diff --git a/src/main/java/org/springframework/data/authentication/UserCredentials.java b/src/main/java/org/springframework/data/authentication/UserCredentials.java index 9d8c638f6..7532ab4ad 100644 --- a/src/main/java/org/springframework/data/authentication/UserCredentials.java +++ b/src/main/java/org/springframework/data/authentication/UserCredentials.java @@ -79,6 +79,47 @@ public class UserCredentials { return this.password != null; } + /** + * Returns the password in obfuscated fashion which means everthing except the first and last character replaced by + * stars. If the password is one or two characters long we'll obfuscate it entirely. + * + * @return the obfuscated password + */ + public String getObfuscatedPassword() { + + if (!hasPassword()) { + return null; + } + + StringBuilder builder = new StringBuilder(); + + if (password.length() < 3) { + + for (int i = password.length(); i != 0; i--) { + builder.append("*"); + } + + return builder.toString(); + } + + builder.append(password.charAt(0)); + + for (int i = password.length() - 2; i != 0; i--) { + builder.append("*"); + } + + return builder.append(password.substring(password.length() - 1)).toString(); + } + + /* + * (non-Javadoc) + * @see java.lang.Object#toString() + */ + @Override + public String toString() { + return String.format("username = [%s], password = [%s]", username, getObfuscatedPassword()); + } + /* * (non-Javadoc) * @see java.lang.Object#equals(java.lang.Object) diff --git a/src/test/java/org/springframework/data/authentication/UserCredentialsUnitTests.java b/src/test/java/org/springframework/data/authentication/UserCredentialsUnitTests.java index 978f845ef..3596f8185 100644 --- a/src/test/java/org/springframework/data/authentication/UserCredentialsUnitTests.java +++ b/src/test/java/org/springframework/data/authentication/UserCredentialsUnitTests.java @@ -74,4 +74,42 @@ public class UserCredentialsUnitTests { assertThat(credentials.hasPassword(), is(true)); assertThat(credentials.getPassword(), is("password")); } + + /** + * @see DATACMNS-275 + */ + + @Test + public void returnsNullForNotSetObfuscatedPassword() { + assertThat(new UserCredentials(null, null).getObfuscatedPassword(), is(nullValue())); + } + + /** + * @see DATACMNS-275 + */ + @Test + public void obfuscatesShortPasswordsEntirely() { + + assertThat(new UserCredentials(null, "sa").getObfuscatedPassword(), is("**")); + assertThat(new UserCredentials(null, "s").getObfuscatedPassword(), is("*")); + } + + /** + * @see DATACMNS-275 + */ + @Test + public void returnsObfuscatedPasswordCorrectly() { + assertThat(new UserCredentials(null, "password").getObfuscatedPassword(), is("p******d")); + } + + /** + * @see DATACMNS-275 + */ + @Test + public void toStringDoesNotExposePlainPassword() { + + UserCredentials credentials = new UserCredentials(null, "mypassword"); + assertThat(credentials.toString(), not(containsString(credentials.getPassword()))); + assertThat(credentials.toString(), containsString(credentials.getObfuscatedPassword())); + } }