Nemcio/SCM-Manager
1
0
Fork 0
mirror of https://github.com/scm-manager/scm-manager.git synced 2025-11-14 01:15:44 +01:00
Code Issues Packages Projects Releases Activity

added legacy plugin to support scm-manager 1.x password hashes

Browse Source
This commit is contained in:
Sebastian Sdorra
2014-12-20 11:33:03 +01:00
parent 866ce1e836
commit 28aa1137f0
8 changed files with 387 additions and 95 deletions
Download Patch File Download Diff File Expand all files Collapse all files

189
scm-core/src/main/java/sonia/scm/security/DAORealmHelper.java Normal file
View File

@@ -0,0 +1,189 @@
/**
* Copyright (c) 2014, Sebastian Sdorra All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer. 2. Redistributions in
* binary form must reproduce the above copyright notice, this list of
* conditions and the following disclaimer in the documentation and/or other
* materials provided with the distribution. 3. Neither the name of SCM-Manager;
* nor the names of its contributors may be used to endorse or promote products
* derived from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR
* ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* http://bitbucket.org/sdorra/scm-manager
*
*/
package sonia.scm.security;
//~--- non-JDK imports --------------------------------------------------------
import com.google.common.base.Strings;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.ImmutableSet.Builder;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.DisabledAccountException;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.SimplePrincipalCollection;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import sonia.scm.group.Group;
import sonia.scm.group.GroupDAO;
import sonia.scm.group.GroupNames;
import sonia.scm.user.User;
import sonia.scm.user.UserDAO;
import static com.google.common.base.Preconditions.checkArgument;
/**
* The {@link DAORealmHelper} provides a simple way to authenticate against the
* {@link UserDAO}. The class is used by the default and the legacy realm.
*
* @author Sebastian Sdorra
* @since 2.0.0
*/
public final class DAORealmHelper
{
/**
* the logger for DAORealmHelper
*/
private static final Logger logger =
LoggerFactory.getLogger(DAORealmHelper.class);
//~--- constructors ---------------------------------------------------------
/**
* Constructs ...
*
*
* @param realm
* @param userDAO
* @param groupDAO
*/
public DAORealmHelper(String realm, UserDAO userDAO, GroupDAO groupDAO)
{
this.realm = realm;
this.userDAO = userDAO;
this.groupDAO = groupDAO;
}
//~--- get methods ----------------------------------------------------------
/**
* Method description
*
*
* @param token
*
* @return
*
* @throws AuthenticationException
*/
public AuthenticationInfo getAuthenticationInfo(AuthenticationToken token)
throws AuthenticationException
{
checkArgument(token instanceof UsernamePasswordToken, "%s is required",
UsernamePasswordToken.class);
UsernamePasswordToken upt = (UsernamePasswordToken) token;
String principal = upt.getUsername();
checkArgument(!Strings.isNullOrEmpty(principal), "username is required");
logger.debug("try to authenticate {}", principal);
User user = userDAO.get(principal);
if (user == null)
{
//J-
throw new UnknownAccountException(
String.format("unknown account %s", principal)
);
//J+
}
if (!user.isActive())
{
//J-
throw new DisabledAccountException(
String.format("account %s is disabled", principal)
);
//J+
}
SimplePrincipalCollection collection = new SimplePrincipalCollection();
collection.add(principal, realm);
collection.add(user, realm);
collection.add(collectGroups(principal), realm);
return new SimpleAuthenticationInfo(collection, user.getPassword());
}
//~--- methods --------------------------------------------------------------
/**
* Method description
*
*
* @param principal
*
* @return
*/
private GroupNames collectGroups(String principal)
{
Builder<String> builder = ImmutableSet.builder();
builder.add(GroupNames.AUTHENTICATED);
for (Group group : groupDAO.getAll())
{
if (group.isMember(principal))
{
builder.add(group.getName());
}
}
GroupNames groups = new GroupNames(builder.build());
logger.debug("collected following groups for principal {}: {}", principal,
groups);
return groups;
}
//~--- fields ---------------------------------------------------------------
/** Field description */
private final GroupDAO groupDAO;
/** Field description */
private final String realm;
/** Field description */
private final UserDAO userDAO;
}

1
scm-plugins/pom.xml
View File

@@ -19,6 +19,7 @@
<module>scm-hg-plugin</module> <module>scm-hg-plugin</module>
<module>scm-git-plugin</module> <module>scm-git-plugin</module>
<module>scm-svn-plugin</module> <module>scm-svn-plugin</module>
<module>scm-legacy-plugin</module>
</modules> </modules>
<dependencies> <dependencies>

13
scm-plugins/scm-legacy-plugin/pom.xml Normal file
View File

@@ -0,0 +1,13 @@
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>sonia.scm.plugins</groupId>
<artifactId>scm-plugins</artifactId>
<version>2.0.0-SNAPSHOT</version>
</parent>
<groupId>sonia.scm.plugins</groupId>
<artifactId>scm-legacy-plugin</artifactId>
<version>2.0.0-SNAPSHOT</version>
<packaging>smp</packaging>
</project>

118
scm-plugins/scm-legacy-plugin/src/main/java/sonia/scm/legacy/LegacyRealm.java Normal file
View File

@@ -0,0 +1,118 @@
/**
* Copyright (c) 2014, Sebastian Sdorra All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer. 2. Redistributions in
* binary form must reproduce the above copyright notice, this list of
* conditions and the following disclaimer in the documentation and/or other
* materials provided with the distribution. 3. Neither the name of SCM-Manager;
* nor the names of its contributors may be used to endorse or promote products
* derived from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR
* ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* http://bitbucket.org/sdorra/scm-manager
*
*/
package sonia.scm.legacy;
//~--- non-JDK imports --------------------------------------------------------
import com.google.common.annotations.VisibleForTesting;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.crypto.hash.Sha1Hash;
import org.apache.shiro.realm.AuthenticatingRealm;
import sonia.scm.group.GroupDAO;
import sonia.scm.plugin.Extension;
import sonia.scm.security.DAORealmHelper;
import sonia.scm.user.UserDAO;
//~--- JDK imports ------------------------------------------------------------
import javax.inject.Inject;
import javax.inject.Singleton;
/**
* Support for SCM-Manager 1.x password hashes.
*
* @author Sebastian Sdorra
* @since 2.0.0
*/
@Extension
@Singleton
public class LegacyRealm extends AuthenticatingRealm
{
/** Field description */
@VisibleForTesting
static final String REALM = "LegacyRealm";
//~--- constructors ---------------------------------------------------------
/**
* Constructs ...
*
*
* @param userDAO
* @param groupDAO
*/
@Inject
public LegacyRealm(UserDAO userDAO, GroupDAO groupDAO)
{
this.helper = new DAORealmHelper(REALM, userDAO, groupDAO);
setAuthenticationTokenClass(UsernamePasswordToken.class);
HashedCredentialsMatcher matcher = new HashedCredentialsMatcher();
matcher.setHashAlgorithmName(Sha1Hash.ALGORITHM_NAME);
matcher.setHashIterations(1);
matcher.setStoredCredentialsHexEncoded(true);
setCredentialsMatcher(matcher);
}
//~--- methods --------------------------------------------------------------
/**
* Method description
*
*
* @param token
*
* @return
*
* @throws AuthenticationException
*/
@Override
protected AuthenticationInfo doGetAuthenticationInfo(
AuthenticationToken token)
throws AuthenticationException
{
return helper.getAuthenticationInfo(token);
}
//~--- fields ---------------------------------------------------------------
/** Field description */
private final DAORealmHelper helper;
}

56
scm-plugins/scm-legacy-plugin/src/main/resources/META-INF/scm/plugin.xml Normal file
View File

@@ -0,0 +1,56 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE plugin SYSTEM "https://download.scm-manager.org/dtd/plugin/2.0.0-01.dtd">
<!--
Copyright (c) 2010, Sebastian Sdorra
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation
and/or other materials provided with the distribution.
3. Neither the name of SCM-Manager; nor the names of its
contributors may be used to endorse or promote products derived from this
software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY
DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
http://bitbucket.org/sdorra/scm-manager
-->
<!--
Document : plugin.xml
Created on : October 12, 2010, 8:29 AM
Author : sdorra
Description:
Purpose of the document follows.
-->
<plugin>
<scm-version>2</scm-version>
<information>
<author>Sebastian Sdorra</author>
</information>
<conditions>
<min-version>${project.parent.version}</min-version>
</conditions>
</plugin>

6
scm-webapp/pom.xml
View File

@@ -374,6 +374,12 @@
<version>${project.version}</version> <version>${project.version}</version>
<type>smp</type> <type>smp</type>
</artifactItem> </artifactItem>
<artifactItem>
<groupId>sonia.scm.plugins</groupId>
<artifactId>scm-legacy-plugin</artifactId>
<version>${project.version}</version>
<type>smp</type>
</artifactItem>
</artifactItems> </artifactItems>
</configuration> </configuration>
<executions> <executions>

97
scm-webapp/src/main/java/sonia/scm/security/DefaultRealm.java
View File

@@ -34,36 +34,21 @@ package sonia.scm.security;
//~--- non-JDK imports -------------------------------------------------------- //~--- non-JDK imports --------------------------------------------------------
import com.google.common.annotations.VisibleForTesting; import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Strings;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.ImmutableSet.Builder;
import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo; import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken; import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.DisabledAccountException;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken; import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authc.credential.PasswordMatcher; import org.apache.shiro.authc.credential.PasswordMatcher;
import org.apache.shiro.authc.credential.PasswordService; import org.apache.shiro.authc.credential.PasswordService;
import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm; import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection; import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.SimplePrincipalCollection;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import sonia.scm.group.Group;
import sonia.scm.group.GroupDAO; import sonia.scm.group.GroupDAO;
import sonia.scm.group.GroupNames;
import sonia.scm.plugin.Extension; import sonia.scm.plugin.Extension;
import sonia.scm.user.User;
import sonia.scm.user.UserDAO; import sonia.scm.user.UserDAO;
import static com.google.common.base.Preconditions.*;
//~--- JDK imports ------------------------------------------------------------ //~--- JDK imports ------------------------------------------------------------
import javax.inject.Inject; import javax.inject.Inject;
@@ -84,12 +69,6 @@ public class DefaultRealm extends AuthorizingRealm
@VisibleForTesting @VisibleForTesting
static final String REALM = "DefaultRealm"; static final String REALM = "DefaultRealm";
/**
* the logger for DefaultRealm
*/
private static final Logger logger =
LoggerFactory.getLogger(DefaultRealm.class);
//~--- constructors --------------------------------------------------------- //~--- constructors ---------------------------------------------------------
/** /**
@@ -106,8 +85,7 @@ public class DefaultRealm extends AuthorizingRealm
AuthorizationCollector collector, UserDAO userDAO, GroupDAO groupDAO) AuthorizationCollector collector, UserDAO userDAO, GroupDAO groupDAO)
{ {
this.collector = collector; this.collector = collector;
this.userDAO = userDAO; this.helper = new DAORealmHelper(REALM, userDAO, groupDAO);
this.groupDAO = groupDAO;
PasswordMatcher matcher = new PasswordMatcher(); PasswordMatcher matcher = new PasswordMatcher();
@@ -133,43 +111,7 @@ public class DefaultRealm extends AuthorizingRealm
AuthenticationToken token) AuthenticationToken token)
throws AuthenticationException throws AuthenticationException
{ {
checkArgument(token instanceof UsernamePasswordToken, "%s is required", return helper.getAuthenticationInfo(token);
UsernamePasswordToken.class);
UsernamePasswordToken upt = (UsernamePasswordToken) token;
String principal = upt.getUsername();
checkArgument(!Strings.isNullOrEmpty(principal), "username is required");
logger.debug("try to authenticate {}", principal);
User user = userDAO.get(principal);
if (user == null)
{
//J-
throw new UnknownAccountException(
String.format("unknown account %s", principal)
);
//J+
}
if (!user.isActive())
{
//J-
throw new DisabledAccountException(
String.format("account %s is disabled", principal)
);
//J+
}
SimplePrincipalCollection collection = new SimplePrincipalCollection();
collection.add(principal, REALM);
collection.add(user, REALM);
collection.add(collectGroups(principal), REALM);
return new SimpleAuthenticationInfo(collection, user.getPassword());
} }
/** /**
@@ -187,44 +129,11 @@ public class DefaultRealm extends AuthorizingRealm
return collector.collect(principals); return collector.collect(principals);
} }
/**
* Method description
*
*
* @param principal
*
* @return
*/
private GroupNames collectGroups(String principal)
{
Builder<String> builder = ImmutableSet.builder();
builder.add(GroupNames.AUTHENTICATED);
for (Group group : groupDAO.getAll())
{
if (group.isMember(principal))
{
builder.add(group.getName());
}
}
GroupNames groups = new GroupNames(builder.build());
logger.debug("collected following groups for principal {}: {}", principal,
groups);
return groups;
}
//~--- fields --------------------------------------------------------------- //~--- fields ---------------------------------------------------------------
/** Field description */ /** Field description */
private final AuthorizationCollector collector; private final AuthorizationCollector collector;
/** Field description */ /** Field description */
private final GroupDAO groupDAO; private final DAORealmHelper helper;
/** Field description */
private final UserDAO userDAO;
} }

2
scm-webapp/src/test/java/sonia/scm/it/DeactivatedUserITCase.java
View File

@@ -128,7 +128,7 @@ public class DeactivatedUserITCase
ClientResponse response = authenticate(client, slarti.getName(), ClientResponse response = authenticate(client, slarti.getName(),
"slart123"); "slart123");
assertNotNull(response); assertNotNull(response);
assertEquals(HttpServletResponse.SC_FORBIDDEN, response.getStatus()); assertEquals(HttpServletResponse.SC_UNAUTHORIZED, response.getStatus());
} }
//~--- fields --------------------------------------------------------------- //~--- fields ---------------------------------------------------------------