Skip to content

Commit

Permalink
Merge pull request #37244 from sberyozkin/jpa_null_user
Browse files Browse the repository at this point in the history
Always execute a JPA password action
  • Loading branch information
FroMage authored Nov 22, 2023
2 parents 6fd755c + 2c29d55 commit 0bc38e2
Show file tree
Hide file tree
Showing 2 changed files with 22 additions and 3 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -45,18 +45,21 @@ public static void buildIdentity(Index index, JpaSecurityDefinition jpaSecurityD
PanacheEntityPredicateBuildItem panacheEntityPredicate, FieldDescriptor passwordProviderField,
MethodCreator outerMethod, ResultHandle userVar, BytecodeCreator innerMethod) {
// if(user == null) throw new AuthenticationFailedException();

PasswordType passwordType = passwordTypeValue != null ? PasswordType.valueOf(passwordTypeValue.asEnum())
: PasswordType.MCF;

try (BytecodeCreator trueBranch = innerMethod.ifNull(userVar).trueBranch()) {

ResultHandle exceptionInstance = trueBranch
.newInstance(MethodDescriptor.ofConstructor(AuthenticationFailedException.class));
trueBranch.invokeStaticMethod(passwordActionMethod(), trueBranch.load(passwordType));
trueBranch.throwException(exceptionInstance);
}

// :pass = user.pass | user.getPass()
ResultHandle pass = jpaSecurityDefinition.password.readValue(innerMethod, userVar);

PasswordType passwordType = passwordTypeValue != null ? PasswordType.valueOf(passwordTypeValue.asEnum())
: PasswordType.MCF;

if (passwordType == PasswordType.CUSTOM && passwordProviderValue == null) {
throw new RuntimeException("Missing password provider for password type: " + passwordType);
}
Expand Down Expand Up @@ -245,4 +248,8 @@ private static MethodDescriptor getUtilMethod(String passwordProviderMethod) {
return MethodDescriptor.ofMethod(JpaIdentityProviderUtil.class, passwordProviderMethod,
org.wildfly.security.password.Password.class, String.class);
}

private static MethodDescriptor passwordActionMethod() {
return MethodDescriptor.ofMethod(JpaIdentityProviderUtil.class, "passwordAction", void.class, PasswordType.class);
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@

import java.security.spec.InvalidKeySpecException;
import java.util.List;
import java.util.UUID;

import org.wildfly.security.credential.PasswordCredential;
import org.wildfly.security.evidence.PasswordGuessEvidence;
Expand All @@ -10,9 +11,11 @@
import org.wildfly.security.password.util.ModularCrypt;
import org.wildfly.security.provider.util.ProviderUtil;

import io.quarkus.elytron.security.common.BcryptUtil;
import io.quarkus.security.AuthenticationFailedException;
import io.quarkus.security.identity.request.TrustedAuthenticationRequest;
import io.quarkus.security.identity.request.UsernamePasswordAuthenticationRequest;
import io.quarkus.security.jpa.PasswordType;
import io.quarkus.security.runtime.QuarkusPrincipal;
import io.quarkus.security.runtime.QuarkusSecurityIdentity;

Expand Down Expand Up @@ -70,4 +73,13 @@ public static Password getMcfPassword(String pass) {
throw new RuntimeException(e);
}
}

public static void passwordAction(PasswordType type) {
String uuid = UUID.randomUUID().toString();
if (type == PasswordType.CLEAR) {
ClearPassword.createRaw(ClearPassword.ALGORITHM_CLEAR, uuid.toCharArray());
} else {
BcryptUtil.bcryptHash(uuid);
}
}
}

0 comments on commit 0bc38e2

Please sign in to comment.