUser(new User("test")); assertNotNull(u); } @@ -31,34 +34,33 @@ public void invoke() throws Throwable { } @Test - public void testUserNotCreated(){ + public void testUserNotCreated() { JPA.withTransaction(new play.libs.F.Callback0() { @Override public void invoke() throws Throwable { - User u =User.createUser(new User("caiyo", "Kyle")); + User u = User.createUser(new User("caiyo")); assertNull(u); - } }); } @Test - public void testFindUserById(){ + public void testFindUserById() { JPA.withTransaction(new play.libs.F.Callback0() { @Override public void invoke() throws Throwable { - User u =User.findUserById(1); + User u = User.findUserById(1); assertNotNull(u); } }); } @Test - public void testFindUserByUsername(){ + public void testFindUserByUsername() { JPA.withTransaction(new play.libs.F.Callback0() { @Override public void invoke() throws Throwable { - User u =User.findUserByUsername("caiyo"); + User u = User.findUserByUsername("caiyo"); assertNotNull(u); assertEquals(u.getUsername(), "caiyo"); @@ -66,22 +68,20 @@ public void invoke() throws Throwable { }); } @Test - public void testUserUpdate(){ + public void testUserUpdate() { JPA.withTransaction(new play.libs.F.Callback0() { @Override public void invoke() throws Throwable { - User u =User.findUserById(1); - u.setName("Shaun"); + User u = User.findUserById(1); User.updateUser(u); User updated = User.findUserById(1); assertNotNull(updated); - assertEquals(updated.getName(), "Shaun"); } }); } @Test - public void testUserDelete(){ + public void testUserDelete() { JPA.withTransaction(new play.libs.F.Callback0() { @Override public void invoke() throws Throwable { @@ -95,4 +95,26 @@ public void invoke() throws Throwable { } }); } + @Test + public void testUserConstructor() { + User u = new User("testuser", "abc", "abc"); + assertNotNull(u.getUsername()); + assertNotNull(u.getPassword()); + assertNotNull(u.getConfirmPassword()); + } + @Test + public void testValidateUserShortPassword() { + User u = new User("testuser", "abc", "abc"); + assertFalse(u.validateUserForCreation()); + } + @Test + public void testValidateUserWrongConfirmPassword() { + User u = new User("testuser", "password", "123456"); + assertFalse(u.validateUserForCreation()); + } + @Test + public void testValidateUserNullConfirmPassword() { + User u = new User("testuser", "password", null); + assertFalse(u.validateUserForCreation()); + } } From d82bac75285d18d9495fb44441bcb14fe8c65b7c Mon Sep 17 00:00:00 2001 From: Eric Jaso Date: Sun, 14 Jun 2015 14:02:55 -0400 Subject: [PATCH 3/3] method to generate user hash + salt --- app/models/User.java | 24 ++++++++++++++++++++++-- test/models/UserTest.java | 23 ++++++++++++++++++++++- 2 files changed, 44 insertions(+), 3 deletions(-) diff --git a/app/models/User.java b/app/models/User.java index d1f957f..86f8d6f 100644 --- a/app/models/User.java +++ b/app/models/User.java @@ -6,6 +6,7 @@ import javax.persistence.NoResultException; import javax.persistence.Table; import javax.persistence.Transient; +import util.Utility; import play.db.jpa.JPA; @@ -40,7 +41,6 @@ public User(String username) { this.username=username; } - public User(String username,String password, String confirmPassword) { this.username = username; @@ -54,27 +54,35 @@ public User(String username,String password, public String getUsername() { return username; } + public void setUsername(String username) { this.username = username; } + public String getPassword() { return password; } + public void setPassword(String password) { this.password = password; } + public String getConfirmPassword() { return confirmPassword; } + public void setConfirmPassword(String confirmPassword) { this.confirmPassword = confirmPassword; } + public String getSalt() { return salt; } + public void setSalt(String salt) { this.salt = salt; } + public boolean validateUserForCreation() { if (getPassword() == null || getPassword().length() < MINIMUM_PASSWORD_SIZE) { return false; @@ -83,6 +91,18 @@ public boolean validateUserForCreation() { } return true; } + + public boolean validateForLogin(String submittedPassword) { + String hash = Utility.hashString(submittedPassword, getSalt()); + return hash.equalsIgnoreCase(getPassword()); + } + + public void createUserCredentials() { + if (getPassword() != null) { + setSalt(Utility.generateHexString(SALT_SIZE)); + setPassword(Utility.hashString(getPassword(), getSalt())); + } + } /* * STATIC METHODS */ @@ -124,5 +144,5 @@ public static User updateUser(User updatedUser) { public static void deleteUser(User user) { JPA.em().remove(user); - } + } } diff --git a/test/models/UserTest.java b/test/models/UserTest.java index 7df975b..a47c047 100644 --- a/test/models/UserTest.java +++ b/test/models/UserTest.java @@ -2,6 +2,7 @@ import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertTrue; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertNull; @@ -26,13 +27,14 @@ public void testUserCreation() { JPA.withTransaction(new play.libs.F.Callback0() { @Override public void invoke() throws Throwable { - User u =User.createUser(new User("test")); + User u = User.createUser(new User("test")); assertNotNull(u); } }); } + @Test public void testUserNotCreated() { JPA.withTransaction(new play.libs.F.Callback0() { @@ -44,6 +46,7 @@ public void invoke() throws Throwable { }); } + @Test public void testFindUserById() { JPA.withTransaction(new play.libs.F.Callback0() { @@ -55,6 +58,7 @@ public void invoke() throws Throwable { } }); } + @Test public void testFindUserByUsername() { JPA.withTransaction(new play.libs.F.Callback0() { @@ -67,6 +71,7 @@ public void invoke() throws Throwable { } }); } + @Test public void testUserUpdate() { JPA.withTransaction(new play.libs.F.Callback0() { @@ -80,6 +85,7 @@ public void invoke() throws Throwable { } }); } + @Test public void testUserDelete() { JPA.withTransaction(new play.libs.F.Callback0() { @@ -95,6 +101,7 @@ public void invoke() throws Throwable { } }); } + @Test public void testUserConstructor() { User u = new User("testuser", "abc", "abc"); @@ -102,19 +109,33 @@ public void testUserConstructor() { assertNotNull(u.getPassword()); assertNotNull(u.getConfirmPassword()); } + @Test public void testValidateUserShortPassword() { User u = new User("testuser", "abc", "abc"); assertFalse(u.validateUserForCreation()); } + @Test public void testValidateUserWrongConfirmPassword() { User u = new User("testuser", "password", "123456"); assertFalse(u.validateUserForCreation()); } + @Test public void testValidateUserNullConfirmPassword() { User u = new User("testuser", "password", null); assertFalse(u.validateUserForCreation()); } + + @Test + public void testCreateUserCredentials() { + User u = new User("testuser", "password", "password"); + String oldPassword = u.getPassword(); + assertNull(u.getSalt()); + u.createUserCredentials(); + assertFalse(oldPassword.equals(u.getPassword())); + assertTrue(u.getPassword().length() == 64); //SHA-256 String length; + assertNotNull(u.getSalt()); + } }