Skip to content

Commit

Permalink
SONAR-6949 Increase crypted password size
Browse files Browse the repository at this point in the history
  • Loading branch information
ehartmann authored and SonarTech committed Apr 17, 2018
1 parent 30134be commit 9b7da25
Show file tree
Hide file tree
Showing 12 changed files with 233 additions and 3 deletions.
1 change: 1 addition & 0 deletions build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -186,6 +186,7 @@ subprojects {
}
dependency 'org.freemarker:freemarker:2.3.20'
dependency 'org.hamcrest:hamcrest-all:1.3'
dependency 'org.mindrot:jbcrypt:0.4'
dependency('org.mockito:mockito-core:2.15.0') {
exclude 'org.hamcrest:hamcrest-core'
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -112,7 +112,7 @@ public void test_real_start() throws IOException {
);
assertThat(picoContainer.getParent().getParent().getComponentAdapters()).hasSize(
CONTAINER_ITSELF
+ 15 // MigrationConfigurationModule
+ 16 // MigrationConfigurationModule
+ 17 // level 2
);
assertThat(picoContainer.getParent().getParent().getParent().getComponentAdapters()).hasSize(
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -461,7 +461,7 @@ CREATE TABLE "USERS" (
"LOGIN" VARCHAR(255),
"NAME" VARCHAR(200),
"EMAIL" VARCHAR(100),
"CRYPTED_PASSWORD" VARCHAR(40),
"CRYPTED_PASSWORD" VARCHAR(100),
"SALT" VARCHAR(40),
"ACTIVE" BOOLEAN DEFAULT TRUE,
"SCM_ACCOUNTS" VARCHAR(4000),
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,7 @@
import org.sonar.server.platform.db.migration.version.v67.DbVersion67;
import org.sonar.server.platform.db.migration.version.v70.DbVersion70;
import org.sonar.server.platform.db.migration.version.v71.DbVersion71;
import org.sonar.server.platform.db.migration.version.v72.DbVersion72;

public class MigrationConfigurationModule extends Module {
@Override
Expand All @@ -53,6 +54,7 @@ protected void configureModule() {
DbVersion67.class,
DbVersion70.class,
DbVersion71.class,
DbVersion72.class,

// migration steps
MigrationStepRegistryImpl.class,
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
/*
* SonarQube
* Copyright (C) 2009-2018 SonarSource SA
* mailto:info AT sonarsource DOT com
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 3 of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with this program; if not, write to the Free Software Foundation,
* Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*/
package org.sonar.server.platform.db.migration.version.v72;

import org.sonar.server.platform.db.migration.step.MigrationStepRegistry;
import org.sonar.server.platform.db.migration.version.DbVersion;

public class DbVersion72 implements DbVersion {

@Override
public void addSteps(MigrationStepRegistry registry) {
registry
.add(2100, "Increase size of CRYPTED_PASSWORD", IncreaseCryptedPasswordSize.class)
;
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
/*
* SonarQube
* Copyright (C) 2009-2018 SonarSource SA
* mailto:info AT sonarsource DOT com
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 3 of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with this program; if not, write to the Free Software Foundation,
* Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*/
package org.sonar.server.platform.db.migration.version.v72;

import java.sql.SQLException;
import org.sonar.db.Database;
import org.sonar.server.platform.db.migration.sql.AlterColumnsBuilder;
import org.sonar.server.platform.db.migration.step.DdlChange;

import static org.sonar.server.platform.db.migration.def.VarcharColumnDef.newVarcharColumnDefBuilder;

public class IncreaseCryptedPasswordSize extends DdlChange {
private static final String TABLE_NAME = "users";

public IncreaseCryptedPasswordSize(Database db) {
super(db);
}

@Override
public void execute(Context context) throws SQLException {
context.execute(new AlterColumnsBuilder(getDialect(), TABLE_NAME)
.updateColumn(newVarcharColumnDefBuilder()
.setColumnName("crypted_password")
.setLimit(100)
.build())
.build());
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
/*
* SonarQube
* Copyright (C) 2009-2018 SonarSource SA
* mailto:info AT sonarsource DOT com
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 3 of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with this program; if not, write to the Free Software Foundation,
* Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*/
@ParametersAreNonnullByDefault
package org.sonar.server.platform.db.migration.version.v72;

import javax.annotation.ParametersAreNonnullByDefault;

Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ public void verify_component_count() {
assertThat(container.getPicoContainer().getComponentAdapters())
.hasSize(COMPONENTS_IN_EMPTY_COMPONENT_CONTAINER
// DbVersion classes
+ 12
+ 13
// Others
+ 3);
}
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
/*
* SonarQube
* Copyright (C) 2009-2018 SonarSource SA
* mailto:info AT sonarsource DOT com
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 3 of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with this program; if not, write to the Free Software Foundation,
* Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*/
package org.sonar.server.platform.db.migration.version.v72;

import org.junit.Test;

import static org.sonar.server.platform.db.migration.version.DbVersionTestUtils.verifyMigrationCount;
import static org.sonar.server.platform.db.migration.version.DbVersionTestUtils.verifyMinimumMigrationNumber;

public class DbVersion72Test {
private DbVersion72 underTest = new DbVersion72();

@Test
public void migrationNumber_starts_at_2100() {
verifyMinimumMigrationNumber(underTest, 2100);
}

@Test
public void verify_migration_count() {
verifyMigrationCount(underTest, 1);
}

}
Original file line number Diff line number Diff line change
@@ -0,0 +1,63 @@
package org.sonar.server.platform.db.migration.version.v72;/*
* SonarQube
* Copyright (C) 2009-2018 SonarSource SA
* mailto:info AT sonarsource DOT com
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 3 of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with this program; if not, write to the Free Software Foundation,
* Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*/

import java.sql.SQLException;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;
import org.mindrot.jbcrypt.BCrypt;
import org.sonar.db.CoreDbTester;

import static org.assertj.core.api.Assertions.assertThat;

public class IncreaseCryptedPasswordSizeTest {
private static final String TABLE_NAME = "users";

@Rule
public CoreDbTester db = CoreDbTester.createForSchema(IncreaseCryptedPasswordSizeTest.class, "users.sql");
@Rule
public ExpectedException expectedException = ExpectedException.none();

private IncreaseCryptedPasswordSize underTest = new IncreaseCryptedPasswordSize(db.database());

@Test
public void cannot_insert_crypted_password() {
expectedException.expect(IllegalStateException.class);

insertRow();
}

@Test
public void can_insert_crypted_password_after_execute() throws SQLException {
underTest.execute();
assertThat(db.countRowsOfTable(TABLE_NAME)).isEqualTo(0);
insertRow();
assertThat(db.countRowsOfTable(TABLE_NAME)).isEqualTo(1);
}

private void insertRow() {
db.executeInsert(
"USERS",
"CRYPTED_PASSWORD", BCrypt.hashpw("a", BCrypt.gensalt()),
"IS_ROOT", false,
"ONBOARDED", false);
}

}
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
CREATE TABLE "USERS" (
"ID" INTEGER NOT NULL GENERATED BY DEFAULT AS IDENTITY (START WITH 1, INCREMENT BY 1),
"LOGIN" VARCHAR(255),
"NAME" VARCHAR(200),
"EMAIL" VARCHAR(100),
"CRYPTED_PASSWORD" VARCHAR(40),
"SALT" VARCHAR(40),
"ACTIVE" BOOLEAN DEFAULT TRUE,
"SCM_ACCOUNTS" VARCHAR(4000),
"EXTERNAL_IDENTITY" VARCHAR(255),
"EXTERNAL_IDENTITY_PROVIDER" VARCHAR(100),
"IS_ROOT" BOOLEAN NOT NULL,
"USER_LOCAL" BOOLEAN,
"ONBOARDED" BOOLEAN NOT NULL,
"CREATED_AT" BIGINT,
"UPDATED_AT" BIGINT,
"HOMEPAGE_TYPE" VARCHAR(40),
"HOMEPAGE_PARAMETER" VARCHAR(40)
);
CREATE UNIQUE INDEX "USERS_LOGIN" ON "USERS" ("LOGIN");
CREATE INDEX "USERS_UPDATED_AT" ON "USERS" ("UPDATED_AT");
1 change: 1 addition & 0 deletions sonar-core/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ dependencies {
compile 'org.picocontainer:picocontainer'
compile 'org.slf4j:slf4j-api'
compile 'org.sonarsource.update-center:sonar-update-center-common'
compile 'org.mindrot:jbcrypt'
compile project(path: ':sonar-plugin-api', configuration: 'shadow')

compileOnly 'com.google.code.findbugs:jsr305'
Expand Down

0 comments on commit 9b7da25

Please sign in to comment.