Skip to content

Commit

Permalink
[hyperledger#5851] Add error messages on authentication failures with…
Browse files Browse the repository at this point in the history
… username and password (hyperledger#6212)

* Add error messages on authentication failures with username and password

Signed-off-by: David Lutzardo <jdlutzardo@izertis.com>

* Add a constant for the 'password'

Signed-off-by: David Lutzardo <jdlutzardo@izertis.com>

* Add test to check empty login and check response in body is not empty

Signed-off-by: David Lutzardo <jdlutzardo@izertis.com>

* Correct format (spotless)

Signed-off-by: David Lutzardo <jdlutzardo@izertis.com>

* Update ethereum/api/src/test/java/org/hyperledger/besu/ethereum/api/jsonrpc/JsonRpcHttpServiceLoginTest.java

Co-authored-by: Fabio Di Fabio <fabio.difabio@consensys.net>
Signed-off-by: David Lutzardo <jdlutzardo@izertis.com>

* Update ethereum/api/src/test/java/org/hyperledger/besu/ethereum/api/jsonrpc/JsonRpcHttpServiceLoginTest.java

Co-authored-by: Fabio Di Fabio <fabio.difabio@consensys.net>
Signed-off-by: David Lutzardo <jdlutzardo@izertis.com>

* Update JsonRpcHttpServiceLoginTest.java

use containsIgnoringCase

Signed-off-by: David Lutzardo <jdlutzardo@izertis.com>

* Add a CHANGELOG entry for PR 6212

Signed-off-by: David Lutzardo <jdlutzardo@izertis.com>

---------

Signed-off-by: David Lutzardo <jdlutzardo@izertis.com>
Co-authored-by: Fabio Di Fabio <fabio.difabio@consensys.net>
Signed-off-by: jflo <justin+github@florentine.us>
  • Loading branch information
2 people authored and jflo committed Dec 12, 2023
1 parent 003ad3f commit da7ed76
Show file tree
Hide file tree
Showing 3 changed files with 22 additions and 4 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@
- Add `rpc-gas-cap` to allow users to set gas limit to the RPC methods used to simulate transactions[#6156](https://github.com/hyperledger/besu/pull/6156)
- Fix the unavailability of `address` field when returning an `Account` entity on GraphQL in case of unreachable world state [#6198](https://github.com/hyperledger/besu/pull/6198)
- Update OpenJ9 Docker image to latest version [#6226](https://github.com/hyperledger/besu/pull/6226)
- Add error messages on authentication failures with username and password [#6212](https://github.com/hyperledger/besu/pull/6212)

### Bug fixes
- Fix Docker image name clash between Besu and evmtool [#6194](https://github.com/hyperledger/besu/pull/6194)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,7 @@
public class DefaultAuthenticationService implements AuthenticationService {

public static final String USERNAME = "username";
public static final String PASSWORD = "password";
private final JWTAuth jwtAuthProvider;
@VisibleForTesting public final JWTAuthOptions jwtAuthOptions;
private final Optional<AuthenticationProvider> credentialAuthProvider;
Expand Down Expand Up @@ -171,19 +172,21 @@ private void login(
final RoutingContext routingContext, final AuthenticationProvider credentialAuthProvider) {
final JsonObject requestBody = routingContext.body().asJsonObject();

if (requestBody == null) {
if (requestBody == null
|| requestBody.getValue(USERNAME) == null
|| requestBody.getValue(PASSWORD) == null) {
routingContext
.response()
.setStatusCode(HttpResponseStatus.BAD_REQUEST.code())
.setStatusMessage(HttpResponseStatus.BAD_REQUEST.reasonPhrase())
.end();
.end("Authentication failed: username and password are required.");
return;
}

// Check user
final JsonObject authParams = new JsonObject();
authParams.put(USERNAME, requestBody.getValue(USERNAME));
authParams.put("password", requestBody.getValue("password"));
authParams.put(PASSWORD, requestBody.getValue(PASSWORD));
final Credentials credentials = new UsernamePasswordCredentials(authParams);

credentialAuthProvider.authenticate(
Expand All @@ -194,7 +197,7 @@ private void login(
.response()
.setStatusCode(HttpResponseStatus.UNAUTHORIZED.code())
.setStatusMessage(HttpResponseStatus.UNAUTHORIZED.reasonPhrase())
.end();
.end("Authentication failed: the username or password is incorrect.");
} else {
final User user = r.result();

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -203,6 +203,18 @@ public static void shutdownServer() {
service.stop().join();
}

@Test
public void loginWithEmptyCredentials() throws IOException {
final RequestBody body = RequestBody.create("{}", JSON);
final Request request = new Request.Builder().post(body).url(baseUrl + "/login").build();
try (final Response resp = client.newCall(request).execute()) {
assertThat(resp.code()).isEqualTo(400);
assertThat(resp.message()).isEqualTo("Bad Request");
final String bodyString = resp.body().string();
assertThat(bodyString).containsIgnoringCase("username and password are required");
}
}

@Test
public void loginWithBadCredentials() throws IOException {
final RequestBody body =
Expand All @@ -211,6 +223,8 @@ public void loginWithBadCredentials() throws IOException {
try (final Response resp = client.newCall(request).execute()) {
assertThat(resp.code()).isEqualTo(401);
assertThat(resp.message()).isEqualTo("Unauthorized");
final String bodyString = resp.body().string();
assertThat(bodyString).containsIgnoringCase("the username or password is incorrect");
}
}

Expand Down

0 comments on commit da7ed76

Please sign in to comment.