From 28f4e988d7e7f7d2aea76d4d4667d9f7106bf5b1 Mon Sep 17 00:00:00 2001 From: Thomas <> Date: Thu, 29 Sep 2022 14:03:44 +0200 Subject: feat(spring-sec): add PasswordEncorder decorator to speed-up password validation on REST API's --- .../test/utils/CachingPasswordEncoderTest.java | 54 ++++++++++++++++++++++ 1 file changed, 54 insertions(+) create mode 100644 eaaf-springboot-utils/src/test/java/at/gv/egiz/eaaf/utils/springboot/test/utils/CachingPasswordEncoderTest.java (limited to 'eaaf-springboot-utils/src/test/java/at/gv/egiz/eaaf/utils') diff --git a/eaaf-springboot-utils/src/test/java/at/gv/egiz/eaaf/utils/springboot/test/utils/CachingPasswordEncoderTest.java b/eaaf-springboot-utils/src/test/java/at/gv/egiz/eaaf/utils/springboot/test/utils/CachingPasswordEncoderTest.java new file mode 100644 index 00000000..bae19cac --- /dev/null +++ b/eaaf-springboot-utils/src/test/java/at/gv/egiz/eaaf/utils/springboot/test/utils/CachingPasswordEncoderTest.java @@ -0,0 +1,54 @@ +package at.gv.egiz.eaaf.utils.springboot.test.utils; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertTrue; + +import org.apache.commons.lang3.RandomStringUtils; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.BlockJUnit4ClassRunner; +import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; +import org.springframework.security.crypto.password.PasswordEncoder; + +import at.gv.egiz.eaaf.utils.springboot.utils.CachingPasswordEncoder; + +@RunWith(BlockJUnit4ClassRunner.class) +public class CachingPasswordEncoderTest { + + PasswordEncoder orgEncoder = new BCryptPasswordEncoder(); + PasswordEncoder testEncoder = new CachingPasswordEncoder(orgEncoder); + + @Test + public void upgradeEncoding() { + String enc = new BCryptPasswordEncoder().encode(RandomStringUtils.randomAlphabetic(5)); + + assertEquals("upgradeEncoding", + orgEncoder.upgradeEncoding(enc), + testEncoder.upgradeEncoding(enc)); + + } + + @Test + public void encodePassword() { + String plain = RandomStringUtils.randomAlphabetic(5); + assertNotNull("password encoded", testEncoder.encode(plain)); + + } + + @Test + public void matchPassword() { + String plain = RandomStringUtils.randomAlphabetic(5); + String encoded = testEncoder.encode(plain); + + assertTrue("valid password", testEncoder.matches(plain, encoded)); + assertTrue("valid password again", testEncoder.matches(plain, encoded)); + + assertFalse("password in cache, but changed on server", + testEncoder.matches(plain, RandomStringUtils.randomAlphabetic(10))); + assertFalse("wrong password send", testEncoder.matches(RandomStringUtils.randomAlphabetic(5), encoded)); + + } + +} -- cgit v1.2.3