diff --git a/src/main/java/fr/xephi/authme/security/PasswordSecurity.java b/src/main/java/fr/xephi/authme/security/PasswordSecurity.java index 012fd3e51..83d9e9e94 100644 --- a/src/main/java/fr/xephi/authme/security/PasswordSecurity.java +++ b/src/main/java/fr/xephi/authme/security/PasswordSecurity.java @@ -82,9 +82,8 @@ public boolean comparePassword(String password, String playerName) { * @return True if the password matches, false otherwise */ public boolean comparePassword(String password, HashedPassword hashedPassword, String playerName) { - String playerLowerCase = playerName.toLowerCase(Locale.ROOT); - return methodMatches(encryptionMethod, password, hashedPassword, playerLowerCase) - || compareWithLegacyHashes(password, hashedPassword, playerLowerCase); + return methodMatches(encryptionMethod, password, hashedPassword, playerName) + || compareWithLegacyHashes(password, hashedPassword, playerName); } /** diff --git a/src/test/java/fr/xephi/authme/security/PasswordSecurityTest.java b/src/test/java/fr/xephi/authme/security/PasswordSecurityTest.java index aa3165e76..e9ef29445 100644 --- a/src/test/java/fr/xephi/authme/security/PasswordSecurityTest.java +++ b/src/test/java/fr/xephi/authme/security/PasswordSecurityTest.java @@ -34,7 +34,7 @@ import static org.hamcrest.Matchers.equalTo; import static org.hamcrest.Matchers.equalToIgnoringCase; import static org.hamcrest.Matchers.instanceOf; -import static org.junit.Assert.assertThat; +import static org.hamcrest.MatcherAssert.assertThat; import static org.mockito.ArgumentMatchers.any; import static org.mockito.ArgumentMatchers.anyString; import static org.mockito.BDDMockito.given; @@ -118,12 +118,10 @@ public void shouldReturnPasswordMatch() { // given HashedPassword password = new HashedPassword("$TEST$10$SOME_HASH", null); String playerName = "Tester"; - // Calls to EncryptionMethod are always with the lower-case version of the name - String playerLowerCase = playerName.toLowerCase(Locale.ROOT); String clearTextPass = "myPassTest"; given(dataSource.getPassword(playerName)).willReturn(password); - given(method.comparePassword(clearTextPass, password, playerLowerCase)).willReturn(true); + given(method.comparePassword(clearTextPass, password, playerName)).willReturn(true); // when boolean result = passwordSecurity.comparePassword(clearTextPass, playerName); @@ -132,7 +130,7 @@ public void shouldReturnPasswordMatch() { assertThat(result, equalTo(true)); verify(dataSource).getPassword(playerName); verify(pluginManager).callEvent(any(PasswordEncryptionEvent.class)); - verify(method).comparePassword(clearTextPass, password, playerLowerCase); + verify(method).comparePassword(clearTextPass, password, playerName); } @Test @@ -140,11 +138,10 @@ public void shouldReturnPasswordMismatch() { // given HashedPassword password = new HashedPassword("$TEST$10$SOME_HASH", null); String playerName = "My_PLayer"; - String playerLowerCase = playerName.toLowerCase(Locale.ROOT); String clearTextPass = "passw0Rd1"; given(dataSource.getPassword(playerName)).willReturn(password); - given(method.comparePassword(clearTextPass, password, playerLowerCase)).willReturn(false); + given(method.comparePassword(clearTextPass, password, playerName)).willReturn(false); // when boolean result = passwordSecurity.comparePassword(clearTextPass, playerName); @@ -153,7 +150,7 @@ public void shouldReturnPasswordMismatch() { assertThat(result, equalTo(false)); verify(dataSource).getPassword(playerName); verify(pluginManager).callEvent(any(PasswordEncryptionEvent.class)); - verify(method).comparePassword(clearTextPass, password, playerLowerCase); + verify(method).comparePassword(clearTextPass, password, playerName); } @Test @@ -179,14 +176,13 @@ public void shouldTryOtherMethodsForFailedPassword() { HashedPassword password = new HashedPassword("$2y$10$2e6d2193f43501c926e25elvWlPmWczmrfrnbZV0dUZGITjYjnkkW"); String playerName = "somePlayer"; - String playerLowerCase = playerName.toLowerCase(Locale.ROOT); String clearTextPass = "Test"; // MD5 hash for "Test" HashedPassword newPassword = new HashedPassword("0cbc6611f5540bd0809a388dc95a615b"); given(dataSource.getPassword(argThat(equalToIgnoringCase(playerName)))).willReturn(password); - given(method.comparePassword(clearTextPass, password, playerLowerCase)).willReturn(false); - given(method.computeHash(clearTextPass, playerLowerCase)).willReturn(newPassword); + given(method.comparePassword(clearTextPass, password, playerName)).willReturn(false); + given(method.computeHash(clearTextPass, playerName)).willReturn(newPassword); given(settings.getProperty(SecuritySettings.PASSWORD_HASH)).willReturn(HashAlgorithm.MD5); given(settings.getProperty(SecuritySettings.LEGACY_HASHES)).willReturn(newHashSet(HashAlgorithm.BCRYPT)); passwordSecurity.reload(); @@ -201,8 +197,8 @@ public void shouldTryOtherMethodsForFailedPassword() { // should only be invoked with all lower-case names. Data source is case-insensitive itself, so this is fine. verify(dataSource).getPassword(argThat(equalToIgnoringCase(playerName))); verify(pluginManager, times(2)).callEvent(any(PasswordEncryptionEvent.class)); - verify(method).comparePassword(clearTextPass, password, playerLowerCase); - verify(dataSource).updatePassword(playerLowerCase, newPassword); + verify(method).comparePassword(clearTextPass, password, playerName); + verify(dataSource).updatePassword(playerName, newPassword); } @Test