All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.google.gerrit.server.account.externalids.PasswordVerifier Maven / Gradle / Ivy

The newest version!
// Copyright (C) 2019 The Android Open Source Project
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

package com.google.gerrit.server.account.externalids;

import static com.google.gerrit.server.account.externalids.ExternalId.SCHEME_USERNAME;

import com.google.common.base.Strings;
import com.google.common.flogger.FluentLogger;
import com.google.gerrit.common.Nullable;
import com.google.gerrit.server.account.HashedPassword;
import com.google.gerrit.server.config.AuthConfig;
import com.google.inject.Inject;
import java.util.Collection;

/** Checks if a given username and password match a user's external IDs. */
public class PasswordVerifier {
  private static final FluentLogger logger = FluentLogger.forEnclosingClass();

  private final ExternalIdKeyFactory externalIdKeyFactory;

  private AuthConfig authConfig;

  @Inject
  public PasswordVerifier(ExternalIdKeyFactory externalIdKeyFactory, AuthConfig authConfig) {
    this.externalIdKeyFactory = externalIdKeyFactory;
    this.authConfig = authConfig;
  }

  /** Returns {@code true} if there is an external ID matching both the username and password. */
  public boolean checkPassword(
      Collection externalIds, String username, @Nullable String password) {
    if (password == null) {
      return false;
    }

    for (ExternalId id : externalIds) {
      // Only process the "username:$USER" entry, which is unique.
      if (!id.isScheme(SCHEME_USERNAME)) {
        continue;
      }

      if (!id.key().equals(externalIdKeyFactory.create(SCHEME_USERNAME, username))) {
        if (!authConfig.isUserNameCaseInsensitiveMigrationMode()) {
          continue;
        }

        if (!id.key().equals(externalIdKeyFactory.create(SCHEME_USERNAME, username, false))) {
          continue;
        }
      }

      String hashedStr = id.password();
      if (!Strings.isNullOrEmpty(hashedStr)) {
        try {
          return HashedPassword.decode(hashedStr).checkPassword(password);
        } catch (HashedPassword.DecoderException e) {
          logger.atSevere().log("DecoderException for user %s: %s ", username, e.getMessage());
          return false;
        }
      }
    }
    return false;
  }
}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy