mirror of https://github.com/OpenIdentityPlatform/OpenDJ.git
blame | history | patch | commit | commitdiff | ignore whitespace
copilot-swe-agent[bot]
2 days ago 2a88383d7affa766d19f7157fccdcc20000f5384 
 opendj-server-legacy/src/main/java/org/opends/server/extensions/AttributeValuePasswordValidator.java


@@ -19,6 +19,7 @@


import org.forgerock.i18n.LocalizableMessage;




import java.util.List;


import java.util.Locale;


import java.util.Set;




import org.forgerock.opendj.config.server.ConfigurationChangeListener;


@@ -87,11 +88,10 @@


    {


      for (int j = i + minSubstringLength; j <= passwordLength; j++)


      {


        Attribute substring = Attributes.create(a.getAttributeDescription().getAttributeType(),


            password.substring(i, j));


        final String pwdSubstring = password.substring(i, j).toLowerCase(Locale.ROOT);


        for (ByteString val : a)


        {


          if (substring.contains(val))


          if (val.toString().toLowerCase(Locale.ROOT).contains(pwdSubstring))


          {


            return true;


          }


@@ -141,7 +141,8 @@


        if (a.contains(vf) ||


            (config.isTestReversedPassword() && a.contains(vr)) ||


            (config.isCheckSubstrings() &&


                containsSubstring(password, minSubstringLength, a)))


                (containsSubstring(password, minSubstringLength, a) ||


                 (config.isTestReversedPassword() && containsSubstring(reversed, minSubstringLength, a)))))


        {


          invalidReason.append(ERR_ATTRVALUE_VALIDATOR_PASSWORD_IN_ENTRY.get());


          return false;




 opendj-server-legacy/src/test/java/org/opends/server/extensions/AttributeValuePasswordValidatorTestCase.java


@@ -371,6 +371,102 @@






  /**


   * Retrieves test data for substring and reversed-password substring checks


   * using a user entry with uid=USN123.


   *


   * @throws  Exception  If an unexpected problem occurs.


   */


  @DataProvider(name = "substringTestData")


  public Object[][] getSubstringTestData()


         throws Exception


  {


    Entry configEntry = TestCaseUtils.makeEntry(


         "dn: cn=Attribute Value,cn=Password Validators,cn=config",


         "objectClass: top",


         "objectClass: ds-cfg-password-validator",


         "objectClass: ds-cfg-attribute-value-password-validator",


         "cn: Attribute Value",


         "ds-cfg-java-class: org.opends.server.extensions." +


              "AttributeValuePasswordValidator",


         "ds-cfg-enabled: true",


         "ds-cfg-match-attribute: uid",


         "ds-cfg-check-substrings: true",


         "ds-cfg-min-substring-length: 3",


         "ds-cfg-test-reversed-password: true");




    return new Object[][]


    {


      // Password containing a forward substring of the attribute value ("USN" is in "USN123") → rejected


      new Object[] { configEntry, "USN123aa", false },




      // Password containing another forward substring of the attribute value ("123" is in "USN123") → rejected


      new Object[] { configEntry, "U1sn123b", false },




      // Password whose reverse contains a substring of the attribute value:


      // reversed("NsU321ab") = "ba123UsN"; "123" is in "USN123" → rejected


      new Object[] { configEntry, "NsU321ab", false },




      // Password with no substrings of the attribute value → accepted


      new Object[] { configEntry, "Sun3RiseA", true },


    };


  }








  /**


   * Tests substring and reversed-password substring checks against a user


   * entry with uid=USN123.


   *


   * @param  configEntry  The configuration entry to use for the password


   *                      validator.


   * @param  password     The password to test with the validator.


   * @param  acceptable   Indicates whether the provided password should be


   *                      considered acceptable.


   *


   * @throws  Exception  If an unexpected problem occurs.


   */


  @Test(dataProvider = "substringTestData")


  public void testSubstringPasswordIsAcceptable(Entry configEntry,


                                                String password,


                                                boolean acceptable)


         throws Exception


  {


    TestCaseUtils.initializeTestBackend(true);


    Entry userEntry = TestCaseUtils.makeEntry(


         "dn: uid=USN123,o=test",


         "objectClass: top",


         "objectClass: person",


         "objectClass: organizationalPerson",


         "objectClass: inetOrgPerson",


         "uid: USN123",


         "givenName: USN",


         "sn: 123",


         "cn: USN 123",


         "userPassword: doesntmatter");




    AttributeValuePasswordValidator validator = initializePasswordValidator(configEntry);




    ByteString pwOS = ByteString.valueOfUtf8(password);


    ArrayList<Modification> mods = CollectionUtils.newArrayList(


        new Modification(ModificationType.REPLACE, Attributes.create("userpassword", password)));




    ModifyOperationBasis modifyOperation =


         new ModifyOperationBasis(getRootConnection(), nextOperationID(), nextMessageID(),


                             new ArrayList<Control>(),


                             DN.valueOf("uid=USN123,o=test"), mods);




    LocalizableMessageBuilder invalidReason = new LocalizableMessageBuilder();


    assertEquals(validator.passwordIsAcceptable(pwOS,


                              new HashSet<ByteString>(0), modifyOperation,


                              userEntry, invalidReason),


                 acceptable, invalidReason.toString());




    validator.finalizePasswordValidator();


  }








  /**


   * Tests the {@code passwordIsAcceptable} method using the provided


   * information.


   *