From 46954ec610a27bf0145cf37bbd42e5246eb14a2d Mon Sep 17 00:00:00 2001 From: johnniang Date: Fri, 7 Jun 2019 10:50:08 +0800 Subject: [PATCH] Fix #185 Desensitize the old password while logging --- .../app/service/impl/UserServiceImpl.java | 2 +- .../java/run/halo/app/utils/HaloUtils.java | 38 +++++++++++++++++++ .../run/halo/app/utils/HaloUtilsTest.java | 35 +++++++++++++++++ 3 files changed, 74 insertions(+), 1 deletion(-) diff --git a/src/main/java/run/halo/app/service/impl/UserServiceImpl.java b/src/main/java/run/halo/app/service/impl/UserServiceImpl.java index 091cd22eb..96b49b401 100644 --- a/src/main/java/run/halo/app/service/impl/UserServiceImpl.java +++ b/src/main/java/run/halo/app/service/impl/UserServiceImpl.java @@ -124,7 +124,7 @@ public class UserServiceImpl extends AbstractCrudService implemen User updatedUser = update(user); // Log it - eventPublisher.publishEvent(new LogEvent(this, updatedUser.getId().toString(), LogType.PASSWORD_UPDATED, oldPassword)); + eventPublisher.publishEvent(new LogEvent(this, updatedUser.getId().toString(), LogType.PASSWORD_UPDATED, HaloUtils.desensitize(oldPassword, 2, 1))); return updatedUser; } diff --git a/src/main/java/run/halo/app/utils/HaloUtils.java b/src/main/java/run/halo/app/utils/HaloUtils.java index 93125eb49..37354f7c6 100755 --- a/src/main/java/run/halo/app/utils/HaloUtils.java +++ b/src/main/java/run/halo/app/utils/HaloUtils.java @@ -21,6 +21,44 @@ import static run.halo.app.model.support.HaloConst.FILE_SEPARATOR; @Slf4j public class HaloUtils { + /** + * Desensitizes the plain text. + * + * @param plainText plain text must not be null + * @param leftSize left size + * @param rightSize right size + * @return desensitization + */ + public static String desensitize(@NonNull String plainText, int leftSize, int rightSize) { + Assert.hasText(plainText, "Plain text must not be blank"); + + if (leftSize < 0) { + leftSize = 0; + } + + if (leftSize > plainText.length()) { + leftSize = plainText.length(); + } + + if (rightSize < 0) { + rightSize = 0; + } + + if (rightSize > plainText.length()) { + rightSize = plainText.length(); + } + + if (plainText.length() < leftSize + rightSize) { + rightSize = plainText.length() - leftSize; + } + + int remainSize = plainText.length() - rightSize - leftSize; + + String left = StringUtils.left(plainText, leftSize); + String right = StringUtils.right(plainText, rightSize); + return StringUtils.rightPad(left, remainSize + leftSize, '*') + right; + } + /** * Changes file separator to url separator. * diff --git a/src/test/java/run/halo/app/utils/HaloUtilsTest.java b/src/test/java/run/halo/app/utils/HaloUtilsTest.java index 7d207211e..302e6d335 100644 --- a/src/test/java/run/halo/app/utils/HaloUtilsTest.java +++ b/src/test/java/run/halo/app/utils/HaloUtilsTest.java @@ -1,5 +1,6 @@ package run.halo.app.utils; +import lombok.extern.slf4j.Slf4j; import org.apache.commons.lang3.RandomUtils; import org.junit.Test; @@ -14,6 +15,7 @@ import static org.junit.Assert.assertThat; * @author johnniang * @date 3/29/19 */ +@Slf4j public class HaloUtilsTest { @Test @@ -92,4 +94,37 @@ public class HaloUtilsTest { public void pluralizeLabelExceptionTest() { HaloUtils.pluralize(1, null, null); } + + @Test + public void desensitizeSuccessTest() { + String plainText = "12345678"; + + String desensitization = HaloUtils.desensitize(plainText, 1, 1); + assertThat(desensitization, equalTo("1******8")); + + desensitization = HaloUtils.desensitize(plainText, 2, 3); + assertThat(desensitization, equalTo("12***678")); + + desensitization = HaloUtils.desensitize(plainText, 2, 6); + assertThat(desensitization, equalTo("12345678")); + + desensitization = HaloUtils.desensitize(plainText, 2, 7); + assertThat(desensitization, equalTo("12345678")); + + desensitization = HaloUtils.desensitize(plainText, 0, 0); + assertThat(desensitization, equalTo("********")); + + desensitization = HaloUtils.desensitize(plainText, -1, -1); + assertThat(desensitization, equalTo("********")); + + plainText = " "; + desensitization = HaloUtils.desensitize(plainText, 1, 1); + assertThat(desensitization, equalTo("********")); + } + + @Test(expected = IllegalArgumentException.class) + public void desensitizeFailureTest() { + String plainText = " "; + HaloUtils.desensitize(plainText, 1, 1); + } }