Ticket #269: Refactor password service to not depend on Credentials (password only). Remove database semantics from non-database password service.

2025-09-06 13:17:41 +00:00 · 2013-02-26 12:15:40 -08:00
parent 77f83dfaa4
commit 64d301dfb3
3 changed files with 28 additions and 27 deletions
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLAuthenticationProvider.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLAuthenticationProvider.java
@@ -119,11 +119,12 @@ public class MySQLAuthenticationProvider implements AuthenticationProvider {
        UserWithBLOBs user = users.get(0);

        // Get password service
-        PasswordEncryptionService passwordService = injector.getInstance(PasswordEncryptionService.class);
+        PasswordEncryptionService passwordService =
+                injector.getInstance(PasswordEncryptionService.class);

        // Check password, if invalid return null
-        if (!passwordService.checkCredentials(credentials,
-                user.getPassword_hash(), user.getUsername(), user.getPassword_salt()))
+        if (!passwordService.checkPassword(credentials.getPassword(),
+                user.getPassword_hash(), user.getPassword_salt()))
            return null;

        MySQLUserContext context = injector.getInstance(MySQLUserContext.class);
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/PasswordEncryptionService.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/PasswordEncryptionService.java
@@ -1,3 +1,6 @@
+
+package net.sourceforge.guacamole.net.auth.mysql.service;
+
 /* ***** BEGIN LICENSE BLOCK *****
 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
 *
@@ -33,9 +36,6 @@
 * the terms of any one of the MPL, the GPL or the LGPL.
 *
 * ***** END LICENSE BLOCK ***** */
-package net.sourceforge.guacamole.net.auth.mysql.service;
-
-import net.sourceforge.guacamole.net.auth.Credentials;

 /**
 * A service to perform password encryption and checking.
@@ -44,21 +44,26 @@ import net.sourceforge.guacamole.net.auth.Credentials;
 public interface PasswordEncryptionService {

    /**
-     * Checks if the provided Credentials are correct, compared with what the values from the database.
-     * @param credentials
-     * @param dbPasswordHash
-     * @param dbUsername
-     * @param dbSalt
-     * @return true if the provided credentials match what's in the database for that user.
+     * Checks whether the provided, unhashed password matches the given
+     * hash/salt pair.
+     *
+     * @param credentials The credentials to validate.
+     * @param hashedPassword The hashed password to compare the given password
+     *                       against.
+     * @param salt The salt used when the hashed password given was created.
+     * @return true if the provided credentials match the values given, false
+     *         otherwise.
     */
-    public boolean checkCredentials(Credentials credentials, byte[] dbPasswordHash, String dbUsername, byte[] dbSalt);
+    public boolean checkPassword(String password, byte[] hashedPassword,
+            byte[] salt);

    /**
-     * Creates a password hash based on the provided username, password, and salt.
-     * @param username
-     * @param password
-     * @param salt
-     * @return the generated password hash.
+     * Creates a password hash based on the provided username, password, and
+     * salt.
+     *
+     * @param password The password to hash.
+     * @param salt The salt to use when hashing the password.
+     * @return The generated password hash.
     */
    public byte[] createPasswordHash(String password, byte[] salt);
 }
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/Sha256PasswordEncryptionService.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/Sha256PasswordEncryptionService.java
@@ -42,7 +42,6 @@ import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
 import java.util.Arrays;
 import javax.xml.bind.DatatypeConverter;
-import net.sourceforge.guacamole.net.auth.Credentials;

 /**
 * Provides a SHA-256 based implementation of the password encryption functionality.
@@ -51,16 +50,12 @@ import net.sourceforge.guacamole.net.auth.Credentials;
 public class Sha256PasswordEncryptionService implements PasswordEncryptionService {

    @Override
-    public boolean checkCredentials(Credentials credentials,
-        byte[] dbPasswordHash, String dbUsername, byte[] dbSalt) {
-
-        // If usernames don't match, don't bother comparing passwords, just fail
-        if (!dbUsername.equals(credentials.getUsername()))
-            return false;
+    public boolean checkPassword(String password, byte[] hashedPassword,
+        byte[] salt) {

        // Compare bytes of password in credentials against hashed password
-        byte[] passwordBytes = createPasswordHash(credentials.getPassword(), dbSalt);
-        return Arrays.equals(passwordBytes, dbPasswordHash);
+        byte[] passwordBytes = createPasswordHash(password, salt);
+        return Arrays.equals(passwordBytes, hashedPassword);

    }