Refine encodepassword options
Refine the options to include 'default'. Also no longer add the prefix to all results. Closes gh-11875
This commit is contained in:
Phillip Webb
parent
eb83b2e0c2
commit
c1c0385dbc
|
|
@ -35,6 +35,7 @@ import org.springframework.boot.cli.command.options.OptionHandler;
|
||||||
import org.springframework.boot.cli.command.status.ExitStatus;
|
import org.springframework.boot.cli.command.status.ExitStatus;
|
||||||
import org.springframework.boot.cli.util.Log;
|
import org.springframework.boot.cli.util.Log;
|
||||||
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
|
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
|
||||||
|
import org.springframework.security.crypto.factory.PasswordEncoderFactories;
|
||||||
import org.springframework.security.crypto.password.PasswordEncoder;
|
import org.springframework.security.crypto.password.PasswordEncoder;
|
||||||
import org.springframework.security.crypto.password.Pbkdf2PasswordEncoder;
|
import org.springframework.security.crypto.password.Pbkdf2PasswordEncoder;
|
||||||
import org.springframework.util.StringUtils;
|
import org.springframework.util.StringUtils;
|
||||||
|
|
@ -51,6 +52,8 @@ public class EncodePasswordCommand extends OptionParsingCommand {
|
||||||
|
|
||||||
static {
|
static {
|
||||||
Map<String, Supplier<PasswordEncoder>> encoders = new LinkedHashMap<>();
|
Map<String, Supplier<PasswordEncoder>> encoders = new LinkedHashMap<>();
|
||||||
|
encoders.put("default",
|
||||||
|
PasswordEncoderFactories::createDelegatingPasswordEncoder);
|
||||||
encoders.put("bcrypt", BCryptPasswordEncoder::new);
|
encoders.put("bcrypt", BCryptPasswordEncoder::new);
|
||||||
encoders.put("pbkdf2", Pbkdf2PasswordEncoder::new);
|
encoders.put("pbkdf2", Pbkdf2PasswordEncoder::new);
|
||||||
ENCODERS = Collections.unmodifiableMap(encoders);
|
ENCODERS = Collections.unmodifiableMap(encoders);
|
||||||
|
|
@ -69,7 +72,7 @@ public class EncodePasswordCommand extends OptionParsingCommand {
|
||||||
@Override
|
@Override
|
||||||
public Collection<HelpExample> getExamples() {
|
public Collection<HelpExample> getExamples() {
|
||||||
List<HelpExample> examples = new ArrayList<>();
|
List<HelpExample> examples = new ArrayList<>();
|
||||||
examples.add(new HelpExample("To encode a password with bcrypt",
|
examples.add(new HelpExample("To encode a password with the default encoder",
|
||||||
"spring encodepassword mypassword"));
|
"spring encodepassword mypassword"));
|
||||||
examples.add(new HelpExample("To encode a password with pbkdf2",
|
examples.add(new HelpExample("To encode a password with pbkdf2",
|
||||||
"spring encodepassword -a pbkdf2 mypassword"));
|
"spring encodepassword -a pbkdf2 mypassword"));
|
||||||
|
|
@ -83,7 +86,7 @@ public class EncodePasswordCommand extends OptionParsingCommand {
|
||||||
@Override
|
@Override
|
||||||
protected void options() {
|
protected void options() {
|
||||||
this.algorithm = option(Arrays.asList("algorithm", "a"),
|
this.algorithm = option(Arrays.asList("algorithm", "a"),
|
||||||
"The algorithm to use").withRequiredArg().defaultsTo("bcrypt");
|
"The algorithm to use").withRequiredArg().defaultsTo("default");
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
|
@ -100,7 +103,7 @@ public class EncodePasswordCommand extends OptionParsingCommand {
|
||||||
.collectionToCommaDelimitedString(ENCODERS.keySet()));
|
.collectionToCommaDelimitedString(ENCODERS.keySet()));
|
||||||
return ExitStatus.ERROR;
|
return ExitStatus.ERROR;
|
||||||
}
|
}
|
||||||
Log.info("{" + algorithm + "}" + encoder.get().encode(password));
|
Log.info(encoder.get().encode(password));
|
||||||
return ExitStatus.OK;
|
return ExitStatus.OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -25,7 +25,9 @@ import org.mockito.MockitoAnnotations;
|
||||||
|
|
||||||
import org.springframework.boot.cli.command.status.ExitStatus;
|
import org.springframework.boot.cli.command.status.ExitStatus;
|
||||||
import org.springframework.boot.cli.util.MockLog;
|
import org.springframework.boot.cli.util.MockLog;
|
||||||
|
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
|
||||||
import org.springframework.security.crypto.factory.PasswordEncoderFactories;
|
import org.springframework.security.crypto.factory.PasswordEncoderFactories;
|
||||||
|
import org.springframework.security.crypto.password.Pbkdf2PasswordEncoder;
|
||||||
|
|
||||||
import static org.assertj.core.api.Assertions.assertThat;
|
import static org.assertj.core.api.Assertions.assertThat;
|
||||||
import static org.mockito.Mockito.verify;
|
import static org.mockito.Mockito.verify;
|
||||||
|
|
@ -64,14 +66,25 @@ public class EncodePasswordCommandTests {
|
||||||
assertThat(status).isEqualTo(ExitStatus.OK);
|
assertThat(status).isEqualTo(ExitStatus.OK);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void encodeWithBCryptShouldUseBCrypt() throws Exception {
|
||||||
|
EncodePasswordCommand command = new EncodePasswordCommand();
|
||||||
|
ExitStatus status = command.run("-a", "bcrypt", "boot");
|
||||||
|
verify(this.log).info(this.message.capture());
|
||||||
|
assertThat(this.message.getValue()).doesNotStartWith("{");
|
||||||
|
assertThat(new BCryptPasswordEncoder().matches("boot", this.message.getValue()))
|
||||||
|
.isTrue();
|
||||||
|
assertThat(status).isEqualTo(ExitStatus.OK);
|
||||||
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void encodeWithPbkdf2ShouldUsePbkdf2() throws Exception {
|
public void encodeWithPbkdf2ShouldUsePbkdf2() throws Exception {
|
||||||
EncodePasswordCommand command = new EncodePasswordCommand();
|
EncodePasswordCommand command = new EncodePasswordCommand();
|
||||||
ExitStatus status = command.run("-a", "pbkdf2", "boot");
|
ExitStatus status = command.run("-a", "pbkdf2", "boot");
|
||||||
verify(this.log).info(this.message.capture());
|
verify(this.log).info(this.message.capture());
|
||||||
assertThat(this.message.getValue()).startsWith("{pbkdf2}");
|
assertThat(this.message.getValue()).doesNotStartWith("{");
|
||||||
assertThat(PasswordEncoderFactories.createDelegatingPasswordEncoder()
|
assertThat(new Pbkdf2PasswordEncoder().matches("boot", this.message.getValue()))
|
||||||
.matches("boot", this.message.getValue())).isTrue();
|
.isTrue();
|
||||||
assertThat(status).isEqualTo(ExitStatus.OK);
|
assertThat(status).isEqualTo(ExitStatus.OK);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -79,7 +92,8 @@ public class EncodePasswordCommandTests {
|
||||||
public void encodeWithUnkownAlgorithShouldExitWithError() throws Exception {
|
public void encodeWithUnkownAlgorithShouldExitWithError() throws Exception {
|
||||||
EncodePasswordCommand command = new EncodePasswordCommand();
|
EncodePasswordCommand command = new EncodePasswordCommand();
|
||||||
ExitStatus status = command.run("--algorithm", "bad", "boot");
|
ExitStatus status = command.run("--algorithm", "bad", "boot");
|
||||||
verify(this.log).error("Unknown algorithm, valid options are: bcrypt,pbkdf2");
|
verify(this.log)
|
||||||
|
.error("Unknown algorithm, valid options are: default,bcrypt,pbkdf2");
|
||||||
assertThat(status).isEqualTo(ExitStatus.ERROR);
|
assertThat(status).isEqualTo(ExitStatus.ERROR);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue