rename SessionStore to CredentialsStore

2025-11-11 16:05:44 +01:00 · 2017-02-26 14:54:01 +01:00
parent 06b67e2c72
commit a6120f0b16
5 changed files with 120 additions and 12 deletions
--- a/scm-webapp/src/main/java/sonia/scm/security/AuthenticationInfoCollector.java
+++ b/scm-webapp/src/main/java/sonia/scm/security/AuthenticationInfoCollector.java
@@ -59,22 +59,22 @@ public class AuthenticationInfoCollector {
  
  private final LocalDatabaseSynchronizer synchronizer;
  private final GroupCollector groupCollector; 
-  private final SessionStore sessionStore;
+  private final CredentialsStore sessionStore;

  /**
   * Construct a new AuthenticationInfoCollector.
   * 
   * @param synchronizer local database synchronizer
   * @param groupCollector groups collector
-   * @param sessionStore session store
+   * @param credentialsStore credentials store
   */
  @Inject
  public AuthenticationInfoCollector(
-    LocalDatabaseSynchronizer synchronizer, GroupCollector groupCollector, SessionStore sessionStore
+    LocalDatabaseSynchronizer synchronizer, GroupCollector groupCollector, CredentialsStore credentialsStore
  ) {
    this.synchronizer = synchronizer;
    this.groupCollector = groupCollector;
-    this.sessionStore = sessionStore;
+    this.sessionStore = credentialsStore;
  }
  
  /**
--- a/scm-webapp/src/main/java/sonia/scm/security/CredentialsStore.java
+++ b/scm-webapp/src/main/java/sonia/scm/security/CredentialsStore.java
@@ -30,26 +30,35 @@
 */
 package sonia.scm.security;

+import com.google.common.annotations.VisibleForTesting;
 import com.google.inject.Inject;
 import com.google.inject.Provider;
 import javax.servlet.http.HttpServletRequest;
 import org.apache.shiro.authc.UsernamePasswordToken;

 /**
- *
+ * Stores credentials of the user in the http session of the user.
+ * 
 * @author Sebastian Sdorra
+ * @since 1.52
 */
-public class SessionStore {
+public class CredentialsStore {
  
-  private static final String SCM_CREDENTIALS = "SCM_CREDENTIALS";
+  @VisibleForTesting
+  static final String SCM_CREDENTIALS = "SCM_CREDENTIALS";
  
  private final Provider<HttpServletRequest> requestProvider;

  @Inject
-  public SessionStore(Provider<HttpServletRequest> requestProvider) {
+  public CredentialsStore(Provider<HttpServletRequest> requestProvider) {
    this.requestProvider = requestProvider;
  }
-  
+
+  /**
+   * Extracts the user credentials from token, encrypts them, and stores them in the http session.
+   * 
+   * @param token username password token
+   */
  public void store(UsernamePasswordToken token) {
    // store encrypted credentials in session
    String credentials = token.getUsername();
@@ -59,8 +68,13 @@ public class SessionStore {
      credentials = credentials.concat(":").concat(new String(password));
    }

-    credentials = CipherUtil.getInstance().encode(credentials);
+    credentials = encrypt(credentials);
    requestProvider.get().getSession(true).setAttribute(SCM_CREDENTIALS, credentials);
  }
  
+  @VisibleForTesting
+  protected String encrypt(String credentials){
+    return CipherUtil.getInstance().encode(credentials);
+  }
+  
 }