refactor: replace random password generation logic (#1939)

* chore: generate random passwords with suitable method * chore: remove outdated `throws` annotations
apache · Sep 17, 2023 · 0d77725 · 0d77725
1 parent 3ecdebb
commit 0d77725
Show file tree

Hide file tree

Showing 3 changed files with 57 additions and 8 deletions.
diff --git a/streampipes-storage-couchdb/pom.xml b/streampipes-storage-couchdb/pom.xml
@@ -60,16 +60,20 @@
             <artifactId>gson</artifactId>
         </dependency>
         <dependency>
-            <groupId>org.lightcouch</groupId>
-            <artifactId>lightcouch</artifactId>
+            <groupId>org.apache.commons</groupId>
+            <artifactId>commons-text</artifactId>
         </dependency>
         <dependency>
             <groupId>org.apache.httpcomponents</groupId>
-            <artifactId>httpclient</artifactId>
+            <artifactId>fluent-hc</artifactId>
         </dependency>
         <dependency>
             <groupId>org.apache.httpcomponents</groupId>
-            <artifactId>fluent-hc</artifactId>
+            <artifactId>httpclient</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.lightcouch</groupId>
+            <artifactId>lightcouch</artifactId>
         </dependency>
 
         <!-- Test dependencies -->

diff --git a/...er-management/src/main/java/org/apache/streampipes/user/management/util/PasswordUtil.java b/...er-management/src/main/java/org/apache/streampipes/user/management/util/PasswordUtil.java
@@ -18,7 +18,7 @@
 
 package org.apache.streampipes.user.management.util;
 
-import org.apache.commons.lang3.RandomStringUtils;
+import org.apache.commons.text.RandomStringGenerator;
 
 import javax.crypto.SecretKeyFactory;
 import javax.crypto.spec.PBEKeySpec;
@@ -51,7 +51,7 @@ public static String encryptPassword(String property) throws NoSuchAlgorithmExce
     return iterations + ":" + toHex(salt) + ":" + toHex(hash);
   }
 
-  private static String toHex(byte[] array) throws NoSuchAlgorithmException {
+  private static String toHex(byte[] array) {
     BigInteger bi = new BigInteger(1, array);
     String hex = bi.toString(16);
     int paddingLength = (array.length * 2) - hex.length();
@@ -82,7 +82,7 @@ public static boolean validatePassword(String originalProperty, String storedPro
   }
 
 
-  private static byte[] fromHex(String hex) throws NoSuchAlgorithmException {
+  private static byte[] fromHex(String hex) {
     byte[] bytes = new byte[hex.length() / 2];
     for (int i = 0; i < bytes.length; i++) {
       bytes[i] = (byte) Integer.parseInt(hex.substring(2 * i, 2 * i + 2), 16);
@@ -92,6 +92,11 @@ private static byte[] fromHex(String hex) throws NoSuchAlgorithmException {
 
 
   public static String generateRandomPassword() {
-    return RandomStringUtils.randomAscii(DEFAULT_PASSWORD_LENGTH);
+
+    // allowing all ASCII-characters from decimal id 33 to 125
+    // see https://www.cs.cmu.edu/~pattis/15-1XX/common/handouts/ascii.html for full list
+    var pwdGenerator = new RandomStringGenerator.Builder().withinRange(33, 125)
+            .build();
+    return pwdGenerator.generate(DEFAULT_PASSWORD_LENGTH);
   }
 }
diff --git a/...anagement/src/test/java/org/apache/streampipes/user/management/util/TestPasswordUtil.java b/...anagement/src/test/java/org/apache/streampipes/user/management/util/TestPasswordUtil.java
@@ -0,0 +1,40 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.streampipes.user.management.util;
+
+import com.google.common.base.CharMatcher;
+import org.junit.Test;
+
+import static org.apache.streampipes.user.management.util.PasswordUtil.generateRandomPassword;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertTrue;
+
+public class TestPasswordUtil {
+
+  @Test
+  public void testGenerateRandomPassword() {
+
+    String randomPassword = generateRandomPassword();
+
+    assertNotNull(randomPassword);
+    assertEquals(10, randomPassword.length());
+    assertTrue(CharMatcher.ascii().matchesAllOf(randomPassword));
+  }
+
+}