From a6120f0b169a46ca7f0459692bb286dbc7068955 Mon Sep 17 00:00:00 2001
From: Sebastian Sdorra <sebastian.sdorra@cloudogu.com>
Date: Sun, 26 Feb 2017 14:54:01 +0100
Subject: [PATCH] rename SessionStore to CredentialsStore

---
 .../security/AuthenticationInfoCollector.java |  8 +-
 ...essionStore.java => CredentialsStore.java} | 26 +++--
 .../AuthenticationInfoCollectorTest.java      |  2 +-
 .../scm/security/CredentialsStoreTest.java    | 94 +++++++++++++++++++
 .../java/sonia/scm/security/ScmRealmTest.java |  2 +-
 5 files changed, 120 insertions(+), 12 deletions(-)
 rename scm-webapp/src/main/java/sonia/scm/security/{SessionStore.java => CredentialsStore.java} (78%)
 create mode 100644 scm-webapp/src/test/java/sonia/scm/security/CredentialsStoreTest.java

diff --git a/scm-webapp/src/main/java/sonia/scm/security/AuthenticationInfoCollector.java b/scm-webapp/src/main/java/sonia/scm/security/AuthenticationInfoCollector.java
index a82352b624..7e2547a4e4 100644
--- a/scm-webapp/src/main/java/sonia/scm/security/AuthenticationInfoCollector.java
+++ b/scm-webapp/src/main/java/sonia/scm/security/AuthenticationInfoCollector.java
@@ -59,22 +59,22 @@ public class AuthenticationInfoCollector {
   
   private final LocalDatabaseSynchronizer synchronizer;
   private final GroupCollector groupCollector; 
-  private final SessionStore sessionStore;
+  private final CredentialsStore sessionStore;
 
   /**
    * Construct a new AuthenticationInfoCollector.
    * 
    * @param synchronizer local database synchronizer
    * @param groupCollector groups collector
-   * @param sessionStore session store
+   * @param credentialsStore credentials store
    */
   @Inject
   public AuthenticationInfoCollector(
-    LocalDatabaseSynchronizer synchronizer, GroupCollector groupCollector, SessionStore sessionStore
+    LocalDatabaseSynchronizer synchronizer, GroupCollector groupCollector, CredentialsStore credentialsStore
   ) {
     this.synchronizer = synchronizer;
     this.groupCollector = groupCollector;
-    this.sessionStore = sessionStore;
+    this.sessionStore = credentialsStore;
   }
   
   /**
diff --git a/scm-webapp/src/main/java/sonia/scm/security/SessionStore.java b/scm-webapp/src/main/java/sonia/scm/security/CredentialsStore.java
similarity index 78%
rename from scm-webapp/src/main/java/sonia/scm/security/SessionStore.java
rename to scm-webapp/src/main/java/sonia/scm/security/CredentialsStore.java
index 88ae3c0912..eeaef74bf6 100644
--- a/scm-webapp/src/main/java/sonia/scm/security/SessionStore.java
+++ b/scm-webapp/src/main/java/sonia/scm/security/CredentialsStore.java
@@ -30,26 +30,35 @@
  */
 package sonia.scm.security;
 
+import com.google.common.annotations.VisibleForTesting;
 import com.google.inject.Inject;
 import com.google.inject.Provider;
 import javax.servlet.http.HttpServletRequest;
 import org.apache.shiro.authc.UsernamePasswordToken;
 
 /**
- *
+ * Stores credentials of the user in the http session of the user.
+ * 
  * @author Sebastian Sdorra
+ * @since 1.52
  */
-public class SessionStore {
+public class CredentialsStore {
   
-  private static final String SCM_CREDENTIALS = "SCM_CREDENTIALS";
+  @VisibleForTesting
+  static final String SCM_CREDENTIALS = "SCM_CREDENTIALS";
   
   private final Provider<HttpServletRequest> requestProvider;
 
   @Inject
-  public SessionStore(Provider<HttpServletRequest> requestProvider) {
+  public CredentialsStore(Provider<HttpServletRequest> requestProvider) {
     this.requestProvider = requestProvider;
   }
-  
+
+  /**
+   * Extracts the user credentials from token, encrypts them, and stores them in the http session.
+   * 
+   * @param token username password token
+   */
   public void store(UsernamePasswordToken token) {
     // store encrypted credentials in session
     String credentials = token.getUsername();
@@ -59,8 +68,13 @@ public class SessionStore {
       credentials = credentials.concat(":").concat(new String(password));
     }
 
-    credentials = CipherUtil.getInstance().encode(credentials);
+    credentials = encrypt(credentials);
     requestProvider.get().getSession(true).setAttribute(SCM_CREDENTIALS, credentials);
   }
   
+  @VisibleForTesting
+  protected String encrypt(String credentials){
+    return CipherUtil.getInstance().encode(credentials);
+  }
+  
 }
diff --git a/scm-webapp/src/test/java/sonia/scm/security/AuthenticationInfoCollectorTest.java b/scm-webapp/src/test/java/sonia/scm/security/AuthenticationInfoCollectorTest.java
index 31504777fd..8eac89731f 100644
--- a/scm-webapp/src/test/java/sonia/scm/security/AuthenticationInfoCollectorTest.java
+++ b/scm-webapp/src/test/java/sonia/scm/security/AuthenticationInfoCollectorTest.java
@@ -66,7 +66,7 @@ public class AuthenticationInfoCollectorTest {
   private GroupCollector groupCollector; 
   
   @Mock
-  private SessionStore sessionStore;
+  private CredentialsStore sessionStore;
   
   @InjectMocks
   private AuthenticationInfoCollector collector;
diff --git a/scm-webapp/src/test/java/sonia/scm/security/CredentialsStoreTest.java b/scm-webapp/src/test/java/sonia/scm/security/CredentialsStoreTest.java
new file mode 100644
index 0000000000..ca775dcb95
--- /dev/null
+++ b/scm-webapp/src/test/java/sonia/scm/security/CredentialsStoreTest.java
@@ -0,0 +1,94 @@
+/**
+ * Copyright (c) 2014, Sebastian Sdorra
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ * 3. Neither the name of SCM-Manager; nor the names of its
+ *    contributors may be used to endorse or promote products derived from this
+ *    software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * 
+ * http://bitbucket.org/sdorra/scm-manager
+ * 
+ */
+
+package sonia.scm.security;
+
+import com.google.inject.Provider;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
+import org.apache.shiro.authc.UsernamePasswordToken;
+import org.junit.Test;
+import org.junit.Before;
+import org.junit.runner.RunWith;
+import org.mockito.Mock;
+import static org.mockito.Mockito.*;
+import org.mockito.runners.MockitoJUnitRunner;
+
+/**
+ * Unit tests for {@link CredentialsStore}.
+ * 
+ * @author Sebastian Sdorra
+ * @since 1.52
+ */
+@RunWith(MockitoJUnitRunner.class)
+public class CredentialsStoreTest {
+  
+  @Mock
+  private HttpSession session;
+  
+  private CredentialsStore store;
+
+  /**
+   * Set up object under test.
+   */
+  @Before
+  public void setUpObjectUnderTest() {
+    HttpServletRequest request = mock(HttpServletRequest.class);
+    when(request.getSession(true)).thenReturn(session);
+    Provider<HttpServletRequest> provider = mock(Provider.class);
+    when(provider.get()).thenReturn(request);
+    
+    store = new TestableCredentialsStore(provider);
+  }
+  
+  /**
+   * Tests {@link CredentialsStore#store(org.apache.shiro.authc.UsernamePasswordToken)}.
+   */
+  @Test
+  public void testStore() {
+    store.store(new UsernamePasswordToken("trillian", "trillian123"));
+    verify(session).setAttribute(CredentialsStore.SCM_CREDENTIALS, "x_trillian:trillian123");
+  }
+
+  private static class TestableCredentialsStore extends CredentialsStore {
+  
+    public TestableCredentialsStore(Provider<HttpServletRequest> requestProvider) {
+      super(requestProvider);
+    }
+
+    @Override
+    protected String encrypt(String credentials) {
+      return "x_".concat(credentials);
+    }
+  
+  }
+  
+}
\ No newline at end of file
diff --git a/scm-webapp/src/test/java/sonia/scm/security/ScmRealmTest.java b/scm-webapp/src/test/java/sonia/scm/security/ScmRealmTest.java
index 2bbbbdd5e5..fdb8d3d57e 100644
--- a/scm-webapp/src/test/java/sonia/scm/security/ScmRealmTest.java
+++ b/scm-webapp/src/test/java/sonia/scm/security/ScmRealmTest.java
@@ -484,7 +484,7 @@ public class ScmRealmTest
     );
     
     GroupCollector groupCollector = new GroupCollector(groupManager);
-    SessionStore sessionStore = new SessionStore(requestProvider);
+    CredentialsStore sessionStore = new CredentialsStore(requestProvider);
     
     AuthenticationInfoCollector authcCollector = new AuthenticationInfoCollector(
       synchronizer,